crowdstrike-falconpy 0.2.2

The CrowdStrike Falcon API SDK for Python 3

FalconPy

The FalconPy SDK contains a collection of Python classes that abstract CrowdStrike Falcon OAuth2 API interaction, removing duplicative code and allowing developers to focus on just the logic of their solution requirements.

This SDK provides two distinct methods for interacting with CrowdStrike's Falcon OAuth2 APIs:

• Service classes, representing a single service collection, with methods defined for every available operation.
• The Uber class, which provides a single harness for interacting with the entire API, covering every available operation within every service collection.

Quick Install / Uninstall

Stable releases of FalconPy are available on PyPI:

$ python -m pip install crowdstrike-falconpy

If you'd like to try the absolute bleeding edge, an automated GitHub action releases a test package with every merged pull request. To install the testing version:

$ python -m pip install -i https://test.pypi.org/simple crowdstrike-falconpy

To uninstall/remove FalconPy:

$ python -m pip uninstall crowdstrike-falconpy

Service classes

OAuth2-Based API (CrowdStrike documentation, requires CrowdStrike customer login)	Code Location
CrowdStrike Device Control API	./src/falconpy/device_control_policies.py
CrowdStrike Falcon Sandbox API	./src/falconpy/falconx_sandbox.py
CrowdStrike Sensor Policy Management API	./src/falconpy/sensor_update_policy.py
CrowdStrike Custom Indicators of Compromose (IOCs) APIs	./src/falconpy/iocs.py
CrowdStrike Detections APIs	./src/falconpy/detects.py
CrowdStrike Event Streams API	./src/falconpy/event_streams.py
CrowdStrike Falcon Horizon APIs	Coming Soon
CrowdStrike Falon X APIs	Coming Soon
CrowdStrike Firewall Management API	./src/falconpy/firewall_management.py
CrowdStrike Firewall Policy Management	./src/falconpy/firewall_policies.py
CrowdStrike Host Groups API	./src/falconpy/host_group.py
CrowdStrike Hosts API	./src/falconpy/hosts.py
CrowdStrike Incident and Detection Monitoring APIs	./src/falconpy/incidents.py
CrowdStrike Installation Token APIs	Coming Soon
CrowdStrike Intel API	./src/falconpy/intel.py
CrowdStrike MalQuery API	Coming Soon
CrowdStrike OAuth2 Auth Token APIs	./src/falconpy/oauth2.py
CrowdStrike Prevention Policy APIs	./src/falconpy/prevention_policy.py
CrowdStrike Real Time Response (RTR) APIs	./src/falconpy/real_time_response.py
CrowdStrike Realtime Response (RTR) Administration API	./src/falconpy/real_time_response_admin.py
CrowdStrike Sensor Download APIs	Coming Soon
CrowdStrike Spotlight APIs	./src/falconpy/spotlight_vulnerabilities.py
CrowdStrike User and Roles API	./src/falconpy/user_management.py
Falcon Discover for Cloud and Containers - AWS Accounts APIs	./src/falconpy/cloud_connect_aws.py
Falcon Discover for Cloud and Containers - Azure Subscriptions APIs	Coming Soon
Falcon Discover for Cloud and Containers - GCP Projects APIs	Coming Soon

Uber class

• ./src/falconpy/api_complete.py - Provides an interface to all CrowdStrike APIs with a single handler.

Contributing

There are many ways you can contribute to the FalconPy project!

• Providing feedback by opening a GitHub ticket. Even a fly-by "Hey, this worked!" is appreciated and helps validate approaches. Ideas on improving the project are most welcome.
• Documenting, blogging, or creating videos, of how you've used FalconPy! This type of content is invaluable and helps communities grow. Open a pull request for inclusion in the Documentation and Collateral section.
• Fix a bug or implement a new feature. Check out our open issues on GitHub for inspiration.
• Review pull requests by going through the queue of open pull requests on GitHub and giving feedback to the authors

Open to do something else but not sure where to start? Try opening an issue and introducing yourself and your interests. We look forward to chatting with you!

Support & Community Forums

FalconPy is an open source project, not a formal CrowdStrike product, to assist developers implement CrowdStrike's APIs within their applications. As such it carries no formal support, express or implied.

:fire: Is something going wrong? :fire:
GitHub Issues are used to report bugs. Submit a ticket here:
https://github.com/CrowdStrike/falconpy/issues/new/choose

GitHub Discussions provide the community with means to communicate. There are four discussion categories:

• :speech_balloon: General : Catch all for general discussions.
• :bulb: Ideas: Have a suggestion for a feature request? Is there something the community or project could improve upon? Let us know here.
• :pray: Q&A: Have a question about how to accomplish something? A usability question? Submit them here!
• :raised_hands: Show and Tell: Share with the community what you're up to! Perhaps this is letting everyone know about your upcoming conference talk, share a project that has embedded FalconPy, or your recent blog.

Documentation & Collateral

Official Project Documentation

See the wiki for extended documentation: https://github.com/CrowdStrike/falconpy/wiki.

Videos (Tutorials, Trainings, Overviews)

Coming soon.

Conference Presentations

Coming soon.

Blogs/Articles/Prose

Coming soon.