crowdstrike-falconpy 0.4.6

The CrowdStrike Falcon OAuth2 API SDK for Python 3

FalconPy - The CrowdStrike Falcon SDK for Python 3

The FalconPy SDK contains a collection of Python classes that abstract CrowdStrike Falcon OAuth2 API interaction, removing duplicative code and allowing developers to focus on just the logic of their solution requirements.

This SDK provides two distinct methods for interacting with CrowdStrike's Falcon OAuth2 APIs:

• Service classes, representing a single service collection, with methods defined for every available operation.
• The Uber class, which provides a single harness for interacting with the entire API, covering every available operation within every service collection.

Installation & Removal

Stable releases of FalconPy are available on the Python Package Index:

python3 -m pip install crowdstrike-falconpy

If you'd like to try the absolute bleeding edge, an automated GitHub action releases a test package with every merged pull request containing the string [DEPLOY] in the head of the commit.

To install this testing version of the package, use the command:

python3 -m pip install -i https://test.pypi.org/simple crowdstrike-falconpy

To uninstall and remove FalconPy:

python3 -m pip uninstall crowdstrike-falconpy

Service classes

OAuth2-Based API (CrowdStrike documentation, requires CrowdStrike customer login)	Code Location
CrowdStrike Device Control API	device_control_policies.py
CrowdStrike Falcon Sandbox API	falconx_sandbox.py
CrowdStrike Sensor Policy Management API	sensor_update_policy.py
CrowdStrike Custom Indicators of Attack (IOAs) APIs	custom_ioa.py
CrowdStrike Custom Indicators of Compromise (IOCs) APIs	iocs.py
CrowdStrike Detections APIs	detects.py
CrowdStrike Event Streams API	event_streams.py
CrowdStrike Falcon Horizon APIs	cspm_registration.py
CrowdStrike Falcon X APIs	sample_uploads.py quick_scan.py
CrowdStrike Firewall Management API	firewall_management.py
CrowdStrike Firewall Policy Management	firewall_policies.py
CrowdStrike Falcon Flight Control APIs	mssp.py
CrowdStrike Host Groups API	host_group.py
CrowdStrike Hosts API	hosts.py
CrowdStrike Incident and Detection Monitoring APIs	incidents.py
CrowdStrike Installation Token APIs	Coming Soon
CrowdStrike Intel API	intel.py
CrowdStrike MalQuery API	Coming Soon
CrowdStrike OAuth2 Auth Token APIs	oauth2.py
CrowdStrike Prevention Policy APIs	prevention_policy.py
CrowdStrike Real Time Response (RTR) APIs	real_time_response.py
CrowdStrike Realtime Response (RTR) Administration API	real_time_response_admin.py
CrowdStrike Sensor Download APIs	sensor_download.py
CrowdStrike Spotlight APIs	spotlight_vulnerabilities.py
CrowdStrike User and Roles API	user_management.py
Falcon Discover for Cloud and Containers - AWS Accounts APIs	cloud_connect_aws.py
Falcon Discover for Cloud and Containers - Azure Subscriptions APIs	Coming Soon
Falcon Discover for Cloud and Containers - GCP Projects APIs	Coming Soon
CrowdStrike Falcon Zero Trust Assessment APIs	zero_trust_assessment.py

The Uber class

• api_complete.py - The Uber class provides an interface to all CrowdStrike APIs with a single handler. This solution supports communicating with API endpoints that do not have an available Service Class or are recently released.

Contributing

There are many ways you can contribute to the FalconPy project!

• Providing feedback by opening a GitHub ticket. Even a fly-by "Hey, this worked!" is appreciated and helps validate approaches. Ideas on improving the project are most welcome.
• Documenting, blogging, or creating videos, of how you've used FalconPy! This type of content is invaluable and helps communities grow. Open a pull request for inclusion in the Documentation and Collateral section.
• Fix a bug or implement a new feature. Check out our open issues on GitHub for inspiration.
• Review pull requests by going through the queue of open pull requests on GitHub and giving feedback to the authors

Review CONTRIBUTING.md for more details regarding contributing to the FalconPy project.

Open to do something else but not sure where to start? Try opening an issue, or posting a topic in our discussion board, to introduce yourself and your interests. We look forward to chatting with you!

Support & Community Forums

FalconPy is an open source project, not a formal CrowdStrike product, to assist developers implement CrowdStrike's APIs within their applications. As such it carries no formal support, express or implied.

Is something going wrong?
GitHub Issues are used to report bugs. Submit a ticket here:
https://github.com/CrowdStrike/falconpy/issues/new/choose

GitHub Discussions provide the community with means to communicate. There are four discussion categories:

• General : Catch all for general discussions.
• Ideas: Have a suggestion for a feature request? Is there something the community or project could improve upon? Let us know here.
• Q&A: Have a question about how to accomplish something? A usability question? Submit them here!
• Show and Tell: Share with the community what you're up to! Perhaps this is letting everyone know about your upcoming conference talk, share a project that has embedded FalconPy, or your recent blog.

Documentation and Collateral

Official Project Documentation

See the wiki for extended documentation: https://github.com/CrowdStrike/falconpy/wiki.

Videos (Tutorials, Trainings, Overviews)

Coming soon.

Conference Presentations

Blogs/Articles/Prose

Coming soon.