Version 1.3.3 - New Custom Storage, Foundry LogScale, Real Time Response Audit and Workflows service collections

.github/wordlist.txt

@@ -876,4 +876,27 @@ GetCombinedImages
 AggregateAlerts
 QueryAlertIdsByFilter
 URLEncoded
-aboese
+aboese
+ListObjects
+SearchObjects
+GetObject
+PutObject
+DeleteObject
+GetObjectMetadata
+WorkflowExecute
+WorkflowExecutionsAction
+WorkflowExecutionResults
+WorkflowSystemsDefinitionsDeProvision
+WorkflowSystemsDefinitionsPromote
+WorkflowSystemsDefinitionsProvision
+RTRAuditSessions
+LogScale
+ListReposV
+ListViewV
+IngestDataV
+CreateSavedSearchesDynamicExecuteV
+GetSavedSearchesExecuteV
+CreateSavedSearchesExecuteV
+CreateSavedSearchesIngestV
+GetSavedSearchesJobResultsDownloadV
+clobberer

CHANGELOG.md

@@ -1,3 +1,88 @@
+# Version 1.3.3
+## Added features and functionality
++ Added: Deprecation warnings for deprecated classes and operations. Closes #1055.
+    - `_endpoint/__init__.py`
+    - `_endpoint/deprecated/__init__.py`
+    - `_endpoint/deprecated/_mapping.py`
+    - `_error/__init__.py`
+    - `_error/_warnings.py`
+    - `_service_class/_service_class.py`
+    - `_util/__init__.py`
+    - `_util/_functions.py`
++ Added: New Custom Storage service collection.
+    - `__init__.py`
+    - `_endpoint/__init__.py`
+    - `_endpoint/_custom_storage.py`
+    - `_util/_functions.py`
+    - `custom_storage.py`
+    > Expanded unit testing to complete code coverage.
+    - `tests/test_custom_storage.py`
+    > The following new operations are provided by this service collection:
+    + _ListObjects_
+    + _SearchObjects_
+    + _GetObject_
+    + _PutObject_
+    + _DeleteObject_
+    + _GetObjectMetadata_
++ Added: New Workflows service collection.
+    - `__init__.py`
+    - `_endpoint/__init__.py`
+    - `_endpoint/_workflows.py`
+    - `_endpoint/_workflows.py`
+    - `_payload/__init__.py`
+    - `_payload/_generic.py`
+    - `_payload/_workflows.py`
+    - `workflows.py`
+    > Expanded unit testing to complete code coverage.
+    - `tests/test_workflows.py`
+    > The following new operations are provided by this service collection:
+    + _WorkflowExecute_
+    + _WorkflowExecutionsAction_
+    + _WorkflowExecutionResults_
+    + _WorkflowSystemsDefinitionsDeProvision_
+    + _WorkflowSystemsDefinitionsPromote_
+    + _WorkflowSystemsDefinitionsProvision_
++ Added: New Real Time Response Audit service collection.
+    - `__init__.py`
+    - `_endpoint/__init__.py`
+    - `_endpoint/_real_time_response_audit.py`
+    - `real_time_response_audit.py`
+    > Expanded unit testing to complete code coverage.
+    - `tests/test_real_time_response_audit.py`
+    > The following new operations are provided by this service collection:
+    + _RTRAuditSessions_
++ Added: New Foundry LogScale service collection.
+    - `__init__.py`
+    - `_endpoint/__init__.py`
+    - `_endpoint/_foundry_logscale.py`
+    - `_payload/__init__.py`
+    - `_payload/_foundry.py`
+    - `foundry_logscale.py`
+    > Expanded unit testing to complete code coverage.
+    - `tests/test_foundry_logscale.py`
+    > The following new operations are provided by this service collection:
+    + _ListReposV1_
+    + _ListViewV1_
+    + _IngestDataV1_
+    + _CreateSavedSearchesDynamicExecuteV1_
+    + _GetSavedSearchesExecuteV1_
+    + _CreateSavedSearchesExecuteV1_
+    + _CreateSavedSearchesIngestV1_
+    + _GetSavedSearchesJobResultsDownloadV1_
+
+## Issues resolved
++ Fixed: Error when trying to directly import falconpy module (no package installation). Closes #1056.
+    - `_auth_object/_falcon_interface.py`
+    - `_util/_functions.py`
+    - Thanks go out to @tsullivan06 for identifying and reporting this issue. 🙇
++ Fixed: Legacy Uber Class is not logging Operation ID in debug logs. Closes #1057.
+    - `api_complete/_legacy.py`
++ Fixed: Can not use `add-rule-group` and `remove-rule-group` actions with the __`performFirewallPoliciesAction`__ operation. Closes #1059.
+    - `firewall_policies.py`
+    - Thanks go out to @api-clobberer for identifying and reporting this issue. 🙇
+
+---
+
 # Version 1.3.2
 > This release resolves a breaking change introduced in Version 1.3.0. This issue presents itself when developers attempt to call the `authenticated` method directly from the `OAuth2` Service Class. Review issue #1043 for more detail.
 

README.md

@@ -81,7 +81,7 @@ For each CrowdStrike Falcon API service collection, a matching Service Class is
 | Device Control | [device_control_policies.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/device_control_policies.py) | [DeviceControlPolicies](https://www.falconpy.io/Service-Collections/Device-Control-Policies.html) |
 | Custom Indicators of Attack (IOAs) | [custom_ioa.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/custom_ioa.py) <br/> [ioa_exclusions.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/ioa_exclusions.py)| [CustomIOA](https://www.falconpy.io/Service-Collections/Custom-IOA.html)<BR/>[IOAExclusions](https://www.falconpy.io/Service-Collections/IOA-Exclusions.html) |
 | Detections | [detects.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/detects.py) | [Detects](https://www.falconpy.io/Service-Collections/Detects.html) |
-| Falcon Discover | [cloud_connect_aws.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/cloud_connect_aws.py)<BR/>[d4c_registration.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/d4c_registration.py)<BR/>[discover.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/discover.py) | [CloudConnectAWS](https://www.falconpy.io/Service-Collections/Cloud-Connect-AWS.html)<BR/>[D4CRegistration](https://www.falconpy.io/Service-Collections/D4C-Registration.html)<BR/>[Discover](https://www.falconpy.io/Service-Collections/Discover.html) |
+| Falcon Discover | [cloud_connect_aws.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/cloud_connect_aws.py) <small>(*Deprecated*)</small><BR/>[d4c_registration.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/d4c_registration.py) <small>(*Deprecated*)</small><BR/>[discover.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/discover.py) | [CloudConnectAWS](https://www.falconpy.io/Service-Collections/Cloud-Connect-AWS.html)<BR/>[D4CRegistration](https://www.falconpy.io/Service-Collections/D4C-Registration.html)<BR/>[Discover](https://www.falconpy.io/Service-Collections/Discover.html) |
 | Event Streams | [event_streams.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/event_streams.py) | [EventStreams](https://www.falconpy.io/Service-Collections/Event-Streams.html) |
 | Falcon Container | [falcon_container.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/falcon_container.py) | [FalconContainer](https://www.falconpy.io/Service-Collections/Falcon-Container.html) |
 | Falcon Horizon | [cspm_registration.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/cspm_registration.py) | [CSPMRegistration](https://www.falconpy.io/Service-Collections/CSPM-Registration.html) |
@@ -112,7 +112,7 @@ For each CrowdStrike Falcon API service collection, a matching Service Class is
 | Sensor Visibility Exclusions | [sensor_visibility_exclusions.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/sensor_visibility_exclusions.py) | [SensorVisibilityExclusions](https://www.falconpy.io/Service-Collections/Sensor-Visibility-Exclusions.html) |
 | Sensor Update Policy Management | [sensor_update_policy.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/sensor_update_policy.py) | [SensorUpdatePolicy](https://www.falconpy.io/Service-Collections/Sensor-Update-Policy.html) |
 | Spotlight | [spotlight_evaluation_logic.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/spotlight_evaluation_logic.py)<BR/>[spotlight_vulnerabilities.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/spotlight_vulnerabilities.py) | [SpotlightEvaluationLogic](https://www.falconpy.io/Service-Collections/Spotlight-Evaluation-Logic.html)<BR/>[SpotlightVulnerabilities](https://www.falconpy.io/Service-Collections/Spotlight-Vulnerabilities.html) |
-| __Falcon Intelligence__<BR/>Intel<BR/>IOC<BR/>IOCS<BR/>MalQuery<BR/>ODS (On Demand Scan)<BR/>Quick Scan<BR/>Recon<BR/>Sample Uploads<BR/>Sandbox | <BR/>[intel.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/intel.py)<br/>[ioc.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/ioc.py) <BR/> [iocs.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/iocs.py) <small>*Deprecated*</small><BR/>[malquery.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/malquery.py)<BR/>[ods.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/ods.py)<BR/>[quick_scan.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/quick_scan.py)<BR/>[recon.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/recon.py)<BR/>[sample_uploads.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/sample_uploads.py) <BR/> [falconx_sandbox.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/falconx_sandbox.py)| <BR/>[Intel](https://www.falconpy.io/Service-Collections/Intel.html)<BR/>[IOC](https://www.falconpy.io/Service-Collections/IOC.html)<BR/>[Iocs](https://www.falconpy.io/Service-Collections/IOCs.html)<BR/>[MalQuery](https://www.falconpy.io/Service-Collections/MalQuery.html)<BR/>[ODS](https://www.falconpy.io/Service-Collections/ODS.html)<BR/>[QuickScan](https://www.falconpy.io/Service-Collections/Quick-Scan.html)<BR/><a href="https://www.falconpy.io/Service-Collections/Recon.html" target="_blank">Recon</a><BR/>[SampleUploads](https://www.falconpy.io/Service-Collections/Sample-Uploads.html)<BR/>[FalconXSandbox](https://www.falconpy.io/Service-Collections/Falconx-Sandbox.html) |
+| __Falcon Intelligence__<BR/>Intel<BR/>IOC<BR/>IOCS<BR/>MalQuery<BR/>ODS (On Demand Scan)<BR/>Quick Scan<BR/>Recon<BR/>Sample Uploads<BR/>Sandbox | <BR/>[intel.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/intel.py)<br/>[ioc.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/ioc.py) <BR/> [iocs.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/iocs.py) <small>(*Deprecated*)</small><BR/>[malquery.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/malquery.py)<BR/>[ods.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/ods.py)<BR/>[quick_scan.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/quick_scan.py)<BR/>[recon.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/recon.py)<BR/>[sample_uploads.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/sample_uploads.py) <BR/> [falconx_sandbox.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/falconx_sandbox.py)| <BR/>[Intel](https://www.falconpy.io/Service-Collections/Intel.html)<BR/>[IOC](https://www.falconpy.io/Service-Collections/IOC.html)<BR/>[Iocs](https://www.falconpy.io/Service-Collections/IOCs.html)<BR/>[MalQuery](https://www.falconpy.io/Service-Collections/MalQuery.html)<BR/>[ODS](https://www.falconpy.io/Service-Collections/ODS.html)<BR/>[QuickScan](https://www.falconpy.io/Service-Collections/Quick-Scan.html)<BR/><a href="https://www.falconpy.io/Service-Collections/Recon.html" target="_blank">Recon</a><BR/>[SampleUploads](https://www.falconpy.io/Service-Collections/Sample-Uploads.html)<BR/>[FalconXSandbox](https://www.falconpy.io/Service-Collections/Falconx-Sandbox.html) |
 | User and Roles | [user_management.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/user_management.py) | [UserManagement](https://www.falconpy.io/Service-Collections/User-Management.html) |
 | Falcon Zero Trust Assessment | [zero_trust_assessment.py](https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/zero_trust_assessment.py) | [ZeroTrustAssessment](https://www.falconpy.io/Service-Collections/Zero-Trust-Assessment.html) |
 

src/falconpy/__init__.py

@@ -61,7 +61,10 @@
     NoAuthenticationMechanism,
     InvalidIndex,
     InvalidCredentialFormat,
-    UnnecessaryEncodingUsed
+    UnnecessaryEncodingUsed,
+    DeprecatedClass,
+    DeprecatedOperation,
+    SDKDeprecationWarning
     )
 from ._result import (
     Result,
@@ -90,6 +93,7 @@
 from .cloud_connect_aws import CloudConnectAWS
 from .cspm_registration import CSPMRegistration
 from .custom_ioa import CustomIOA
+from .custom_storage import CustomStorage
 from .d4c_registration import D4CRegistration
 from .detects import Detects
 from .device_control_policies import DeviceControlPolicies
@@ -102,6 +106,7 @@
 from .filevantage import FileVantage
 from .firewall_management import FirewallManagement
 from .firewall_policies import FirewallPolicies
+from .foundry_logscale import FoundryLogScale
 from .host_group import HostGroup
 from .hosts import Hosts
 from .identity_protection import IdentityProtection
@@ -124,6 +129,7 @@
 from .quarantine import Quarantine
 from .quick_scan import QuickScan
 from .real_time_response_admin import RealTimeResponseAdmin
+from .real_time_response_audit import RealTimeResponseAudit
 from .real_time_response import RealTimeResponse
 from .recon import Recon
 from .report_executions import ReportExecutions
@@ -137,6 +143,7 @@
 from .spotlight_evaluation_logic import SpotlightEvaluationLogic
 from .tailored_intelligence import TailoredIntelligence
 from .user_management import UserManagement
+from .workflows import Workflows
 from .zero_trust_assessment import ZeroTrustAssessment
 
 __version__ = _VERSION
@@ -173,7 +180,9 @@
     "RequestPayloads", "RequestValidator", "PayloadValidationError", "MIN_TOKEN_RENEW_WINDOW",
     "MAX_TOKEN_RENEW_WINDOW", "GLOBAL_API_MAX_RETURN", "MOCK_OPERATIONS", "CloudSnapshots",
     "NoAuthenticationMechanism", "InvalidIndex", "version", "InvalidCredentialFormat",
-    "UnnecessaryEncodingUsed", "APIHarnessV2"
+    "UnnecessaryEncodingUsed", "APIHarnessV2", "CustomStorage", "FoundryLogScale",
+    "RealTimeResponseAudit", "Workflows", "DeprecatedClass", "DeprecatedOperation",
+    "SDKDeprecationWarning"
     ]
 """
 This is free and unencumbered software released into the public domain.

src/falconpy/_auth_object/_falcon_interface.py

@@ -44,7 +44,7 @@
 from json import loads
 try:
     from simplejson import JSONDecodeError
-except ImportError:
+except (ImportError, ModuleNotFoundError):  # Support import as a module
     from json.decoder import JSONDecodeError
 from logging import Logger, getLogger
 from typing import Dict, Optional, Union

src/falconpy/_constant/__init__.py

@@ -45,7 +45,8 @@
 PREFER_IDS_IN_BODY: List[str] = [
     "GetDeviceDetails", "PostDeviceDetailsV2", "GetVulnerabilities", "GetIntelIndicatorEntities",
     "getChildrenV2", "cancel-scans", "GetDetectSummaries", "UpdateQuarantinedDetectsByIds",
-    "GetQuarantineFiles", "PostEntitiesAlertsV1"
+    "GetQuarantineFiles", "PostEntitiesAlertsV1", "CreateSavedSearchesDeployV1",
+    "WorkflowExecutionsAction"
 ]
 MOCK_OPERATIONS: List[str] = [
     "GetImageAssessmentReport", "DeleteImageDetails", "ImageMatchesPolicy"

src/falconpy/_endpoint/__init__.py

@@ -36,12 +36,15 @@
 from .deprecated import _report_executions_deprecated
 from .deprecated import _scheduled_reports_deprecated
 from .deprecated import _zero_trust_assessment_deprecated
+from .deprecated import _deprecated_operation_mapping
+from .deprecated import _deprecated_class_mapping
 
 from ._alerts import _alerts_endpoints
 from ._cloud_connect_aws import _cloud_connect_aws_endpoints
 from ._cloud_snapshots import _cloud_snapshot_endpoints
 from ._cspm_registration import _cspm_registration_endpoints
 from ._custom_ioa import _custom_ioa_endpoints
+from ._custom_storage import _custom_storage_endpoints
 from ._d4c_registration import _d4c_registration_endpoints
 from ._detects import _detects_endpoints
 from ._device_control_policies import _device_control_policies_endpoints
@@ -53,6 +56,7 @@
 from ._filevantage import _filevantage_endpoints
 from ._firewall_management import _firewall_management_endpoints
 from ._firewall_policies import _firewall_policies_endpoints
+from ._foundry_logscale import _foundry_logscale_endpoints
 from ._host_group import _host_group_endpoints
 from ._hosts import _hosts_endpoints
 from ._identity_protection import _identity_protection_endpoints
@@ -76,6 +80,7 @@
 from ._quick_scan import _quick_scan_endpoints
 from ._real_time_response import _real_time_response_endpoints
 from ._real_time_response_admin import _real_time_response_admin_endpoints
+from ._real_time_response_audit import _real_time_response_audit_endpoints
 from ._recon import _recon_endpoints
 from ._report_executions import _report_executions_endpoints
 from ._response_policies import _response_policies_endpoints
@@ -88,6 +93,7 @@
 from ._spotlight_vulnerabilities import _spotlight_vulnerabilities_endpoints
 from ._tailored_intelligence import _tailored_intelligence_endpoints
 from ._user_management import _user_management_endpoints
+from ._workflows import _workflows_endpoints
 from ._zero_trust_assessment import _zero_trust_assessment_endpoints
 
 api_endpoints: List[Any] = []
@@ -96,6 +102,7 @@
 api_endpoints.extend(_cloud_snapshot_endpoints)
 api_endpoints.extend(_cspm_registration_endpoints)
 api_endpoints.extend(_custom_ioa_endpoints)
+api_endpoints.extend(_custom_storage_endpoints)
 api_endpoints.extend(_d4c_registration_endpoints)
 api_endpoints.extend(_detects_endpoints)
 api_endpoints.extend(_device_control_policies_endpoints)
@@ -107,6 +114,7 @@
 api_endpoints.extend(_filevantage_endpoints)
 api_endpoints.extend(_firewall_management_endpoints)
 api_endpoints.extend(_firewall_policies_endpoints)
+api_endpoints.extend(_foundry_logscale_endpoints)
 api_endpoints.extend(_host_group_endpoints)
 api_endpoints.extend(_hosts_endpoints)
 api_endpoints.extend(_identity_protection_endpoints)
@@ -130,6 +138,7 @@
 api_endpoints.extend(_quick_scan_endpoints)
 api_endpoints.extend(_real_time_response_endpoints)
 api_endpoints.extend(_real_time_response_admin_endpoints)
+api_endpoints.extend(_real_time_response_audit_endpoints)
 api_endpoints.extend(_recon_endpoints)
 api_endpoints.extend(_report_executions_endpoints)
 api_endpoints.extend(_response_policies_endpoints)
@@ -142,6 +151,7 @@
 api_endpoints.extend(_spotlight_vulnerabilities_endpoints)
 api_endpoints.extend(_tailored_intelligence_endpoints)
 api_endpoints.extend(_user_management_endpoints)
+api_endpoints.extend(_workflows_endpoints)
 api_endpoints.extend(_zero_trust_assessment_endpoints)
 
 # Deprecated endpoints
@@ -163,5 +173,9 @@
 deprecated_endpoints.extend(_scheduled_reports_deprecated)
 deprecated_endpoints.extend(_zero_trust_assessment_deprecated)
 
+# Mapping of manually deprecated endpoints
+operation_deprecation_mapping = _deprecated_operation_mapping
+class_deprecation_mapping = _deprecated_class_mapping
+
 # api_endpoints contains all endpoints, production and deprecated
 api_endpoints.extend(deprecated_endpoints)