CHANGELOG
Version 1.6.0
Other
Dropped: Support for Python version
3.7. Developers using this version of Python should pin to versions below1.6.0.Unit testing adjusted to reflect supported versions.
.github/workflows/unit_testing_ubuntu.ymlpyproject.tomlREADME.mdSECURITY.md
Version 1.5.5
Added features and functionality
Added: Added "SPL", "AI translated" and "all" as allowed values for the
languageargument in the GetArchiveExport operation within the CAO Hunting service collection._endpoint/_cao_hunting.pycao_hunting.py
Added: Added
include_translated_contentargument to the GetIntelligenceQueries operation within the CAO Hunting service collection._endpoint/_cao_hunting.pycao_hunting.py
Added: Added three new operations to the CAO Hunting service collection.
AggregateHuntingGuides
GetHuntingGuides
SearchHuntingGuides
_endpoint/_cao_hunting.pycao_hunting.py
Unit testing expanded to complete code coverage.
tests/test_cao_hunting.py
Added: Added the new Case Management service collection with 48 operations.
aggregates_file_details_post_v1
combined_file_details_get_v1
entities_file_details_get_v1
entities_file_details_patch_v1
entities_files_bulk_download_post_v1
entities_files_download_get_v1
entities_files_upload_post_v1
entities_files_delete_v1
queries_file_details_get_v1
aggregates_notification_groups_post_v1
aggregates_notification_groups_post_v2
aggregates_slas_post_v1
aggregates_templates_post_v1
entities_fields_get_v1
entities_notification_groups_get_v1
entities_notification_groups_post_v1
entities_notification_groups_patch_v1
entities_notification_groups_delete_v1
entities_notification_groups_get_v2
entities_notification_groups_post_v2
entities_notification_groups_patch_v2
entities_notification_groups_delete_v2
entities_slas_get_v1
entities_slas_post_v1
entities_slas_patch_v1
entities_slas_delete_v1
entities_template_snapshots_get_v1
entities_templates_export_get_v1
entities_templates_import_post_v1
entities_templates_get_v1
entities_templates_post_v1
entities_templates_patch_v1
entities_templates_delete_v1
queries_fields_get_v1
queries_notification_groups_get_v1
queries_notification_groups_get_v2
queries_slas_get_v1
queries_template_snapshots_get_v1
queries_templates_get_v1
entities_alert_evidence_post_v1
entities_case_tags_post_v1
entities_case_tags_delete_v1
entities_cases_put_v2
entities_cases_post_v2
entities_cases_patch_v2
entities_event_evidence_post_v1
queries_cases_get_v1
_endpoint/__init__.py_endpoint/_case_management.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_case_management.py_payload/__init__.py_payload/_case_management.py__init__.pycase_management.py
Unit testing expanded to complete code coverage.
tests/test_case_management.py
Added: Added two new operations to the Cloud AWS Registration service collection.
cloud_registration_aws_trigger_health_check
cloud_registration_aws_validate_accounts
_endpoint/_cloud_aws_registration.py_endpoint/deprecated/_cloud_aws_registration.pycloud_aws_registration.py
Unit testing expanded to complete code coverage.
tests/test_cloud_aws_registration.py
Added: Added new cloud_registration_azure_trigger_health_check operation to the Cloud Azure Registration service collection.
_endpoint/_cloud_azure_registration.py_endpoint/deprecated/_cloud_azure_registration.pycloud_azure_registration.py
Unit testing expanded to complete code coverage.
tests/test_cloud_azure_registration.py
Added: Added two new operations to the Cloud Azure Registration service collection.
cloud_registration_azure_delete_legacy_subscription
cloud_registration_azure_validate_registration
_endpoint/_cloud_azure_registration.py_endpoint/deprecated/_cloud_azure_registration.py_payload/__init__.py_payload/_cloud_azure_registration.pycloud_azure_registration.py
Unit testing expanded to complete code coverage.
tests/test_cloud_azure_registration.py
Added: Added the new Cloud Google Cloud Registration service collection with 6 operations.
cloud_registration_gcp_trigger_health_check
cloud_registration_gcp_get_registration
cloud_registration_gcp_put_registration
cloud_registration_gcp_create_registration
cloud_registration_gcp_update_registration
cloud_registration_gcp_delete_registration
_endpoint/__init__.py_endpoint/_cloud_google_cloud_registration.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_cloud_google_cloud_registration.py_payload/__init__.py_payload/_cloud_google_cloud_registration.py__init__.pycloud_google_cloud_registration.py
Unit testing expanded to complete code coverage.
tests/test_cloud_google_cloud_registration.py
Added: Added the new Cloud Security Compliance service collection with 2 operations.
cloud_compliance_framework_posture_summaries
cloud_compliance_rule_posture_summaries
_endpoint/__init__.py_endpoint/_cloud_security_compliance.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_cloud_security_compliance.py__init__.pycloud_security_compliance.py
Unit testing expanded to complete code coverage.
tests/test_cloud_security_compliance.py
Added: Added the new Cloud Security Detections service collection with 2 operations.
cspm_evaluations_iom_entities
cspm_evaluations_iom_queries
_endpoint/__init__.py_endpoint/_cloud_security_detections.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_cloud_security_detections.py__init__.pycloud_security_detections.py
Unit testing expanded to complete code coverage.
tests/test_cloud_security_detections.py
Added: Added the new Cloud Policies service collection with 24 operations.
ReplaceControlRules
GetComplianceControls
CreateComplianceControl
UpdateComplianceControl
DeleteComplianceControl
RenameSectionComplianceFramework
GetComplianceFrameworks
CreateComplianceFramework
UpdateComplianceFramework
DeleteComplianceFramework
GetEvaluationResult
GetRuleOverride
CreateRuleOverride
UpdateRuleOverride
DeleteRuleOverride
GetRule
CreateRule
UpdateRule
DeleteRuleMixin0
QueryComplianceControls
QueryComplianceFrameworks
QueryRule
GetRuleInputSchema
GetEnrichedAsset
_endpoint/__init__.py_endpoint/_cloud_policies.py_payload/__init__.py_payload/_cloud_policies.py__init__.pycloud_policies.py
Unit testing expanded to complete code coverage.
tests/test_cloud_policies.py
Added: Added the new Cloud Security service collection with 7 operations.
combined_cloud_risks
ListCloudGroupsExternal
ListCloudGroupsByIDExternal
CreateCloudGroupExternal
UpdateCloudGroupExternal
DeleteCloudGroupsExternal
ListCloudGroupIDsExternal
_endpoint/__init__.py_endpoint/_cloud_security.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_cloud_security.py_payload/__init__.py_payload/_cloud_security__init__.pycloud_security.py
Unit testing expanded to complete code coverage.
tests/test_cloud_security.py
Added: Added new filter option (
control.extension.status) as an allowed value to the cloud_security_assets_combined_compliance_by_account operation within the Cloud Security Assets service collection._endpoint/_cloud_security_assets.py_endpoint/deprecated/_cloud_security_assets.pycloud_security_assets.py
Updated: Removed three options (
application_security.business_applications,application_security.business_criticalityandapplication_security.service_names) and added 7 options (control.benchmark.name,control.benchmark.version,control.framework,control.requirement,control.type,control.version, andnon_compliant.rule_name) as allowed filters in the cloud_security_assets_queries operation within the Cloud Security Assets service collection._endpoint/_cloud_security_assets.py_endpoint/deprecated/_cloud_security_assets.pycloud_security_assets.py
Added: Added new filter and sort options as an allowed value to the cloud_security_assets_queries operation within the Cloud Security Assets service collection.
aspm.deployment_cloud_resource_id
aspm.deployment_provider
aspm.deployment_type
aspm.technologies
_endpoint/_cloud_security_assets.py_endpoint/deprecated/_cloud_security_assets.pycloud_security_assets.py
Added: Added one new operation to the Cloud Security Assets service collection.
cloud_security_assets_combined_application_findings
_endpoint/_cloud_security_assets.py_endpoint/deprecated/_cloud_security_assets.pycloud_security_assets.py
Unit testing expanded to complete code coverage.
tests/test_cloud_security_assets.py
Added: Added new Cloud Security Compliance service collection with 2 new operations.
_endpoint/__init__.py_endpoint/_cloud_security_compliance.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_cloud_security_compliance.py__init__.pycloud_security_compliance.py
Unit testing expanded to complete code coverage.
tests/test_cloud_security_compliance.py
Added: Added new CombinedDetections operation to the Cloud Snapshots service collection.
_endpoint/_cloud_snapshots.pycloud_snapshots.py
Unit testing expanded to complete code coverage.
tests/test_cloud_snapshots.py
Added: Added the new Correlation Rules Admin service collection with 1 operation.
entities_rules_ownership_put_v1
_endpoint/__init__.py_endpoint/_correlation_rules_admin.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_correlation_rules_admin.py_payload/__init__.py_payload/_correlation_rules_admin.py__init__.pycorrelation_rules_admin.py
Unit testing expanded to complete code coverage.
tests/test_correlation_rules_admin.py
Added: Added
dspm_host_account_id,dspm_host_integration_role_name, anddspm_host_scanner_role_namearguments to the GetD4CAWSAccountScriptsAttachment operation within the D4C Registration service collection._endpoint/_d4c_registration.pyd4c_registration.py
Updated: Adjusted the operation GetD4CAWSAccountScriptsAttachment within the D4C Registration service class to align with new endpoint parameters.
_endpoint/_d4c_registration.pyd4c_registration.py
Unit testing expanded to complete code coverage.
tests/test_d4c_registration.py
Added: Added the new Data Protection Configuration service collection with 36 operations.
entities_classification_get_v2
entities_classification_post_v2
entities_classification_patch_v2
entities_classification_delete_v2
entities_cloud_application_get
entities_cloud_application_create
entities_cloud_application_patch
entities_cloud_application_delete
entities_content_pattern_get
entities_content_pattern_create
entities_content_pattern_patch
entities_content_pattern_delete
entities_enterprise_account_get
entities_enterprise_account_create
entities_enterprise_account_patch
entities_enterprise_account_delete
entities_file_type_get
entities_sensitivity_label_get_v2
entities_sensitivity_label_create_v2
entities_sensitivity_label_delete_v2
entities_policy_get_v2
entities_policy_post_v2
entities_policy_patch_v2
entities_policy_delete_v2
entities_web_location_get_v2
entities_web_location_create_v2
entities_web_location_patch_v2
entities_web_location_delete_v2
queries_classification_get_v2
queries_cloud_application_get_v2
queries_content_pattern_get_v2
queries_enterprise_account_get_v2
queries_file_type_get_v2
queries_sensitivity_label_get_v2
queries_policy_get_v2
queries_web_location_get_v2
_endpoint/__init__.py_endpoint/_data_protection_configuration.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_data_protection_configuration.py_payload/__init__.py_payload/_data_protection_configuration.py__init__.pydata_protection_configuration.py
Unit testing expanded to complete code coverage.
tests/test_data_protection_configuration.py
Added: Added
facetargument to the combined_applications operation within the Discover service collection._endpoint/_discover.py_endpoint/deprecated/_discover.pydiscover.py
Added: Added "scan_details.scan_id", "scan_details.schedule_id", "scan_details.scan_date", and "vulnerability_assessment_date" as allowed values for the
filterargument in the combined_hosts and query_hosts operations within the Discover service collection._endpoint/_discover.py_endpoint/deprecated/_discover.pydiscover.py
Added: Added FetchFilesDownloadInfo operation to the Downloads service collection. Deprecated DownloadFile and EnumerateFile.
_endpoint/_downloads.pydownloads.py
Unit testing expanded to complete code coverage.
tests/test_downloads.py
Added: Added one new operation to the Downloads service collection.
FetchFilesDownloadInfoV2
_endpoint/_downloads.pydownloads.py
Unit testing expanded to complete code coverage.
tests/test_downloads.py
Added: Added PolicyChecks, GetReportByReference and GetReportByScanID operations to the Falcon Container service collection.
_endpoint/_falcon_container.py_util/_functions.py_util/_uber.pyfalcon_container.py
Unit testing expanded to complete code coverage.
tests/test_falcon_container.py
Updated: Removed one resource option (
network.events) from the resource parameter to the LaunchExportJob operation in the Falcon Container service collection._endpoint/_falcon_container.pyfalcon_container.py
Added: Added "add-rule-group" and "remove-rule-group" as allowed values for the
action_nameargument in the performFirewallPoliciesAction operation within the FirewallPolicies Service Class.firewall_policies.py
Updated: Added 9 possible values for the
sortargument in the CombinedHiddenDevicesByFilter and CombinedDevicesByFilter operations within the Hosts service collection.device_policies.exposure-management.applied
device_policies.exposure-management.policy_id
device_policies.exposure-management.policy_type
device_policies.logscale-collector.applied
device_policies.logscale-collector.policy_id
device_policies.logscale-collector.policy_type
device_policies.cloud-ml.policy_id
device_policies.cloud-ml.policy_type
device_policies.cloud-ml.applied
_endpoint/_hosts.pyhosts.py
Added: Added
limit,fromandtoarguments to the QueryDeviceLoginHistoryV2 operation within the Hosts service collection._endpoint/_hosts.pyhosts.py
Added: Added new filter and sort options to the CombinedDevicesByFilter and CombinedHiddenDevicesByFilter operations within the Hosts service collection.
device_policies.fem-browser-extension-control.applied
device_policies.fem-browser-extension-control.policy_type
device_policies.fem-browser-extension-control.policy_id
_endpoint/_hosts.pyhosts.py
Added: Added "reports.slug" as an allowed
filtervalue to the QueryIntelIndicatorEntities and QueryIntelIndicatorIds operations within the Intel service collection._endpoint/_intel.pyintel.py
Added: Added "summary" as an allowed
filtervalue to the QueryIntelReportEntities and QueryIntelReportIds operations within the Intel service collection._endpoint/_intel.pyintel.py
Added: Added "any" as an allowed
feed_intervalvalue to the QueryFeedArchives operation within the Intelligence Feeds service collection._endpoint/_intelligence_feeds.pyintelligence_feeds.py
Added: Added 21 new filter options to the SearchIndicators operation within the Intelligence Indicator Graph service collection.
Type
LastUpdated
KillChain
MaliciousConfidence
MaliciousConfidenceValidatedTime
FirstSeen
LastSeen
Adversaries.Name
Adversaries.Slug
Reports.Title
Reports.Slug
Threats.FamilyName
Vulnerabilities.CVE
Sectors.Name
FileDetails.SHA256
FileDetails.SHA1
FileDetails.MD5
DomainDetails.Detail
IPv4Details.IPv4
IPv6Details.IPv6
URLDetails.URL
_endpoint/_intelligence_indicator_graph.pyintelligence_indicator_graph.py
Added: Added 5 new operations to the IT Automation service collection.
ITAutomationSearchUserGroup
ITAutomationGetUserGroup
ITAutomationCreateUserGroup
ITAutomationUpdateUserGroup
ITAutomationDeleteUserGroup
_endpoint/_it_automation.py_payload/__init__.py_payload/_it_automation.pyit_automation.py
Unit testing expanded to complete code coverage.
tests/test_it_automation.py
Added: Added "namespace" and "pod_name" as allowed
filtervalues in the ReadClustersByKubernetesVersionCount, ReadClustersByStatusCount, ReadClusterCount, ReadClusterCombined, and ReadClusterCombinedV2 operations within the Kubernetes Protection service collection._endpoint/_kubernetes_protection.pykubernetes_protection.py
Added: Added the operation PostSearchKubernetesIOMEntities to the Kubernetes Protection service collection.
_endpoint/_kubernetes_protection.pykubernetes_protection.py
Unit testing expanded to complete code coverage.
tests/test_kubernetes_protection.py
Added: Added 22 new operations to the NGSIEM service collection.
GetDashboardTemplate
CreateDashboardFromTemplate
UpdateDashboardFromTemplate
DeleteDashboard
GetLookupFile
CreateLookupFile
UpdateLookupFile
DeleteLookupFile
GetParserTemplate
CreateParserFromTemplate
GetParser
CreateParser
UpdateParser
DeleteParser
GetSavedQueryTemplate
CreateSavedQuery
UpdateSavedQueryFromTemplate
DeleteSavedQuery
ListDashboards
ListLookupFiles
ListParsers
ListSavedQueries
_endpoint/_ngsiem.py_payload/__init__.py_payload/_ngsiem.pyngsiem.py
Unit testing expanded to complete code coverage.
tests/test_dashboard.ymltests/test_ngsiem.py
Added: Added new filter and sort options (
description,aspm.description.keyword) as an allowed value to the query_scheduled_scans and query_scans operations within the On Demand Scan service collection._endpoint/_ods.py_endpoint/deprecated/_ods.pyods.py
Added: Added the
file_nameargument to the UploadFileQuickScanPro operation within the Quick Scan Pro service collection._endpoint/_quick_scan_pro.py
Added: Added three new operations to the Real Time Response Admin service collection.
RTR_CreatePut_FilesV2
RTR_CreateScriptsV2
RTR_UpdateScriptsV2
_endpoint/_real_time_response_admin.py_endpoint/deprecated/_real_time_response_admin.pyreal_time_response_admin.py
Unit testing expanded to complete code coverage.
tests/test_real_time_response_admin.py
Added: Added 4 new filter and sort options to the QueryRulesV1 operation within the Recon service collection.
permissions
priority
template_priority
topic
_endpoint/_recon.pyrecon.py
Added: Added the new SaaS Security service collection with 24 operations.
GetMetricsV3
GetAlertsV3
GetAppInventoryUsers
GetAppInventory
GetSecurityCheckAffectedV3
DismissAffectedEntityV3
DismissSecurityCheckV3
GetSecurityChecksV3
GetSecurityCheckComplianceV3
IntegrationBuilderEndTransactionV3
IntegrationBuilderResetV3
IntegrationBuilderGetStatusV3
IntegrationBuilderUploadV3
GetAssetInventoryV3
GetDeviceInventoryV3
GetIntegrationsV3
GetActivityMonitorV3
GetSupportedSaasV3
GetSystemLogsV3
GetSystemUsersV3
GetUserInventoryV3
_endpoint/__init__.py_endpoint/_saas_security.py__init__.pysaas_security.py
Unit testing expanded to complete code coverage.
tests/test_saas_security.py
Added: Added new GetSensorUsageHourly operation to the Sensor Usage service collection.
_endpoint/_sensor_usage.pysensor_usage.py
Unit testing expanded to complete code coverage.
tests/test_sensor_usage.py
Thanks go out to @atav982 for submitting this update! 🙇
Added: Added the new Spotlight Vulnerability Metadata service collection with 1 operation.
combineVulnMetadataExt
_endpoint/__init__.py_endpoint/_spotlight_vulnerability_metadata.py__init__.pyspotlight_vulnerability_metadata.py
Unit testing expanded to complete code coverage.
tests/test_spotlight_vulnerability_metadata.py
Added: Added "uuid" as an allowed
filtervalue in the queryUserV1 operation within the User Management service collection._endpoint/_user_management.pyuser_management.py
Updated: Added the entitiesRolesGETV2 operation and deprecated the entitiesRolesV1 operation within the User Management service collection.
_endpoint/_user_management.pyuser_management.py
Unit testing expanded to complete code coverage.
tests/test_user_management.py
Added: Added new WorkflowDefinitionsStatus operation to the Workflows service class.
_constant/__init__.py_endpoint/_workflows.pyworkflows.py
Unit testing expanded to complete code coverage.
tests/test_workflows.pySpecial thanks go out to @dweissbacher for contributing this update and related unit tests! 🙇
Added: Added "cancel" as an allowed value for
action_namein the WorkflowExecutionsAction operation within the Workflows service collection._endpoint/_workflows.py
Added: Added
skip_validationandignore_activity_mock_referencesarguments to the WorkflowMockExecute operation within the Workflows service collection._endpoint/_workflows.pyworkflows.py
Added: Added the child_login and child_logout helper methods to the authentication object and implemented aliases for Service Classes. This method allows login using existing parent credentials to a child tenant by providing the
member_cidargument only._auth_object/_falcon_interface.py_service_class/_service_class.py
Unit testing expanded to complete code coverage.
tests/test_authentications.py
Issues resolved
Fixed: Resolved path interpolation issue for the
search_idkeyword when using the Uber Class to call the GetSearchStatusV1 operation. Closes #1365._util/_uber.pyThanks go out to @yakeeliuliu for reporting this issue! 🙇
Fixed: Resolved body payload generation issue with the userActionV1 operation within the UserManagement service class.
user_management.py
Fixed: Resolved availability issue with FDR service collection endpoints within the endpoint module. Closes #1371.
_endpoint/__init__.py
Thanks go out to @Don-Swanson-Adobe for reporting this issue! 🙇
Fixed: Body payload issue with the userActionV1 operation within the User Management service class.
user_management.py
Thanks go out to @Matth3wW for identifying and resolving this issue! 🙇
Other
Removed: Removed two operations from the ASPM service collection.
GetCSPMInventoryBAServices
GetCSPMInventoryServiceDetails
_endpoint/_aspm.pyaspm.py
Unit testing adjusted to complete code coverage.
tests/test_aspm.py
Updated: Cosmetic updates to operation descriptions for the GetIntelligenceQueries and SearchIntelligenceQueries operations within the CAO Hunting service collection.
_endpoint/_cao_hunting.py
Updated: Converted
offsetargument data type from String to Integer in the QueryActivityByCaseID and QueryCasesIdsByFilter operations within the Message Center service collection._endpoint/_message_center.pymessage_center.py
Updated: Cosmetic updates to parameter descriptions in the cloud_security_registration_oci_get_account operation within the Cloud OCI Registration service collection.
_endpoint/_cloud_oci_registration.py_endpoint/deprecated/_cloud_oci_registration.py
Updated: Cosmetic update to parameter descriptions in the SearchAndReadContainerAlerts operation within the Container Alerts service collection.
_endpoint/_container_alerts.py
Updated: Cosmetic update adding "image_digest" as an allowed value to the
filterargument description in the ReadDetectsCountBySeverity, ReadDetectionsCountByType, ReadDetectionsCount, ReadCombinedDetections, ReadDetections, and SearchDetections operations within the Container Detections service collection._endpoint/_container_detections.py
Updated: Cosmetic update to the
limitandoffsetdescriptions in the ReadCombinedDetections, GetRuntimeDetectionsCombinedV2, ReadDetections, and SearchDetections operations within the Container Detections service collection._endpoint/_container_detections.py
Updated: Cosmetic update to operation and parameter descriptions in the GetCombinedImages, CombinedImageDetail, and ReadCombinedImagesExport operations within the Container Images service collection.
_endpoint/_container_images.py
Updated: Cosmetic update to operation and parameter descriptions in the ReadPackagesByFixableVulnCount, ReadPackagesByVulnCount, ReadPackagesCombinedExport, ReadPackagesCombined, and ReadPackagesCombinedV2 operations within the Container Packages service collection.
_endpoint/_container_packages.py
Updated: Cosmetic update to operation and parameter descriptions in the ReadVulnerabilityCountByActivelyExploited, ReadVulnerabilityCountByCPSRating, ReadVulnerabilityCountByCVSSScore, ReadVulnerabilityCountBySeverity, ReadVulnerabilityCount, ReadVulnerabilitiesByImageCount, ReadVulnerabilitiesPublicationDate, ReadCombinedVulnerabilitiesDetails, ReadCombinedVulnerabilitiesInfo, and ReadCombinedVulnerabilities operations within the Container Vulnerabilities service collection.
_endpoint/_container_vulnerabilities.py
Deprecated: Deprecated the Detects service collection and all included endpoints. Closes #1378.
_endpoint/_detects.py_endpoint/deprecated/_mapping.pydetects.py
Thanks go out to @djacquensf9 for reporting this update! 🙇
Updated: Cosmetic update to the
limitandoffsetdescriptions in the SearchAndReadDriftIndicatorEntities and SearchDriftIndicators operations within the Drift Indicators service collection._endpoint/_container_detections.py
Updated: Cosmetic update to the
sortenum andfilterargument description in the GetHostMigrationIDsV1 and GetMigrationIDsV1 operations within the Host Migration service collection._endpoint/_host_migration.py
Updated: Cosmetic update to remove unnecessary Authorization headers from the post_graphql, GetSensorDetails, get_policy_rules, delete_policy_rules, and get_policy_rules_query operations within the Identity Protection service collection.
_endpoint/_identity_protection.py
Updated: Cosmetic updates to operation descriptions for the ITAutomationStartExecutionResultsSearch and ITAutomationGetExecutionResults operations within the IT Automation service collection.
_endpoint/_it_automation.py
Updated: Cosmetic update to the
limitandoffsetargument descriptions for the FindContainersByContainerRunTimeVersion, ReadClusterCombined, ReadClusterCombinedV2, ReadRunningContainerImages, ReadContainerCombined, ReadDeploymentCombined, SearchAndReadKubernetesIomEntities, ReadNodeCombined, ReadPodCombined and SearchKubernetesIoms operations within the Kubernetes Protection service collection._endpoint/_it_automation.py
Updated: Cosmetic update to operation descriptions for the ReadClusterCombinedV2, ReadContainerCombined and SearchAndReadKubernetesIomEntities operations within the Kubernetes Protection service collection.
_endpoint/_it_automation.py
Updated: Cosmetic update to the
limitandoffsetargument descriptions in the SearchAndRReadUnidentifiedContainers operation within the Unidentified Containers service collection._endpoint/_unidentified_containers.py
Updated: Cosmetic updates to argument and operation descriptions in the WorkflowDefinitionsCombined, WorkflowDefinitionsStatus, WorkflowExecutionsAction and WorkflowMockExecute operations within the Workflows service collection.
_endpoint/_workflows.py
Version 1.5.4
Added features and functionality
Added: Added tag_key and tag_value as allowed values for the
filterparameter in the cloud_security_assets_combined_compliance_by_account operation within the Cloud Security Assets service collection._endpoint/_cloud_security_assets.py_endpoint/deprecated/_cloud_security_assets.py
Added: Added 5 new operations to the Cloud Azure Registration service collection.
cloud_registration_azure_get_registration
cloud_registration_azure_create_registration
cloud_registration_azure_update_registration
cloud_registration_azure_delete_registration
download_azure_script
_endpoint/_cloud_azure_registration.py_endpoint/deprecated/_cloud_azure_registration.py_payload/__init__.py_payload/_cloud_azure_registration.pycloud_azure_registration.py
Unit testing expanded to complete code coverage.
tests/test_cloud_azure_registration.py
Added: Added insights.date_value, insights.integer_value, insights.string_list_value, and insights.string_value as allowed values for the
filterparameter in the cloud_security_assets_queries operation within the Cloud Security Assets service collection._endpoint/_cloud_security_assets.py_endpoint/deprecated/_cloud_security_assets.py
Added: Added new getCloudEventIDs operation to the CSPM Registration service collection.
_endpoint/_cspm_registration.pycspm_registration.py
Unit testing expanded to complete code coverage.
tests/test_cspm_registration.py
Added: Added new GetEntityIDsByQueryPOSTV2 operation to the Deployments service collection. This operation is now the default operation used when calling the PEP 8 compliant
get_release_notesmethod within the service class. The legacy operation is still available using theget_release_notes_v1method._endpoint/_deployments.pydeployments.py
Unit testing expanded to complete code coverage.
tests/test_deployments.py
Added: Added new query_external_assets_v2 operation to the Exposure Management service collection. This operation is now the default operation used when calling the PEP 8 compliant
query_assetsmethod within the service class. The legacy operation is still available using thequery_assets_v1method._endpoint/_exposure_management.py_endpoint/deprecated/_exposure_management.pyexposure_management.py
Unit testing expanded to complete code coverage.
tests/test_exposure_management.py
Added: Added 2 new operations to the Falcon Container service collection.
PostImageScanInventory
HeadImageScanInventory
_endpoint/_falcon_container.py_payload/__init__.py_payload/_container.pyfalcon_container.py
Unit testing expanded to complete code coverage.
tests/test_falcon_container.py
Added: Added new QueryAlertIdsByFilterV2 operation to the Falcon Complete Dashboard service collection. This operation is now the default operation used when calling the PEP 8 compliant
query_alert_ids_by_filtermethod within the service class. The legacy operation is still available using thequery_alert_ids_by_filter_v1method._endpoint/_falcon_complete_dashboard.pyfalcon_complete_dashboard.py
Unit testing expanded to complete code coverage.
tests/test_falcon_complete_dashboard.py
Added: Added new QueryMalwareEntities operation to the Intel service collection.
_endpoint/_intel.pyintel.py
Unit testing expanded to complete code coverage.
tests/test_intel.py
Added: Added new LookupIndicators operation to the Intelligence Indicator Graph service collection.
_endpoint/_intelligence_indicator_graph.pyintelligence_indicator_graph.py
Unit testing expanded to complete code coverage.
tests/test_intelligence_indicator_graph.py
Added: Added node_uid as an allowed
filtervalue to the ReadNodesByCloudCount, ReadNodesByContainerEngineVersionCount, ReadNodesByDateRangeCount, ReadNodeCount and ReadNodeCombined operations within the Kubernetes Protection service collection. Added a new PEP 8 alias for the ReadNodeCount operation._endpoint/_kubernetes_protection.pykubernetes_protection.py
Added: Added the new IT Automation service collection with 37 operations.
ITAutomationGetAssociatedTasks
ITAutomationCombinedScheduledTasks
ITAutomationGetTaskExecutionsByQuery
ITAutomationGetTaskGroupsByQuery
ITAutomationGetTasksByQuery
ITAutomationRunLiveQuery
ITAutomationUpdatePolicyHostGroups
ITAutomationUpdatePoliciesPrecedence
ITAutomationGetPolicies
ITAutomationCreatePolicy
ITAutomationUpdatePolicies
ITAutomationDeletePolicy
ITAutomationGetScheduledTasks
ITAutomationCreateScheduledTask
ITAutomationUpdateScheduledTask
ITAutomationDeleteScheduledTasks
ITAutomationCancelTaskExecution
ITAutomationGetTaskExecutionHostStatus
ITAutomationRerunTaskExecution
ITAutomationGetExecutionResultsSearchStatus
ITAutomationStartExecutionResultsSearch
ITAutomationGetExecutionResults
ITAutomationGetTaskExecution
ITAutomationStartTaskExecution
ITAutomationGetTaskGroups
ITAutomationCreateTaskGroup
ITAutomationUpdateTaskGroup
ITAutomationDeleteTaskGroups
ITAutomationGetTasks
ITAutomationCreateTask
ITAutomationUpdateTask
ITAutomationDeleteTask
ITAutomationQueryPolicies
ITAutomationSearchScheduledTasks
ITAutomationSearchTaskExecutions
ITAutomationSearchTaskGroups
ITAutomationSearchTasks
_endpoint/__init__.py_endpoint/_it_automation.py_payload/__init__.py_payload/_it_automation.py__init__.pyit_automation.py
Unit testing expanded to complete code coverage.
test_it_automation.py
Added: Added new RTR-GetPutFileContents operation to the Real Time Response Admin service collection.
_endpoint/_real_time_response_admin.py_endpoint/deprecated/_real_time_response_admin.pyreal_time_response_admin.py
Unit testing expanded to complete code coverage.
tests/test_real_time_response_admin.py
Added: Added user_uuid as an allowed value for the
sortparameter in the combinedUserRolesV1 and CombinedUserRolesV2 operations within the User Management service collection._endpoint/_user_management.pyuser_management.py
Added: Added HEAD as an allowed HTTP request method.
_constant/__init__.py_error/_warnings.py_result/_result.py_util/_functions.py
Added: Added named debug logger targeting functionality. Developers may specify a Logger object for the
debugparameter instead of a boolean to force the SDK to generate log messages to that specific log. This functionality can be configured to target different loggers per class instantiated, regardless if the developer is using Service Classes or the Uber Class._auth_object/_falcon_interface.py_service_class/_base_service_class.pyoauth2.py
Unit testing expanded to complete code coverage.
tests/test_authentications.pyThanks go out to @JamesLochheadCRWD for suggesting this addition! 🙇
Issues resolved
Fixed: Added missing endpoint definition GetCSPMGCPAccount to resolve the typo with the GetCSPMCGPAccount operation within the CSPM Registration service collection when called from the Uber Class.
_endpoint/_cspm_registration.py
Fixed: Added
filenameto Uber Class path variable handler for the GetLookupV1 operation within the NGSIEM service collection. Closes #1359._util/_uber.pyThanks go out to @59e5aaf4 for identifying and reporting this issue! 🙇
Other
Updated: Cosmetic updates to
filterandsortparameter descriptions in the cloud_security_registration_oci_get_account operation within the Cloud OCI Registration service collection._endpoint/_cloud_oci_registration.py_endpoint/deprecated/_cloud_oci_registration.py
Removed: Decommissioned the deprecated Data Scanner service collection.
_endpoint/__init__.py_endpoint/_data_scanner.py__init__.pydatascanner.py
Unit testing updated to reflect new code coverage requirements.
tests/test_datascanner.py
Updated: Cosmetic update to the operation description for the AggregateAlerts operation within the Falcon Complete Dashboard service collection.
_endpoint/_falcon_complete_dashboard.py
Changed: Changed collection format from csv to multi for the
idsparameter in the get_policy_rules and _delete_policy_rules operations within the Identity Protection service collection._endpoint/_identity_protection.py_endpoint/deprecated/_identity_protection.py
Removed: Removed the decommissioned operation GetIndicatorAggregates from the Intelligence Indicator Graph service collection.
_endpoint/_intelligence_indicator_graph.pyintelligence_indicator_graph.py
Unit testing updated to reflect new code coverage requirements.
tests/test_intelligence_indicator_graph.py
Removed: Removed deprecated
bodypayload functionality and added thefilterandsortquery string parameters in the SearchIndicators operation within the Intelligence Indicator Graph service collection._payload/__init__.py_payload/_intelligence_indicator_graph.pyintelligence_indicator_graph.py
Removed: Removed the decommissioned operations CreateCase and UpdateCase from the Message Center service collection.
_endpoint/_message_center.pymessage_center.py
Unit testing updated to reflect new code coverage requirements.
tests/test_message_center.py
Updated: Updated
sortenum to list all available parameter values in the QueryActivityByCaseID and QueryCasesIdsByFilter operations and added case.status as an allowedfiltervalue to the QueryCasesIdsByFilter operation within the Message Center service collection._endpoint/_message_center.py
Updated: Cosmetic updates to enums and changed the collection format from csv to multi for the
stageparameter in the queryCombinedSensorUpdateBuilds operation within the Sensor Update Policy service collection._endpoint/_sensor_update_policies.py
Updated: Cosmetic update to the body payload description in the userRolesActionV1 operation within the User Management service collection.
_endpoint/_user_management.py
Version 1.5.3
Added features and functionality
Added: Added new Kubernetes Container Compliance service collection containing 11 new operations.
AggregateAssessmentsGroupedByClustersV2
AggregateComplianceByAssetType
AggregateComplianceByClusterType
AggregateComplianceByFramework
AggregateFailedRulesByClustersV3
AggregateFailedRulesByClustersV3
AggregateAssessmentsGroupedByRulesV2
AggregateTopFailedImages
CombinedImagesFindings
CombinedNodesFindings
getRulesMetadataByID
_endpoint/__init__.py_endpoint/_kubernetes_container_compliance.py__init__.pykubernetes_container_compliance.py
Unit testing expanded to complete code coverage.
tests/test_kubernetes_container_compliance.py
Added: New
filterandsortparameter options added to the cloud_security_assets_queries operation within the Cloud Security Assets service collection.filter:
application_security.business_applicationsfilter:
application_security.business_criticalityfilter:
application_security.service_namesfilter:
tagssort:
compartment_namesort:
compartment_ocidsort:
compartment_pathsort:
tenancy_namesort:
tenancy_ocidsort:
tenancy_type_endpoint/_cloud_security_assets.py_endpoint/deprecated/_cloud_security_assets.pycloud_security_assets.py
Added: Added new
find_operationhelper._helper/__init__.py_helper/_find_operation.py__init__.py
Unit testing expanded to complete code coverage.
tests/test_helper.py
Added: Added
filterparameter to the ReadContainerCountByRegistry operation within the Kubernetes Protection service collection._endpoint/_kubernetes_protection.pykubernetes_protection.py
Issues resolved
Fixed: Resolved issue with
fileparameter name in file tuples used for the CreateFileV1 and UpdateFileV1 operations within the FoundryLogScale Service Class.foundry_logscale.py
Adjusted: Removed default values from HEC ingestion payload class that should be defined within the NGSIEM parser and not the event.
_ngsiem/_ingest_payload.py
Fixed: Added
excluded_fromto the payload handler for exclusion payloads. Updated createMLExclusionsV1 docstring to reflect new functionality._payload/_generic.pyml_exclusions.py
Fixed: Added
is_descendant_processto the updateMLExclusionsV1 operation within the ML Exclusions Service Class._payload/_generic.pyml_exclusions.py
Other
Updated: Cosmetic updates to
filterparameter descriptions in 11 operations within the Container Image Compliance service collection._endpoint/_container_image_compliance.py
Revised: Updated HTTP Event Collector (HEC) default ingestion payload handling to remove fields that should be handled by parsing.
_ngsiem/_ingest_payload.py
Updated: Updated
filterparameter description and docstring for the QueryVulnerabilities operation within the Intel service collection._endpoint/_intel.pyintel.py
Updated: Cosmetic updates to
filterparameter description in the cloud_security_registration_oci_get_account operation within the Cloud OCI Registration service collection._endpoint/_cloud_oci_registration.py_endpoint/deprecated/_cloud_oci_registration.py
Version 1.5.2
Added features and functionality
Updated: Updated
import_definition(WorkflowDefinitionsImport operation) method to allow for raw YAML file data to be passed to thedata_filekeyword within the Workflows Service Class. Closes #1341.workflows.py
Unit testing expanded to complete code coverage.
tests/test_workflows.pyThanks go out to @jbfuzier for suggesting this update. 🙇
Updated: Expanded error handling for context manager usage scenarios.
_auth_object/_uber_interface.py_service_class/_service_class.py
Unit testing expanded to complete code coverage.
tests/test_service_class.pytests/test_uber.py
Updated: Updated default
limitfor the ReadCombinedVulnerabilitiesDetails operation from 100 to 5000 within the Container Vulnerabilities service collection._endpoint/_container_vulnerabilities.py
Added: Added
temporarily_assigned_cidsas an allowed value for thefilterparameter in the queryUserV1 operation within the User Management service collection._endpoint/_user_management.pyuser_management.py
Added: Added new GetIndicatorAggregates operation to the Intelligence Indicator Graph service collection.
_endpoint/_intelligence_indicator_graph.pyintelligence_indicator_graph.py
Unit testing expanded to complete code coverage.
tests/test_intelligence_indicator_graph.py
Issues resolved
Fixed: Restored incorrectly removed values from the PREFER_IDS_IN_BODY constant. Closes #1344.
_constant/__init__.pyThanks go out to @agburch for identifying this issue! 🙇
Other
Updated: Updated
generate_error_resultmethod to handle context manager and pythonic scenarios._util/_functions.py
Updated: Cosmetic updates to the
filterparameter for the cloud_security_registration_oci_get_account operation within the Cloud OCI Registration service collection._endpoint/_cloud_oci_registration.py_endpoint/deprecated/_cloud_oci_registration.py
Version 1.5.1
Added features and functionality
Added: Added the CreateFileV1 and UpdateFileV1 operations to the Foundry LogScale service collection.
_endpoint/_foundry_logscale.py_endpoint/_ngsiem.pyfoundry_logscale.py
Unit testing expanded to complete code coverage.
tests/test_foundry_logscale.py
Added: Added new CombinedUserRolesV2 operation to the User Management service collection. Deprecated the combinedUserRolesV1 operation.
_endpoint/_user_management.pyuser_management.py
Unit testing expanded to complete code coverage.
tests/test_user_management.py
Added: Added new HTTP Event Collector module.
_enum/__init__py_enum/_ingest_base_url.py_enum/_ingest_format.py_enum/_timeunit.py_ngsiem/__init__.py_ngsiem/_hec.py_ngsiem/_ingest_config.py_ngsiem/_ingest_payload.py_ngsiem/_session_manager.py__init__.py_version.py
Unit testing expanded to complete code coverage.
.github/workflows/unit_testing_ubuntu.ymltests/5records.rawtests/100thousand.raw.gztests/test_hec.py
Added: Added new helper module containing a text color helper class, progress / wait indicator, and a random string generator.
_helper/__init__.py_helper/_indicator.py_helper/_text_colors.py__init__.py
Unit testing expanded to complete coverage.
Added: Added the
sortparameter to the queryPinnableContentVersions operation within the Content Update Policies service collection._endpoint/_content_update_policies.pycontent_update_policies.py
Added: Added
actors.animal_classifier,malware,malware.community_identifiers,malware.family_name, andmalware.slugas an allowed filter parameter values in the QueryIntelReportIds and QueryIntelReportEntities operations within the Intel service collection._endpoint/_intel.pyintel.py
Added: Added
animal_classifieras an allowed filter parameter value in the QueryIntelActorEntities and QueryIntelActorIds operations within the Intel service collection._endpoint/_intel.pyintel.py
Issues resolved
Updated: Changed form data files tuple name for
file_datato match the keyword in the IngestDataV1 and IngestDataAsyncV1 operations within the Foundry LogScale Service Class.foundry_logscale.py
Resolved: Updated
search_idtoidin the Uber Class scrub_target method to properly handle path variables required for the GetSearchStatusV1 operation within the NGSIEM service collection. Closes #1329._util/_uber.pyThanks go out to @Gage-BCCA for submitting this fix! 🙇
Updated: Expanded the operations covered by the PREFER_IDS_IN_BODY constant.
_constant/__init__.py
Updated: Updated the
data_payloadpayload handler for operations within Real Time Response service collections to allow for blank parameter values. Closes #1339._payload/_real_time_response.pyThanks go out to @jbfuzier for reporting this issue! 🙇
Other
Updated: Cosmetic updates to enum and parameter descriptions in the GetMigrationIDsV1 and GetHostMigrationIDsV1 operations within the Host Migration service collection.
_endpoint/_host_migration.py
Removed: Removed the MacOS Sonoma ARM 64 option for the
environment_idparameter within the Submit operation in the Falcon Intelligence Sandbox Service Class.falconx_sandbox.py
Updated: Cosmetic updates to the
filterandsortparameter descriptions in the cloud-security-registration-oci-get-account operation within the Cloud OCI Registration service collection._endpoint/_cloud_oci_registration.py_endpoint/deprecated/_cloud_oci_registration.py
Version 1.5.0
Added features and functionality
Added: Streaming download functionality. Closes #965.
_api_request/_request_behavior.py_api_request/_request.py_util/_functions.py_util/_uber.pyapi_complete/_advanced.py
Unit testing expanded to complete code coverage.
tests/test_api_request.pytests/test_ngsiem.py
Added: Streaming download support for the GetArtifacts, GetMemoryDumpExtractedStrings, GetMemoryDumpHexDump, GetMemoryDump, and GetSampleV2 operations within the Falcon Intelligence Sandbox service collection. Related to #965.
falconx_sandbox.py
Added: Streaming download support for the DownloadFeedArchive operation within the Intelligence Feeds service collection. Related to #965.
intelligence_feeds.py
Added: Streaming download support for the GetMalQueryDownloadV1 and GetMalQueryEntitiesSamplesFetchV1 operations within the MalQuery service collection. Related to #965.
malquery.py
Added: Streaming download support for the GetLookupV1, GetLookupFromPackageWithNamespaceV1, and GetLookupFromPackageV1 operations within the NGSIEM service collection. Related to #965.
ngsiem.py
Added: Streaming download support for the RTR_GetExtractedFileContents operation within the Real Time Response service collection. Related to #965.
real_time_response.py
Added: Streaming download support for the GetSampleV3 operation within the Sample Uploads service collection. Related to #965.
sample_uploads.py
Added: Streaming download support for the DownloadSensorInstallerById and DownloadSensorInstallerByIdV2 operations within the Sensor Download service collection. Related to #965.
sensor_download.py
Added: Added new RunIntegrationTaskAdmin and RunIntegrationTaskV2 operations to the ASPM service collection.
_endpoint/_aspm.pyaspm.py
Unit testing expanded to complete code coverage.
tests/test_aspm.py
Added: Added
remove-pinned-content-versionandset-pinned-content-versionas allowed values for theaction_nameparameter in the performContentUpdatePoliciesAction operation within the Content Update Policies service collection._endpoint/_content_update_policies.pycontent_update_policies.py
Added: Added new queryPinnableContentVersions operation to the Content Update Policies service collection.
_endpoint/_content_update_policies.pycontent_update_policies.py
Unit testing expanded to complete code coverage.
tests/test_content_update_policies.py
Added: Added new
tagsquery string parameter to the GetCSPMAwsConsoleSetupURLs operation within the CSPM Registration service collection._endpoint/_cspm_registration.pycspm_registration.py
Added: Added new
tagsquery string parameter to the GetD4CAWSAccountScriptsAttachment operation within the D4C Registration service collection._endpoint/_d4c_registration.pyd4c_registration.py
Issues resolved
Fixed: Path variable handling issue with Uber class usage of NGSIEM service collection operations. Closes #1324.
_util/_uber.pyThanks go out to @tsullivan06 for identifying and reporting this issue. 🙇
Fixed: Resolved typo for
is_descendant_processparameter within the exclusion_payload payload handler used by the SensorVisibilityExclusions Service Class. Closes #1325._payload/_generic.pysensor_visibility_exclusions.py
Fixed: Query string parameter keyword argument handling issue in the PostAggregatesAlertsV2, PatchEntitiesAlertsV3, and PostEntitiesAlertsV2 operations within the Alerts Service Class. Closes #1326.
alerts.py
Fixed: Resolved issue with not checking for a provided
idparameter within the content_update_policy_payload payload handler used by the ContentUpdatePolicies Service Class. Closes #1323._payload/_content_update_policy.py
Fixed: Resolved issue with not parsing the
idsparameter when provided a comma-delimited list within the content_update_policy_action_payload payload handler used by the ContentUpdatePolicies Service Class. Closes #1321._payload/_content_update_policy.py
Updated: Updated docstring for the
create_policiesmethod (createContentUpdatePolicies operation) within the ContentUpdatePolicies Service Class. Closes #1322.content_update_policies.py
Fixed: Updated payload handler to create an
exclusionsinstead ofresourceslist for the cb_exclusions_create_v1 and cb_exclusions_update_v1 operations within the CertificateBasedExclusions Service Class._payload/_certificate_based_exclusions.pycertificate_based_exclusions.py
Fixed: Resolved payload handling issue with the
startandtimezoneparameters in the StartSearchV1 operation within the NGSIEM Service Class. Closes #1331._payload/_ngsiem.pyThanks go out to @jimmyruann for reporting this issue and identifying the fix. 🙇
Other
Removed: Removed decommissioned cloud_registration_aws_validate_accounts from the Cloud AWS Registration service collection.
_endpoint/_cloud_aws_registration.py_endpoint/deprecated/_cloud_aws_registration.pycloud_aws_registration.py
Unit testing adjusted to reflect new code coverage requirements.
tests/test_cloud_aws_registration.py
Updated: Cosmetic update to the
filterparameter description in the cloud_security_registration_oci_get_account operation within the Cloud OCI Registration service collection._endpoint/_cloud_oci_registration.py_endpoint/deprecated/_cloud_oci_registration.py
Updated: Cosmetic update to the allowed values enum for the
sortparameter within the CombinedHiddenDevicesByFilter and CombinedDevicesByFilter operations within the Hosts service collection._endpoint/_hosts.py
Renamed: Renamed
custom_role_nameparameter toiam_role_arnin the GetD4CAWSAccountScriptsAttachment operation within the D4C Registration service collection._endpoint/_d4c_registration.pyd4c_registration.py
Unit testing expanded to complete code coverage.
tests/test_d4c_registration.py
Version 1.4.9
Added features and functionality
Added: Added new CAO Hunting service collection with 4 new operations.
_endpoint/__init__.py_endpoint/_cao_hunting.py_payload/_generic.py__init__.pycao_hunting.py
Unit testing expanded to complete code coverage.
tests/test_cao_hunting.py
Added: Added new cloud_security_assets_combined_compliance_by_account operation to the Cloud Security Assets service collection.
_endpoint/_cloud_security_assets.py_endpoint/deprecated/_cloud_security_assets.pycloud_security_assets.py
Unit testing expanded to complete code coverage.
tests/test_cloud_security_assets.py
Added: Added 6 new operations to the Custom Storage service collection.
ListCollections
DescribeCollections
DescribeCollection
ListSchemas
GetSchema
GetSchemaMetadata
_endpoint/_custom_storage.py_util/_functions.pycustom_storage.py
Unit testing expanded to complete code coverage.
tests/test_custom_storage.py
Added: Added new FaaS Execution service collection with 1 new operation.
ReadRequestBody
_endpoint/__init__.py_endpoint/_faas_execution.py__init__.pyfaas_execution.py
Unit testing expanded to complete code coverage.
tests/test_faas_execution.py
Added: Added new ReadClusterCombinedV2 operation to the Kubernetes Protection service collection.
_endpoint/_kubernetes_protection.pykubernetes_protection.py
Unit testing expanded to complete code coverage.
tests/test_kubernetes_protection.py
Added: Added aggregateUsersV1 operation to the User Management service collection.
_endpoint/_user_management.pyuser_management.py
Unit testing expanded to complete code coverage.
tests/test_user_management.py
Other
Updated: Cosmetic update to
filterandsortparameter descriptions in the cloud_security_registration_oci_get_account operation of the Cloud OCI Registration service collection._endpoint/_cloud_oci_registration.py_endpoint/deprecated/_cloud_oci_registration.py
Removed: Removed the cloud_security_assets_entities_artifacts_get operation from the Cloud Security Assets service collection.
_endpoint/_cloud_security_assets.py_endpoint/deprecated/_cloud_security_assets.pycloud_security_assets.py
Unit testing updated to reflect currently available operations.
tests/test_cloud_security_assets.py
Added: Added
service_categoryas an allowed value for thesortparameter in the cloud_security_assets_queries operation within the Cloud Security Assets service collection._endpoint/_cloud_security_assets.pycloud_security_assets.py
Renamed: Renamed to the Compliance Assessments service collection to Container Image Compliance. Legacy service collection name maintained as an alias within the Service Class.
_endpoint/__init__.py_endpoint/_compliance_assessments.py(Removed)_endpoint/_container_image_compliance.py__init__.pycompliance_assessments.py->container_image_compliance.py
Unit testing updated to reflect new code pattern.
tests/test_compliance_assessments.py->tests/test_container_compliance.py
Updated: Cosmetic update to the
offsetparameter description in the CombinedImageByVulnerabilityCount operation within the Container Images service collection._endpoint/_container_images.py
Added: Added
ai_relatedas an allowed value for thefilterparameter in 10 operations within the Kubernetes Protection service collection.FindContainersByContainerRunTimeVersion
GroupContainersByManaged
ReadContainersByDateRangeCount
ReadContainerImageDetectionsCountByDate
ReadVulnerableContainerImageCount
ReadContainerCount
ReadContainersSensorCoverage
ReadContainerVulnerabilitiesBySeverityCount
ReadDistinctContainerImageCount
ReadContainerImagesByMostUsed
ReadContainerCombined
_endpoint/_kubernetes_protection.pykubernetes_protection.py
Added: Added multiple new allowed values for the
filterparameter in the ReadClusterCombined operation within the Kubernetes Protection service collection.kubernetes_protection.py
Added: Added
containers_impacted_ai_relatedas an allowed value for thefilterparameter in 2 operations within the Kubernetes Protection service collection.SearchAndReadKubernetesIomEntities
SearchKubernetesIoms
_endpoint/_kubernetes_protection.pykubernetes_protection.py
Updated: Added
host_info.instance_stateas an allowed value for thefilterparameter in the combinedQueryVulnerabilities and queryVulnerabilities operations within the Spotlight Vulnerabilities service collection._endpoint/_spotlight_vulnerabilities.py
Updated: Added
accessed_by_processas an allowed value to theedge_typeparameter in the combined_edges_get operation within the ThreatGraph service collection._endpoint/_threatgraph.pythreatgraph.py
Updated: Added
expires_atas an allowed value for thefilterandsortparameters in the combinedUserRolesV1 operation within the User Management service collection._endpoint/_user_management.pyuser_management.py
Updated: Added
has_temporary_rolesas an allowed value for thefilterandsortparameters in the queryUserV1 operation within the User Management service collection._endpoint/_user_management.pyuser_management.py
Updated: Added
direct_assigned_cidsandstatusas allowed values for thefilterparameter in the queryUserV1 operation within the User Management service collection._endpoint/_user_management.pyuser_management.py
Version 1.4.8
Added features and functionality
Added: Added 1 new operation to the Alerts service collection.
PostCombinedAlertsV1
_endpoint/_alerts.py_payload/__init__.py_payload/_alerts.pyalerts.py
Unit testing expanded to complete code coverage.
tests/test_alerts.py
Added: Added new 18 operations to the ASPM service collection.
ExecuteFunctionDataCount
ExecuteFunctionsCount
ExecuteFunctionDataQueryCount
ExecuteFunctionsQueryCount
ExecuteFunctionData
ExecuteFunctionsOvertime
ExecuteFunctions
ExecuteFunctionDataQuery
ExecuteFunctionsQueryOvertime
ExecuteFunctionsQuery
getServiceArtifacts
GetIntegrationTasksMetadata
GetIntegrationTasksV2
GetIntegrationsV2
GetExecutorNodesMetadata
RetrieveRelayInstances
GetCloudSecurityIntegrationState
SetCloudSecurityIntegrationState
_endpoint/_aspm.py_payload/__init__.py_payload/_aspm.pyaspm.py
Unit testing expanded to complete code coverage.
tests/test_aspm.py
Added: Added
exclude_artifactskeyword argument to the ServiceNowGetServices operation within the ASPM service collection._endpoint/_aspm.pyaspm.py
Added: Added
offset,limit,order_by,direction,integration_task_types,idsandnameskeyword arguments to the GetIntegrationTasks operation within the ASPM service collection._endpoint/_aspm.pyaspm.py
Added: Added
direction,limit,offset,order_by,executor_node_ids,executor_node_names,executor_node_statesandexecutor_node_typeskeyword arguments to the GetExecutorNodes operation within the ASPM service collection._endpoint/_aspm.pyaspm.py
Added: Added new Cloud AWS Registration service collection with 6 new operations.
cloud_registration_aws_get_accounts
cloud_registration_aws_create_account
cloud_registration_aws_update_account
cloud_registration_aws_delete_account
cloud_registration_aws_validate_accounts
cloud_registration_aws_query_accounts
_endpoint/__init__.py_endpoint/_cloud_aws_registration.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_cloud_aws_registration.py_payload/__init__.py_payload/_cloud_aws_registration.py__init__.pycloud_aws_registration.py
Unit testing expanded to complete code coverage.
tests/test_cloud_aws_registration.py
Added: Added new Cloud Azure Registration service collection with 1 new operation.
cloud_registration_azure_download_script
_endpoint/__init__.py_endpoint/_cloud_azure_registration.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_cloud_azure_registration.py_payload/__init__.py_payload/_cloud_azure_registration.py__init__.pycloud_azure_registration.py
Unit testing expanded to complete code coverage.
tests/test_cloud_azure_registration.py
Added: Added new Cloud OCI Registration service collection with 7 new operations.
cloud_security_registration_oci_get_account
cloud_security_registration_oci_rotate_key
cloud_security_registration_oci_validate_tenancy
cloud_security_registration_oci_create_account
cloud_security_registration_oci_update_account
cloud_security_registration_oci_delete_account
cloud_security_registration_oci_download_script
_endpoint/__init__.py_endpoint/_cloud_oci_registration.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_cloud_oci_registration.py_payload/__init__.py_payload/_cloud_oci_registration.py__init__.pycloud_oci_registration.py
Unit testing expanded to complete code coverage.
tests/test_cloud_oci_registration.py
Added: Added new Cloud Security Assets service collection with 3 new operations.
cloud_security_assets_entities_artifacts_get
cloud_security_assets_entities_get
cloud_security_assets_queries
_endpoint/__init__.py_endpoint/_cloud_security_assets.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_cloud_security_assets.py__init__.pycloud_security_assets.py
Unit testing expanded to complete code coverage.
tests/test_cloud_security_assets.py
Added: Added new Content Update Policies service collection with 10 new operations.
queryCombinedContentUpdatePolicyMembers
queryCombinedContentUpdatePolicies
performContentUpdatePoliciesAction
setContentUpdatePoliciesPrecedence
getContentUpdatePolicies
createContentUpdatePolicies
updateContentUpdatePolicies
deleteContentUpdatePolicies
queryContentUpdatePolicyMembers
queryContentUpdatePolicies
_endpoint/__init__.py_endpoint/_content_update_policies.py_payload/__init__.py_payload/_content_update_policy.py__init__.pycontent_update_policies.py
Unit testing expanded to complete code coverage.
tests/test_content_update_policies.py
Added: Added 9 new operations to the Correlation Rules service collection.
aggregates_rule_versions_post_v1
combined_rules_get_v2
entities_latest_rules_get_v1
entities_rule_versions_export_post_v1
entities_rule_versions_import_post_v1
entities_rule_versions_publish_patch_v1
entities_rule_versions_delete_v1
entities_rules_get_v2
queries_rules_get_v2
_endpoint/_correlation_rules.py_endpoint/deprecated/_correlation_rules.py_payload/__init__.py_payload/_correlation_rules.pycorrelation_rules.py
Unit testing expanded to complete code coverage.
tests/test_correlation_rules.py
Added: Added the
image_digestparameter to the CombinedImageIssuesSummary and CombinedImageVulnerabilitySummary operations within the Container Images service collection._endpoint/_container_images.pycontainer_images.py
Added: Added the ReadPackagesByImageCount and ReadPackagesCombinedV2 operations to the Container Packages service collection.
_endpoint/_container_packages.pycontainer_packages.py
Unit testing expanded to complete code coverage.
tests/test_container_packages.py
Added: Added 2 new template formats to the GetCSPMAwsConsoleSetupURLs operation within the CSPM Registration service collection.
_endpoint/_cspm_registration.pycspm_registration.py
Added: Added new AzureRefreshCertificate operation to the CSPM Registration service collection.
_endpoint/_cspm_registration.pycspm_registration.py
Unit testing expanded to complete code coverage.
tests/test_cspm_registration.py
Added: Added 4 new parameters to the GetD4CAWSAccountScriptsAttachment operation within the D4C Registration service collection.
_endpoint/_d4c_registration.pyd4c_registration.py
Added: Added new Deployments service collection with 5 new operations.
GetDeploymentsExternalV1
CombinedReleasesV1Mixin0
CombinedReleaseNotesV1
GetEntityIDsByQueryPOST
QueryReleaseNotesV1
_endpoint/__init__.py_endpoint/_deployments.py__init__.pydeployments.py
Unit testing expanded to complete code coverage.
tests/test_deployments.py
Added: Added new Device Content service collection with 2 new operations.
entities_states_v1
queries_states_v1
_endpoint/__init__.py_endpoint/_device_content.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_device_content.py__init__.pydevice_content.py
Unit testing expanded to complete code coverage.
tests/test_device_content.py
Added: Added 6 new operations to the Device Control Policies service collection.
patchDeviceControlPoliciesClassesV1
getDefaultDeviceControlSettings
updateDefaultDeviceControlSettings
getDeviceControlPoliciesV2
postDeviceControlPoliciesV2
patchDeviceControlPoliciesV2
_endpoint/_device_control_policies.py_payload/__init__.py_payload/_device_control_policy.pydevice_control_policies.py
Unit testing expanded to complete code coverage.
tests/test_device_control_policies.py
Added: Add
arch,file_versionandosparameters to the EnumerateFile operation within the Downloads service collection._endpoint/_downloads.pydownloads.py
Added: Added 4 new operations to the Exposure Management service collection.
combined_ecosystem_subsidiaries
get_ecosystem_subsidiaries
post_external_assets_inventory_v1
query_ecosystem_subsidiaries
_endpoint/_exposure_management.py_endpoint/deprecated/_exposure_management.py_payload/__init__.py_payload/_exposure_management.pyexposure_management.py
Unit testing expanded to complete code coverage.
tests/test_exposure_management.py
Added: Added 4 new operations to the Falcon Container service collection. Closes #1293.
DownloadExportFile
ReadExportJobs
LaunchExportJob
QueryExportJobs
_endpoint/_falcon_container.py_payload/__init__.py_payload/_container.pyfalcon_container.py
Unit testing expanded to complete code coverage.
tests/test_falcon_container.py
Added: Added CombinedHiddenDevicesByFilter and CombinedDevicesByFilter operations to the Hosts service collection.
_endpoint/_hosts.pyhosts.py
Unit testing expanded to complete code coverage.
tests/test_hosts.py
Added: Added GetMalwareMitreReport operation to the Intel service collection.
_endpoint/_intel.pyintel.py
Unit testing expanded to complete code coverage.
tests/test_intel.py
Added: Added new Intelligence Indicator Graph service collection with 1 new operation.
SearchIndicators
_endpoint/__init__.py_endpoint/_intelligence_indicator_graph.py_payload/__init__.py_payload/_intelligence_indicator_graph.py__init__.pyintelligence_indicator_graph.py
Unit testing expanded to complete code coverage.
tests/test_intelligence_indicator_graph.py
Added: Added new Serverless Vulnerabilities service collection with 1 new operation.
GetCombinedVulnerabilitiesSARIF
_endpoint/__init__.py_endpoint/_serverless_vulnerabilities.py__init__.pyserverless_vulnerabilities.py
Unit testing expanded to complete code coverage.
tests/test_serverless_vulnerabilities.py
Added: Added WorkflowActivitiesContentCombined operation to the Workflows service collection.
_endpoint/_workflows.pyworkflows.py
Unit testing expanded to complete code coverage.
tests/test_workflows.py
Issues resolved
Fixed: Unexpected redirect issue caused by underlying requests library handler. Closes #1283.
_util/_functions.py
Fixed: Uber Class path variable interpolation issue related to formatting differences within the endpoint module.
_util/_uber.py
Fixed: Payload handling issue with StartSearchV1 operation. New payload handler implemented. Keyword argument handling issue using the
idkeyword with GetSearchStatusV1 operation. Related to #1291. Thanks go out to @JCKelley-CYBR for reporting this issue. 🙇_payload\__init__.py_payload\_ngsiem.pyngsiem.py
Unit testing expanded to complete code coverage.
tests/test_ngsiem.py
Fixed: Payload handler / docstring issue with entities_rules_patch_v1 operation within the CorrelationRules Service Class. Closes #1294.
correlation_rules.py
Fixed: Added missing keyword arguments for updated body payloads in the CSPM Registration Service Class. Closes #1273.
_payload/_cspm_registration.pycspm_registration.py
Unit testing expanded to complete code coverage.
tests/test_cspm_registration.py
Fixed: Pylance issue with type hints for Service Class methods when pythonic mode is being used. Closes #1274.
alerts.pyapi_integrations.pyaspm.pycertificate_based_exclusions.pycloud_connect_aws.pycloud_snapshots.pycompliance_assessments.pyconfiguration_assessment_evaluation_logic.pyconfiguration_assessment.pycontainer_alerts.pycontainer_detections.pycontainer_images.pycontainer_packages.pycontainer_vulnerabilities.pycspm_registration.pycustom_ioa.pycustom_storage.pyd4c_registration.pydatascanner.pydelivery_settings.pydetects.pydevice_control_policies.pydiscover.pydownloads.pydrift_indicators.pyevent_streams.pyexposure_management.pyfalcon_complete_dashboard.pyfalcon_container.pyfalconx_sandbox.pyfdr.pyfilevantage.pyfirewall_management.pyfirewall_policies.pyfoundry_logscale.pyhost_group.pyhost_migration.pyhosts.pyidentity_protection.pyimage_assessment_policies.pyincidents.pyinstallation_tokens.pyintel.pyioa_exclusions.pyioc.pyiocs.pykubernetes_protection.pymalquery.pymessage_center.pyml_exclusions.pymobile_enrollment.pymssp.pyoauth2.pyods.pyoverwatch_dashboard.pyprevention_policy.pyquarantine.pyquick_scan_pro.pyquick_scan.pyreal_time_response_admin.pyreal_time_response_audit.pyreal_time_response.pyrecon.pyreport_executions.pyresponse_policies.pysample_uploads.pyscheduled_reports.pysensor_download.pysensor_update_policy.pysensor_usage.pysensor_visibility_exclusions.pyspotlight_evaluation_logic.pyspotlight_vulnerabilities.pytailored_intelligence.pythreatgraph.pyunidentified_containers.pyuser_management.pyworkflows.pyzero_trust_assessment.py
Other
Updated: Cosmetic updates to operation and parameter descriptions within the Alerts service collection.
PatchEntitiesAlertsV2 -
bodyPatchEntitiesAlertsV3 -
bodyGetQueriesAlertsV1 -
offset,limit,sortandfilterGetQueriesAlertsV2 -
offset,limit,sortandfilter_endpoint/_alerts.py
Updated: Cosmetic update to the
bodyparameter description in the ExecuteQuery operation within the ASPM service collection._endpoint/_aspm.py
Updated: Cosmetic update to the
modeparameter description in the ProvisionAWSAccounts operation within the Cloud Connect AWS service collection._endpoint/_cloud_connect_aws.py
Updated: Cosmetic updates to the
filterparameter description in 11 operations within the Compliance Assessments service collection.extAggregateClusterAssessments
extAggregateImageAssessments
extAggregateRulesAssessments
extAggregateFailedContainersByRulesPath
extAggregateFailedContainersCountBySeverity
extAggregateFailedImagesByRulesPath
extAggregateFailedImagesCountBySeverity
extAggregateFailedRulesByClusters
extAggregateFailedRulesByImages
extAggregateFailedRulesCountBySeverity
extAggregateRulesByStatus
_endpoint/_compliance_assessments.py
Updated: Cosmetic update to the
afterparameter description in the getCombinedAssessmentsQuery operation within the Configuration Assessment service collection._endpoint/_configuration_assessment.py
Updated: Cosmetic update to the
filterparameter description in the ReadContainerAlertsCountBySeverity, ReadContainerAlertsCount, and SearchAndReadContainerAlerts operations within the Container Alerts service collection._endpoint/_container_alerts.py
Updated: Added default (100) to the
limitparameter in the SearchAndReadContainerAlerts operation within the Container Alerts service collection._endpoint/_container_alerts.py
Updated: Cosmetic updates to parameter descriptions in 7 operations within the Container Detections service collection.
ReadDetectionsCountBySeverity
ReadDetectionsCountByType
ReadDetectionsCount
ReadCombinedDetections
GetRuntimeDetectionsCombinedV2
ReadDetections
SearchDetections
_endpoint/_container_detections.py
Updated: Added new filters and cosmetic updates to parameter and operation descriptions in 11 operations within the Container Images service collection.
AggregateImageAssessmentHistory
AggregateImageCountByBaseOS
AggregateImageCountByState
AggregateImageCount
CombinedBaseImages
GetCombinedImages
CombinedImageByVulnerabilityCount
CombinedImageDetail
ReadCombinedImagesExport
CombinedImageIssuesSummary
CombinedImageVulnerabilitySummary
_endpoint/_container_images.py
Updated: Cosmetic updates to parameter descriptions in 5 operations within the Container Packages service collection.
ReadPackagesCountByZeroDay
ReadPackagesByFixableVulnCount
ReadPackagesByVulnCount
ReadPackagesCombinedExport
ReadPackagesCombined
_endpoint/_container_packages.py
Updated: Cosmetic updates to parameter descriptions in 9 operations within the Container Vulnerabilities service collection.
ReadVulnerabilityCountByActivelyExploited
ReadVulnerabilityCountByCPSRating
ReadVulnerabilityCountByCVSSScore
ReadVulnerabilityCountBySeverity
ReadVulnerabilityCount
ReadVulnerabilitiesByImageCount
ReadVulnerabilitiesPublicationDate
ReadCombinedVulnerabilitiesDetails
ReadCombinedVulnerabilities
_endpoint/_container_vulnerabilities.py
Removed: Removed the
refreshandyears_validkeyword arguments from the AzureDownloadCertificate operation within the CSPM Registration service collection._endpoint/_cspm_registration.pycspm_registration.py
Updated: Cosmetic updates to parameter descriptions in 3 operations within the Detects service collection.
UpdateDetectsByIdsV2
GetDetectSummaries
QueryDetects
_endpoint/_detects.py
Updated: Cosmetic updates to parameter descriptions in 12 operations within the Discover service collection.
combined_applications
combined_hosts
get_accounts
get_hosts
get_iot_hosts
get_logins
query_accounts
query_applications
query_hosts
query_iot_hosts
query_iot_hostsV2
query_logins
_endpoint/_discover.py_endpoint/deprecated/_discover.py
Updated: Cosmetic updates to parameter descriptions in 4 operations within the Drift Indicators service collection.
GetDriftIndicatorsValuesByDate
ReadDriftIndicatorsCount
SearchAndReadDriftIndicatorEntities
SearchDriftIndicators
_endpoint/_drift_indicators.py
Updated: Cosmetic update to the
idsparameter in the get_external_assets operation within the Exposure Management service collection._endpoint/_exposure_management.py_endpoint/deprecated/_exposure_management.py
Updated: Cosmetic update to parameter descriptions in 2 operations within the Falcon Container service collection.
ReadRegistryEntitiesByUUID
ReadRegistryEntities
_endpoint/_falcon_container.py
Updated: Cosmetic update to parameter and operation descriptions in 37 operations within the Kubernetes Protection service collection.
ReadClustersByKubernetesVersionCount
ReadClustersByStatusCount
ReadClusterCount
ReadContainersByDateRangeCount
ReadContainerCountByRegistry
ReadVulnerableContainerImageCount
ReadContainerCount
FindContainersByContainerRunTimeVersion
GroupContainersByManaged
ReadContainerImageDetectionsCountByDate
ReadContainerImagesByState
ReadContainersSensorCoverage
ReadContainerVulnerabilitiesBySeverityCount
ReadDeploymentCount
ReadClusterEnrichment
ReadContainerEnrichment
ReadDeploymentEnrichment
ReadNodeEnrichment
ReadPodEnrichment
ReadDistinctContainerImageCount
ReadContainerImagesByMostUsed
ReadKubernetesIomByDateRange
ReadKubernetesIomCount
ReadNamespaceCount
ReadNodesByCloudCount
ReadNodesByContainerEngineVersionCount
ReadNodesByDateRangeCount
ReadNodeCount
ReadPodCount
ReadClusterCombined
ReadRunningContainerImages
ReadContainerCombined
ReadDeploymentCombined
SearchAndReadKubernetesIomEntities
ReadNodeCombined
ReadPodCombined
SearchKubernetesIoms
_endpoint/_kubernetes_protection.py
Updated: Cosmetic updates to the
filter,ifn_regex, andcl_regexparameter descriptions in 1 operation within the IOA Exclusions service collection.queryIOAExclusionsV1
_endpoint/_ioa_exclusions.py
Updated: Cosmetic updates to the
afterparameter description in 2 operations within the IOC service collection.indicator_combined_v1
indicator_search_v1
_endpoint/_ioc.py_endpoint/deprecated/_ioc.py
Updated: Cosmetic updates to
filterparameter descriptions in 2 operations within the Installation Tokens service collection.audit_events_query
tokens_query
_endpoint/_installation_tokens.py_endpoint/deprecated/_installation_tokens.py
Updated: Cosmetic updates to multiple operations within the Intelligence Feeds service collection.
DownloadFeedArchive
ListFeedTypes
QueryFeedArchives
_endpoint/_intelligence_feeds.py
Updated: Cosmetic updates to parameter and header descriptions in 11 operations within the FalconX Sandbox service collection.
GetArtifacts
GetMemoryDumpExtractedStrings
GetMemoryDumpHexDump
GetMemoryDump
GetSummaryReports
GetReports
GetSubmissions
Submit
QueryReports
QuerySubmissions
UploadSampleV2
_endpoint/_falconx_sandbox.py
Updated: Updated parameter descriptions in 29 operations within the FileVantage service collection.
getActionsMixin0
startActions
getContents
getChanges
updatePolicyHostGroups
updatePolicyPrecedence
updatePolicyRuleGroups
getPolicies
createPolicies
updatePolicies
deletePolicies
getScheduledExclusions
createScheduledExclusions
updateScheduledExclusions
deleteScheduledExclusions
updateRuleGroupPrecedence
getRules
createRules
updateRules
deleteRules
getRuleGroups
createRuleGroups
updateRuleGroups
deleteRuleGroups
queryActionsMixin0
queryChanges
highVolumeQueryChanges
queryPolicies
queryRuleGroups
_endpoint/_filevantage.py
Updated: Cosmetic updates to the
afterparameter in 4 operations within the Firewall Management service collection.query_events
query_network_locations
query_rule_groups
query_rules
_endpoint/_firewall_management.py_endpoint/deprecated/_firewall_management.py
Updated: Removed default value from
include_test_databoolean parameter, addedasync_offloadtomodeenum in the CreateSavedSearchesDynamicExecuteV1 operation within the Foundry LogScale service collection._endpoint/_foundry_logscale.py
Updated: Removed default value from
include_test_databoolean parameter in the CreateSavedSearchesExecuteV1 operation within the Foundry LogScale service collection._endpoint/_foundry_logscale.py
Updated: Updated
sortenum values andfilterparameter description in 2 operations within the Host Migration service collection.GetHostMigrationIDsV1
GetMigrationIDsV1
_endpoint/_host_migration.py
Updated: Cosmetic updates to the
action_nameandbodyparameter descriptions within the PerformActionV2 operation of the Hosts service collection._endpoint/_hosts.py
Changed: Changed field used for sort enum in 1 operation from
created_timetoidwithin the Message Center service collection.QueryCasesIdsByFilter
_endpoint/_message_center.py
Updated: Adds missing
fileformData parameter to the UploadLookupV1 operation within the NGSIEM service collection._endpoint/_ngsiem.py
Updated: Adds missing
bodypayload to the StartSearchV1 operation within the NGSIEM service collection._endpoint/_ngsiem.py
Removed: Removed unused operations from the NGSIEM service collection.
_endpoint/_ngsiem.pyngsiem.py
Updated: Cosmetic update to the
tokenparameter description in the oauth2RevokeToken of the OAuth2 service collection._endpoint/_oauth2.py
Updated: Cosmetic updates to parameter descriptions in 2 operations within the Quick Scan service collection.
ScanSamples
QuerySubmissionsMixin0
_endpoint/_quick_scan.py
Updated: Update to the operation description for 1 operation within the Quick Scan Pro service collection.
UploadFileQuickScanPro
_endpoint/_quick_scan_pro.py
Updated: Cosmetic updates to parameter descriptions in 13 operations within the Real Time Response service collection.
RTR_AggregateSessions
BatchActiveResponderCmd
BatchCmd
BatchGetCmdStatus
BatchGetCmd
BatchInitSessions
BatchRefreshSessions
RTR_ExecuteActiveResponderCommand
RTR_ExecuteCommand
RTR_ListQueuedSessions
RTR_PulseSession
RTR_ListSessions
RTR_InitSession
_endpoint/_real_time_response.py_endpoint/deprecated/_real_time_response.py
Updated: Cosmetic updates to parameter description in 4 operations within the Real Time Response Admin service collection.
BatchAdminCmd
RTR_ExecuteAdminCommand
RTR_CreateScripts
RTR_UpdateScripts
_endpoint/_real_time_response_admin.py_endpoint/deprecated/_real_time_response_admin.py
Updated: Cosmetic updates to the
sortandsecondarySortparameter descriptions in the QueryRulesV1 and QueryNotificationsV1 operations within the Recon service collection._endpoint/_recon.py
Updated: Cosmetic updates to parameter descriptions in 5 operations within the Sample Uploads service collection.
ArchiveGetV1
ArchiveUploadV1
ArchiveUploadV2
ExtractionGetV1
UploadSampleV3
_endpoint/_sample_uploads.py
Updated: Cosmetic updates to the
afterparameter description in 2 operations within the Spotlight Evaluation Logic service collection.combinedQueryEvaluationLogic
queryEvaluationLogic
_endpoint/_spotlight_evaluation_logic.py
Updated: Cosmetic updates to the
afterandfilterparameter descriptions in 2 operations within the Spotlight Vulnerabilities service collection. Addscve.base_scoreas a filter option.combinedQueryVulnerabilities
queryVulnerabilities
_endpoint/_spotlight_vulnerabilities.py_
Updated: Updated
edge_type,scopeandvertex_typeenums in 4 operations within the ThreatGraph service collection.combined_edges_get
combined_summary_get
entities_vertices_get
entities_vertices_getv2
_endpoint/_threatgraph.py
Updated: Cosmetic updates to parameter descriptions in 3 operations within the Unidentified Containers service collection.
ReadUnidentifiedContainersByDateRangeCount
ReadUnidentifiedContainersCount
SearchAndReadUnidentifiedContainers
_endpoint/_unidentified_containers.py
Updated: Cosmetic updates to parameter descriptions in 3 operations. Adds filters and updates
sortenum in queryUserV1 operation within the User Management service collection.entitiesRolesV1
createUserV1
CreateUser
_endpoint/_user_management.py
Updated: Cosmetic update to the
action_nameparameter in the WorkflowExecutionsAction operation within the Workflows service collection._endpoint/_workflows.py
Updated: Cosmetic updates to
afterandlimitparameter descriptions in the getAssessmentsByScoreV1 operation within the Zero Trust Assessment service collection._endpoint/_zero_trust_assessment.py
Version 1.4.7
Added features and functionality
Added: Added new Intelligence Feeds service collection with 3 operations.
DownloadFeedArchive
ListFeedTypes
QueryFeedArchives
_endpoint/__init__.py_endpoint/_intelligence_feeds.py__init__.pyintelligence_feeds.py
Unit testing expanded to complete code coverage.
tests/test_intelligence_feeds.py
Added: Added new NGSIEM service collection with 9 operations.
UploadLookupV1
GetLookupV1
GetLookupFromPackageWithNamespaceV1
GetLookupFromPackageV1
StartSearchV1
GetSearchStatusV1
StopSearchV1
CreateFileV1
UpdateFileV1
_endpoint/__init__.py_endpoint/_ngsiem.py_util/_functions.py__init__.pyngsiem.py
Unit testing expanded to complete code coverage.
tests/test_ngsiem.py
Added: Added new Correlation Rules service collection with 6 operations.
combined_rules_get_v1
entities_rules_get_v1
entities_rules_post_v1
entities_rules_delete_v1
entities_rules_patch_v1
queries_rules_get_v1
_endpoint/__init__.py_endpoint/_correlation_rules.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_correlation_rules.py_payload/__init__.py_payload/_correlation_rules.py__init__.pycorrelation_rules.py
Unit testing expanded to complete code coverage.
tests/test_correlation_rules.py
Issues resolved
Resolved:
timezoneargument is not available for the createScheduledExclusions operation within the FileVantage Service Class. Closes #1231._payload/_filevantage.pyfilevantage.pyThanks go out to @security-roberts for identifying and reporting this issue! 🙇
Resolved: Fixed payload handler issue when providing certificate keys via keywords as opposed to providing the
certificatekeyword when using the cb_exclusions_create_v1 operation within the CertificateBasedExclusions service class._payload/_certificate_based_exclusions.py
Resolved: Added error handling for when invalid API responses are received from the GraphQL operation within the Identity Protection service collection.
_util/_functions.py
Resolved: Fixed invalid default body payload for createMLExclusionsV1 operation in MLExclusions Service Class.
ml_exclusions.py
Version 1.4.6
Added features and functionality
Added: Added ExecuteCommandProxy operation to the API Integrations service collection.
_endpoint/_api_integrations.py_payload/_api_integrations.pyapi_integrations.py
Unit testing expanded to complete code coverage.
tests/test_api_integrations.py
Added: Added new ASPM service collection with 23 operations.
UpsertBusinessApplications
GetExecutorNodes
UpdateExecutorNode
CreateExecutorNode
DeleteExecutorNode
GetIntegrationTasks
CreateIntegrationTask
UpdateIntegrationTask
DeleteIntegrationTask
RunIntegrationTask
GetIntegrationTypes
GetIntegrations
CreateIntegration
UpdateIntegration
DeleteIntegration
ExecuteQuery
ServiceNowGetDeployments
ServiceNowGetServices
GetServicesCount
GetServiceViolationTypes
GetTags
UpsertTags
DeleteTags
_endpoint/__init__.py_endpoint/_aspm.py_payload/__init__.py_payload/_aspm.py_util/_functions.py_util/_uber.py__init__.pyaspm.py
Unit testing expanded to complete code coverage.
tests/test_aspm.py
Added: Added 1 new operation (GetCredentialsIAC) to the Cloud Snapshots service collection.
_endpoint/_cloud_snapshots.pycloud_snapshots.py
Unit testing expanded to complete code coverage.
tests/test_cloud_snapshots.py
Added: Added new operations, parameters and parameter options to the Container Images service collection.
Added new CombinedBaseImages operation.
Added new CreateBaseImageEntities operation.
Added new DeleteBaseImages operation.
Added
include_base_image_vulnas a filter option to the AggregateImageCount operation.Added
sourceas a sort option to the GetCombinedImages operation.Added
include_base_image_vulnas a filter option to the ReadCombinedImagesExport operation.Added
sourceas a sort option to the ReadCombinedImagesExport operation.Added
include_base_image_vulnparameter to the CombinedImageIssuesSummary operation.Added
include_base_image_vulnparameter to the CombinedImageVulnerabilitySummary operation._endpoint/_container_images.py_payload/__init__.py_payload/_container.pycontainer_images.py
Unit testing expanded to complete code coverage.
tests/test_container_images.py
Added: Added parameters to multiple operations within the CSPM Registration service collection.
Added
templateparameter to the GetCSPMAwsConsoleSetupURLs operation.Added
account_type,dspm_enabled,dspm_regions, anddspm_roleparameters to the GetCSPMAwsAccountScriptsAttachment operation._endpoint/_cspm_registration.pycspm_registration.py
Added: Added six new operations to the Custom Storage service collection.
ListObjectsByVersion
SearchObjectsByVersion
GetVersionedObject
PutObjectByVersion
DeleteVersionedObject
GetVersionedObjectMetadata
_endpoint/_custom_storage.py_util/_functions.py_util/_uber.pycustom_storage.py
Unit testing expanded to complete code coverage.
tests/test_custom_storage.py
Added: Added
dspm_enabled,dspm_regions, anddspm_roleto the GetD4CAWSAccountScriptsAttachment operation within the D4C Registration service collection._endpoint/_d4c_registration.pyd4c_registration.py
Updated: Added new filter options to all operations within the Compliance Assessment service collection.
_endpoint/__init__.py_endpoint/_compliance_assessments.pycompliance_assessments.py
Added: Added
include_base_image_vulnas an allowed filter option to multiple operations within the Container Vulnerabilities service collection._endpoint/_container_vulnerabilities.pycontainer_vulnerabilities.py
Added: Added new DataScanner service collection with 4 new operations.
get_image_registry_credentials
get_data_scanner_tasks
update_data_scanner_tasks
handle
_endpoint/__init__.py_endpoint/_datascanner.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_datascanner.py__init__.pydatascanner.py
Unit testing expanded to complete code coverage.
tests/test_datascanner.py
Added: Added new DeliverySettings service collection with 2 new operations.
GetDeliverySettings
PostDeliverySettings
_endpoint/__init__.py_endpoint/_delivery_settings.py_payload/__init__.py_payload/_delivery_settings.py__init__.pydelivery_settings.py
Unit testing expanded to complete code coverage.
tests/test_delivery_settings.py
Added: Added combined_applications and combined_hosts operations to the Discover service collection.
_endpoint/_discover.py_endpoint/deprecated/_discover.pydiscover.py
Unit testing expanded to complete code coverage.
tests/test_discover.py
Added: Added new ReadDriftIndicatorEntities operation to the Drift Indicators service collection.
_endpoint/_drift_indicators.pydrift_indicators.py
Unit testing expanded to complete code coverage.
tests/test_drift_indicators.py
Added: Added new Downloads service collection with 2 new operations.
DownloadFile
EnumerateFile
_endpoint/__init__.py_endpoint/_downloads.py__init__.pydownloads.py
Unit testing expanded to complete code coverage.
tests/test_downloads.py
Added: Added new delete_external_assets operation to the Exposure Management service collection.
_endpoint/_exposure_management.py_endpoint/deprecated/_exposure_management.pyexposure_management.py
Added: Added
aidparameter and two new values forenvironment_idto the Submit operation within the Falcon Intelligence Sandbox service collection._endpoint/_falconx_sandbox.pyfalconx_sandbox.py
Added: Added
data_contentparameter to IngestDataAsyncV1 and IngestData operations and addedjob_status_onlyparameter to the GetSavedSearchesExecuteV1 operation within the Foundry LogScale service collection._endpoint/_foundry_logscale.pyfoundry_logscale.py
Updated: Increased resultset max return for the QueryDevicesByFilterScroll operation to align with new API maximums. (Hosts Service Class)
_endpoint/_hosts.pyhosts.py
Added: Added 4 new operations to the Identity Protection service collection. Deprecated
api_preempt_proxy_prefix from all operation IDs.get_policy_rules
post_policy_rules
delete_policy_rules
get_policy_rules_query
_endpoint/_identity_protection.py_endpoint/deprecated/_identity_protection.py_payload/__init__.py_payload/_identity_protection.pyidentity_protection.py
Unit testing expanded to complete code coverage.
tests/test_identity_protection.py
Added: Added
cl_regexandifn_regexparameters to the queryIOAExclusionsV1 operation within the IOA Exclusions service collection._endpoint/_ioa_exclusions.pyioa_exclusions.py
Added: Added 5 new operations to the Kubernetes Protection service collection.
ReadContainerEnrichment
ReadPodEnrichment
ReadDeploymentEnrichment
ReadNamespacesByDateRangeCount
ReadNamespaceCount
_endpoint/_kubernetes_protection.pykubernetes_protection.py
Unit testing expanded to complete code coverage.
tests/test_kubernetes_protection.py
Added: Added new QuickScan Pro service collection with 6 new operations.
UploadFileMixin0Mixin94
DeleteFile
GetScanResult
LaunchScan
DeleteScanResult
QueryScanResults
__init__.py_endpoint/__init__.py_endpoint/_quick_scan_pro.pyquick_scan_pro.py
Unit testing expanded to complete code coverage.
tests/test_quick_scan_pro.py
Added: Added
secondary_sort(Also accepted:secondarySort) parameter to the QueryRulesV1 operation within the Recon service collection._endpoint/_recon.py_recon.py
Added: Added new Sensor Usage service collection with one operation (GetSensorUsageWeekly).
_endpoint/__init__.py_endpoint/_sensor_usage.py__init__.pysensor_usage.py
Unit testing expanded to complete code coverage.
tests/test_sensor_usage.py
Added: Added
is_descendent_processparameter to the updateSensorVisibilityExclusionsV1 operation within the Sensor Visibility Exclusions service collection._payload/_generic.pysensor_visibility_exclusions.py
Added: Added additional vertices types as possible values to the
combined_summary_get,entities_vertices_get, andentities_vertices_getv2operations within the ThreatGraph service collection._endpoint/_threatgraph.py_util/_functions.pythreatgraph.py
Issues resolved
Fixed: Resolve issue causing headers to not be passed to the PutObject operation within the Custom Storage service collection.
custom_storage.py
Updated: Fixed typing syntax on
update_device_tagsmethod. (Hosts Service Class)hosts.py
Fixed: Added "all" as the default for the
groupsparameter if it is not present when calling the createMLExclusionsV1 operation. Closes #1233.ml_exclusions.pyThanks go out to @59e5aaf4 for identifying and reporting this issue! 🙇
Other
Added: Added US-GOV-2 region to CrowdStrike container region (Container Base URL) enumerator.
_enum/_container_base_url.pyThanks go out to @redhatrises for contributing this update! 🙇
Deprecated: Moved the GetQueriesAlertsV1, PostEntitiesAlertsV1, PatchEntitiesAlertsV2, and PostAggregatesAlertsV1 operations within the Alerts service collection to a deprecated status.
_endpoint/_alerts.pyalerts.py
Updated: Cosmetic updates to multiple operation descriptions within the Custom IOA service collection.
_endpoint/_custom_ioa.py_endpoint/deprecated/_custom_ioa.py
Updated: Cosmetic updates to multiple operation descriptions and enumerators within the Host Migration service collection.
_endpoint/_host_migration.py
Updated: Enumerator updated for the QueryCasesIdsByFilter operation within the Message Center service collection.
_endpoint/_message_center.py
Updated: Updated descriptions for GetNotificationsDetailedTranslatedV1 and GetNotificationsDetailedV1 operations within the Recon service collection.
_endpoint/_recon.py_recon.py
Version 1.4.5
Added features and functionality
Added: Added new Host Migration service collection with 10 new operations.
__init__.py_endpoint/__init__.py_endpoint/_host_migration.pyhost_migration.py
Unit testing expanded to complete code coverage.
tests/test_host_migration.py
Added: Added new Certificate Based Exclusions service collection with six new operations.
__init__.py_endpoint/__init__.py_endpoint/_certificate_based_exclusions.py_endpoint/deprecated/_certificate_based_exclusions.py_payload/__init__.py_payload/_certificate_based_exclusions.pycertificate_based_exclusions.py
Unit testing expanded to complete code coverage.
tests/test_certificate_based_exclusions.py
Added: Added new Compliance Assessments service collection with 11 new operations.
__init__.py_endpoint/__init__.py_endpoint/_compliance_assessments.pycompliance_assessments.py
Unit testing expanded to complete code coverage.
tests/test_compliance_assessments.py
Issues resolved
Fixed: Resolved comparison issue with version check helper method.
_version.py
Other
Added: USGOV2 cloud region added to Base URL enumerator.
_enum/_base_url.py
Added: Automatic base URL detection from context objects when available.
_auth_object/_falcon_interface.py
Pinned:
setuptoolspackage pinned to version 70.3.0 to avoid failures with new iterations of setuptools in Azure environments.requirements.txtrequirements-dev.txtsetup.pydev-setup.pyThanks go out to @gansel51 for identifying this issue and contributing a fix! 🙇
Pinned:
zipppackage pinned to version 3.19.1 to avoid a potential vulnerability.requirements-dev.txt
Version 1.4.4
Added features and functionality
Added: Added new API Integrations service collection with two new operations, GetCombinedPluginConfigs and ExecuteCommand.
__init__.py_endpoint/__init__.py_endpoint/_api_integrations.py_payload/__init__.py_payload/_api_integrations.pyapi_integrations.py
Unit testing expanded to complete code coverage.
tests/test_api_integrations.pytests/test_uber.py
Added: Added new allowed parameters for the GetCSPMAwsAccountScriptsAttachment operation within the CSPM Registration service collection.
_endpoint/_cspm_registration.pycspm_registration.py
Added: Added one new operation (update_rules_v2) to the Custom IOA service collection.
_endpoint/_custom_ioa.py_endpoint/deprecated/_custom_ioa.pycustom_ioa.py
Unit testing expanded to complete code coverage.
tests/test_custom_ioa.py
Added: Added new allowed parameters for the GetD4CAWSAccountScriptsAttachment operation within the D4C Registration service collection.
_endpoint/_d4c_registration.pyd4c_registration.py
Added: Added new Exposure Management service collection with 6 new operations.
aggregate_external_assets
blob_download_external_assets
blob_preview_external_assets
get_external_assets
patch_external_assets
query_external_assets
_endpoint/__init__.py_endpoint/_exposure_management.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_exposure_management.py_payload/__init__.py_payload/_exposure_management.py__init__.pyexposure_management.py
Unit testing expanded to complete code coverage.
tests/test_exposure_management.py
Added: Added five new operations to the FileVantage service collection.
getActionsMixin0
startActions
getContents
signalChangesExternal
queryActionsMixin0
_constant/__init__.py_endpoint/_filevantage.py_payload/__init__.py_payload/_filevantage.pyfilevantage.py
Unit testing expanded to complete code coverage.
tests/test_filevantage.py
Added: Added
cql-master,cql-update, andcql-changelogas allowed options for thetypekeyword within the GetLatestIntelRuleFile and QueryIntelRuleIds operations (Intel service collection)._endpoint/_intel.pyintel.py
Added: Added one new operation (RequestDeviceEnrollmentV4) to the Mobile Enrollment service collection.
_endpoint/_mobile_enrollment.py_payload/__init__.py_payload/_mobile_enrollment.pymobile_enrollment.py
Unit testing expanded to complete code coverage.
tests/test_mobile_enrollment.py
Added: Added new ThreatGraph service collection with 5 new operations.
__init__.py_endpoint/__init__.py_endpoint/_threatgraph.py_util/_functions.py_util/uber.pythreatgraph.py
Unit testing expanded to complete code coverage.
tests/test_threatgraph.py
Added: Added two new operations (WorkflowActivitiesCombined and WorkflowTriggersCombined) to the Workflows service collection.
_endpoint/_workflows.pyworkflows.py
Unit testing expanded to complete code coverage.
tests/test_workflows.py
Issues resolved
Fixed: Resolved parameter abstraction issue when leveraging form data payloads with certain API operations. Closes #1160.
_util/__init__.py_util/_functions.pyfalconx_sandbox.pyfoundry_logscale.pymessage_center.pysample_uploads.pyworkflows.py
Unit testing expanding to complete code coverage.
test_falconx_sandbox.pytest_message_center.pytest_sample_uploads.pytest_workflows.pyThanks go out to @Destom for reporting this issue! 🙇
Fixed: Resolved collision with the
actionkeyword argument within the Uber Class and API operations using this string as a key. Closes #1161._util/_uber.pyapi_complete/_advanced.pyThanks go out to @Don-Swanson-Adobe for identifying and reporting this issue! 🙇
Fixed: Resolved potential ValueError when providing invalid values to version comparison method.
_version.py
Unit testing expanded to complete code coverage.
test_timeout.py
Other
Adjusted: Unit testing adjusted to allow 204 responses from DeletePolicy operation testing.
test_image_assessment_policies.py
Expanded: Unit testing expanded to test context authentication when
base_urlis not specified.test_zero_trust_assessment.py
Updated: Updated enumerator for the
sortparameter definition for the QueryCasesIdsByFilter operation (Message Center service collection)._endpoint/_message_center.py
Updated: Updated
filterparameter description for the query_iot_hosts operation within the Discover service collection._endpoint/_discover.py_endpoint/deprecated/_discover.py
Removed: Removed one operation from the Drift Indicators service collection.
ReadDriftIndicatorEntities
_endpoint/_drift_indicators.pydrift_indicators.py
Unit testing revised to complete code coverage.
tests/test_drift_indicators.py
Updated: Updated
sortparameter description for the query_rulesMixin0 operation within the Custom IOA service collection._endpoint/_custom_ioa.py_endpoint/deprecated/_custom_ioa.py
Removed: Removed three operations from the Kubernetes Protection service collection.
ReadContainerEnrichment
ReadDeploymentEnrichment
ReadPodEnrichment
_endpoint/_kubernetes_protection.pykubernetes_protection.py
Unit testing revised to complete code coverage.
tests/test_kubernetes_protection.py
Updated: Updated
filterparameter description for the ReadRunningContainerImages operation within the Kubernetes Protection service collection._endpoint/_kubernetes_protection.py
Version 1.4.3
Added features and functionality
Added: Context Authentication (supports Foundry execution environments).
FalconInterface object refactored to support new authentication mechanism, track mechanism used, add additional comments, and reduce overall complexity.
_auth_object/_falcon_interface.py
ServiceClass object updated to detect Object Authentication and track mechanism used.
_service_class/_service_class.py
New helper method defined to abstract Direct and Credential authentication creation of the _creds dictionary attribute.
_util/__init__.py_util/_auth.py
Class instantiation logging updated to detail authentication mechanism used. Linting and cleanup.
_util/_functions.py
Unit testing expanded to complete code coverage.
tests/test_authentications.pytests/test_result_object.pytests/test_zero_trust_assessment.py
Added: Added UpdateCSPMGCPServiceAccountsExt operation to the CSPM Registration service collection.
_endpoint/_cspm_registration.pycspm_registration.py
Unit testing expanded to complete code coverage.
tests/test_cspm_registration.py
Added: Added UpdateD4CGCPServiceAccountsExt operation to the D4C Registration service collection.
_endpoint/_d4c_registration.pyd4c_registration.py
Unit testing expanded to complete code coverage.
tests/test_d4c_registration.py
Added: Added
content_files,content_registry_values,enable_content_captureandenable_hash_capturearguments to the createRules and updateRules operations within the FileVantage service collection._endpoint/_filevantage.py_payload/_filevantage.pyfilevantage.py
Added: Added
iar_coverageas an allowed filter argument to the ReadClustersByKubernetesVersionCount, ReadClustersByStatusCount, ReadClusterCount, and ReadClusterCombined operations within the Kubernetes Protection service collection._endpoint/_kubernetes_protection.pykubernetes_protection.py
Issues resolved
Fixed: 406 error when uploading Fusion workflows via the WorkflowDefinitionsImport operation. Closes #1145.
workflows.py
Unit testing expanded to complete code coverage.
tests/test_workflows.pytests/test.yml
Thanks go out to @RoemIko for identifying and reporting this issue! 🙇
Fixed: Added missing
force_defaultdecorator to the GetCSPMAwsConsoleSetupURLs and GetCSPMAwsAccountScriptsAttachment operations within the CSPM Registration Service Class.cspm_registration.py
Other
Updated: Updated
sortargument description for the ReadCombinedImagesExport operation (Container Images service collection) within the endpoint module._endpoint/_container_images.py
Updated: Updated
filterargument description for the GetConfigurationDetectionIDsV2 operation (CSPM Registration service collection) within the endpoint module._endpoint/_cspm_registration.py
Updated: Updated enum for the QueryActivityByCaseID operation (Message Center service collection) within the endpoint module.
_endpoint/_message_center.py
Updated: Minor unit testing adjustments to handle updated API responses.
tests/test_container_detections.pytests/test_container_packages.pytests/test_container_vulnerabilities.pytests/test_drift_indicators.pytests/test_unidentified_containers.py
Version 1.4.2
Added features and functionality
Expanded: Environment Authentication functionality has been expanded to allow developers to customize the names of the environment keys used to store API credentials.
_auth_object/_falcon_interface.py_auth_object/_uber_interface.pyoauth2.py
Unit testing expanded to complete code coverage.
tests/test_authentications.py
Added:
include_hiddenargument added to the PostAggregatesAlertsV2, PatchEntitiesAlertsV3, PostEntitiesAlertsV2 and GetQueriesAlertsV2 operations within the Alerts Service Class.alerts.py
Added: Added 4 new operations to the Cloud Snapshots service collection.
ReadDeploymentsCombined
ReadDeploymentsEntities
CreateDeploymentEntity
GetScanReport
_endpoint/_cloud_snapshots.py_payload/__init__.py_payload/_cloud_snapshots.pycloud_snapshots.py
Unit testing expanded to complete code coverage.
tests/test_cloud_snapshots.py
Added: Added GetRuntimeDetectionsCombinedV2 to the Container Detections service collection.
_endpoint/_container_detections.pycontainer_detections.py
Unit testing expanded to complete code coverage.
tests/test_container_detections.py
Added: Added 3 new operations to the CSPM Registration service collection.
DeleteCSPMAzureManagementGroup
GetCSPMGCPValidateAccountsExt
ValidateCSPMGCPServiceAccountExt
_endpoint/_cspm_registration.py_payload/__init__.py_payload/_cspm_registration.pycspm_registration.py
Unit testing expanded to complete code coverage.
tests/test_cspm_registration.py
Added: Added query_iot_hostsV2 operation to the Discover service collection.
_endpoint/_discover.py_endpoint/deprecated/_discover.pydiscover.py
Unit testing expanded to complete code coverage.
tests/test_discover.py
Added: Added AggregateSupportIssues operation to the Falcon Complete Dashboard service collection.
_endpoint/_falcon_complete_dashboard.pyfalcon_complete_dashboard.py
Unit testing expanded to complete code coverage.
tests/test_falcon_complete_dashboard.py
Added: Added IngestDataAsyncV1 operation to the Foundry LogScale service collection.
_endpoint/_foundry_logscale.pyfoundry_logscale.py
Unit testing expanded to complete code coverage.
tests/test_foundry_logscale.py
Added: Added
infer_json_typesandmatch_response_schemaarguments to the CreateSavedSearchesDynamicExecuteV1, GetSavedSearchesExecuteV1 and CreateSavedSearchesExecuteV1 operations within the Foundry LogScale service collection._endpoint/_foundry_logscale.pyfoundry_logscale.py
Added: Added
infer_json_typesargument to the GetSavedSearchesJobResultsDownloadV1 operation within the Foundry LogScale service collection._endpoint/_foundry_logscale.pyfoundry_logscale.py
Added: Added 3 new operations to the Intel service collection.
GetMalwareEntities
QueryMalware
QueryMitreAttacksForMalware
_endpoint/_intel.pyintel.py
Unit testing expanded to complete code coverage.
tests/test_intel.py
Added: Added 4 new operations to the Sensor Download service collection.
GetCombinedSensorInstallersByQueryV2
DownloadSensorInstallerByIdV2
GetSensorInstallersEntitiesV2
GetSensorInstallersByQueryV2
_endpoint/_sensor_download.pysensor_download.py
Unit testing expanded to complete code coverage.
tests/test_sensor_download.py
Added: Added
sanitizeargument to the WorkflowDefinitionsExport operation within the Workflows service collection._endpoint/_workflows.pyworkflows.py
Added: Added 2 new operations to the Workflows service collection.
WorkflowExecuteInternal
WorkflowMockExecute
_endpoint/workflows.py_payload/__init__.py_payload/_workflows.pyworkflows.py
Unit testing expanded to complete code coverage.
tests/test_workflows.py
Issues resolved
Fixed: Resolved parsing issue with formData arguments provided to the ArchiveUploadV2 operation within the SampleUploads Service Class. Closes #1122.
sample_uploads.py
Fixed: Resolved conversion issue with query string boolean parameters not being properly converted to lowercase before API submission. Closes #1129.
_util/_functions.py
Other
Updated: Updated
bodyargument description for the PatchEntitiesAlertsV3 operation within the endpoint module._endpoint/_alerts.py
Updated: Added
highest_cps_current_ratingas an allowed sort parameter to the ReadCombinedImagesExport operation within the Container Images service collection._endpoint/_container_images.py
Updated: Added
watch_permissions_key_changesoption to the createRules operation within the FileVantage service collection._endpoint/_filevantage.py
Updated: Updated operation and argument descriptions in the deprecated IOCS service collection.
_endpoint/_iocs.py
Updated: Added
preventedas an allowed filter to the ReadKubernetesIomByDateRange, ReadKubernetesIomCount, SearchAndReadKubernetesIomEntities and SearchKubernetesIoms operations within the Kubernetes Protection service collection._endpoint/_kubernetes_protection.py
Updated: Updated the
bodyargument description for the BatchAdminCmd and RTR_ExecuteAdminCommand operations within the Real Time Response Admin service collection._endpoint/_real_time_response_admin.py_endpoint/deprecated/_real_time_response_admin.py
Updated: Updated the
bodyargument description for the BatchActiveResponderCmd, BatchCmd, RTR_ExecuteActiveResponderCommand, and RTR_ExecuteCommand operations within the Real Time Response service collection._endpoint/_real_time_response.py_endpoint/deprecated/_real_time_response.py
Removed: The CreateInventory operation is removed from the Cloud Snapshots Service Class.
_payload/__init__.py_payload/_cloud_snapshots.pycloud_snapshots.py
Unit testing updated to reflect current functionality.
tests/test_cloud_snapshots.py
Removed: The WorkflowDefinitionsCreate operation is removed from the Workflows service collection.
_endpoint/_workflows.pyworkflows.py
Unit testing updated to reflect current functionality.
tests/test_workflows.py
Version 1.4.1
Added features and functionality
Added:
include_hiddenargument added to the PostAggregatesAlertsV2, PostEntitiesAlertsV2, PatchEntitiesAlertsV3 and GetQueriesAlertsV2 operations._endpoint/_alerts.py
Added: ReadContainerAlertsCountBySeverity operation added to the Container Alerts service collection.
_endpoint/_container_alerts.pycontainer_alerts.py
Unit testing expanded to complete code coverage.
tests/test_container_alerts.py
Added:
cspm_liteargument added to the GetCSPMAwsAccount and GetCSPMAzureAccount operations within the CSPM Registration service collection._endpoint/_cspm_registration.pycspm_registration.py
Added:
azure_management_groupargument added to the GetCSPMAzureUserScriptsAttachment operation within the CSPM Registration service collection._endpoint/_cspm_registration.pycspm_registration.py
Added: 9 new operations added to the CSPM Registration service collection.
GetCSPMAzureManagementGroup
CreateCSPMAzureManagementGroup
GetCSPMCGPAccount
CreateCSPMGCPAccount
DeleteCSPMGCPAccount
UpdateCSPMGCPAccount
ConnectCSPMGCPAccount
GetCSPMGCPServiceAccountsExt
GetCSPMGCPUserScriptsAttachment
_endpoint/_cspm_registration.py_payload/_cspm_registration.pycspm_registration.py
Unit testing expanded to complete code coverage.
tests/test_cspm_registration.py
Added:
azure_management_groupargument added to the GetDiscoverCloudAzureUserScriptsAttachment operation within the D4C Registration service collection._endpoint/_d4c_registration.pyd4c_registration.py
Added: 4 new operations added to the D4C Registration service collection.
DeleteD4CGCPAccount
ConnectD4CGCPAccount
GetD4CGCPServiceAccountsExt
GetD4CGCPUserScriptsAttachment
_endpoint/_d4c_registration.py_payload/_d4c_registration.pyd4c_registration.py
Unit testing expanded to complete code coverage.
tests/test_d4c_registration.py
Added:
execution_cidargument added to the WorkflowExecute operation within the Workflows service collection._endpoint/_workflows.pyworkflows.py
Added: New service collection Image Assessment Policies containing 11 new operations.
ReadPolicies
CreatePolicies
UpdatePolicies
DeletePolicy
ReadPolicyExclusions
UpdatePolicyExclusions
ReadPolicyGroups
CreatePolicyGroups
UpdatePolicyGroups
DeletePolicyGroup
UpdatePolicyPrecedence
_endpoint/__init__.py_endpoint/_image_assessment_policies.py
3 new payload handlers are added.
_payload/__init__.py_payload/_container.py__init__.pyimage_assessment_policies.py
Unit testing expanded to complete code coverage.
tests/test_image_assessment_policies.py
Added: 8 new operations added to the Workflows service collection.
WorkflowDefinitionsCombined
WorkflowExecutionsCombined
WorkflowDefinitionsExport
WorkflowDefinitionsImport
WorkflowDefinitionsUpdate
WorkflowDefinitionsCreate
WorkflowGetHumanInputV1
WorkflowUpdateHumanInputV1
_endpoint/_workflows.pyworkflows.py
2 new payload handlers are added.
_payload/__init__.py_payload/_workflows.py
Unit testing expanded to complete code coverage.
tests/test_workflows.py
Issues resolved
Fixed:
member_cidargument is not being passed to the authentication event when leveraging Environment Authentication. Closes #1105._auth_object/_falcon_interface.py
Fixed:
rule_idsis not included in body payloads when the list is empty for the update_rule_groups operation within the Firewall Management Service Class. Closes #1107._payload/_firewall.py
Fixed: Added missing actions to _allowed_actions validator within
PerformActionV2method of the Hosts service collection. Closes #1108.hosts.pyThanks go out to @i-shubham01 for identifying and resolving this issue! 🙇
Other
Updated: Enums added to GetCSPMAwsAccount and GetCSPMAwsConsoleSetupURLs operations within the CSPM Registration endpoint module.
_endpoint/_cspm_registration.py
Updated: Several parameter descriptions within the Custom IOA endpoint module updated.
_endpoint/_custom_ioa.py_endpoint/deprecated/_custom_ioa.py
Updated: Enum updated within the GetD4CAwsAccount operation of the D4C Registration endpoint module.
_endpoint/_d4c_registration.py
Updated: Parameter description for the Submit operation within the Falcon Intelligence Sandbox endpoint module updated.
_endpoint/_falconx_sandbox.py
Updated: Multiple parameter descriptions within the Kubernetes Protection endpoint module updated.
_endpoint/_kubernetes_protection_.py
Updated: Enum updated within the QueryActivityByCaseID operation of the Message Center endpoint module.
_endpoint/_message_center.py
Version 1.4.0
Other
Dropped: Python 3.6 support.
Unit testing adjusted to reflect supported versions.
README.mdSECURITY.mdsetup.py
Refactored: Simple private child objects within the APIRequest object updated to leverage data classes.
_api_request/_request_connection.py_api_request/_request_payloads.py_api_request/_request_validator.py
Version 1.3.5
Added features and functionality
Added: 4 new operations added to the Alerts service collection.
PostAggregateAlertsV2
PostEntitiesAlertsV2
PatchEntitiesAlertsV3
GetQueriesAlertsV2
_endpoint/_alerts.pyalerts.py
Unit testing expanded to complete code coverage.
tests/test_alerts.py
Added:
source_event_urlargument added to the WorkflowExecute operation definition within the endpoint module._endpoint/_workflows.py
Added: New Configuration Assessment service collection providing 2 new operations.
getCombinedAssessmentsQuery
getRuleDetails
_endpoint/__init__.py_endpoint/_configuration_assessment.py__init__.pyconfiguration_assessment.py
Unit testing expanded to complete code coverage.
tests/test_configuration_assessment.py
Added: New Configuration Assessment Evaluation Logic service collection providing 1 new operation.
getEvaluationLogicMixin0
_endpoint/__init__.py_endpoint/_configuration_assessment_evaluation_logic.py__init__.pyconfiguration_assessment_evaluation_logic.py
Unit testing expanded to complete code coverage.
tests/test_configuration_assessment_evaluation_logic.py
Added: New Container Alerts service collection providing 2 new operations.
ReadContainerAlertsCount
SearchAndReadContainerAlerts
_endpoint/__init__.py_endpoint/_container_alerts.py__init__.pycontainer_alerts.py
Unit testing expanded to complete code coverage.
tests/test_container_alerts.py
Added: New Container Detections service collection providing 6 new operations.
ReadDetectionsCountBySeverity
ReadDetectionsCountByType
ReadDetectionsCount
ReadCombinedDetections
ReadDetections
SearchDetections
_endpoint/__init__.py_endpoint/_container_detections.py__init__.pycontainer_detections.py
Unit testing expanded to complete code coverage.
tests/test_container_detections.py
Added: New Container Images service collection providing 10 new operations.
AggregateImageAssessmentHistory
AggregateImageCountByBaseOS
AggregateImageCountByState
AggregateImageCount
GetCombinedImages
CombinedImageByVulnerabilityCount
CombinedImageDetail
ReadCombinedImagesExport
CombinedImageIssuesSummary
CombinedImageVulnerabilitySummary
_endpoint/__init__.py_endpoint/_container_images.py__init__.pycontainer_images.py
Unit testing expanded to complete code coverage.
tests/test_container_images.py
Added: New Container Packages service collection providing 5 new operations.
ReadPackagesCountByZeroDay
ReadPackagesByFixableVulnCount
ReadPackagesByVulnCount
ReadPackagesCombinedExport
ReadPackagesCombined
_endpoint/__init__.py_endpoint/_container_packages.py__init__.pycontainer_packages.py
Unit testing expanded to complete code coverage.
tests/test_container_packages.py
Added: New Container Vulnerabilities service collection providing 10 new operations.
ReadCombinedVulnerabilities
ReadCombinedVulnerabilitiesInfo
ReadCombinedVulnerabilitiesDetails
ReadVulnerabilitiesPublicationDate
ReadVulnerabilitiesByImageCount
ReadVulnerabilityCount
ReadVulnerabilityCountBySeverity
ReadVulnerabilityCountByCPSRating
ReadVulnerabilityCountByCVSSScore
ReadVulnerabilityCountByActivelyExploited
_endpoint/__init__.py_endpoint/_container_vulnerabilities.py__init__.pycontainer_vulnerabilities.py
Unit testing expanded to complete code coverage.
tests/test_container_vulnerabilities.py
Added:
next_tokenargument added to the GetConfigurationDetectionIDsV2 operation within the CSPM Registration service collection._endpoint/_cspm_registration.pycspm_registration.py
Added: New Drift Indicators service collection providing 5 new operations.
GetDriftIndicatorsValuesByDate
ReadDriftIndicatorsCount
SearchAndReadDriftIndicatorEntities
ReadDriftIndicatorEntities
SearchDriftIndicators
_endpoint/__init__.py_endpoint/_drift_indicators.py__init__.pydrift_indicators.py
Unit testing expanded to complete code coverage.
tests/test_drift_indicators.py
Added: 3 new operations added to the Falcon Complete Dashboard service collection.
AggregatePreventionPolicy
AggregateSensorUpdatePolicy
AggregateTotalDeviceCounts
_endpoint/_falcon_complete_dashboard.pyfalcon_complete_dashboard.py
Unit testing expanded to complete code coverage.
tests/test_falcon_complete_dashboard.py
Added: New arguments added to 5 operations within the Foundry LogScale service collection. 2 arguments are removed from 1 operation.
check_test_datais added to ListReposV1.app_idis added to CreateSavedSearchesDynamicExecuteV1.app_idis added to GetSavedSearchesExecuteV1.app_idis added to CreateSavedSearchesExecuteV1.check_test_datais added to ListViewV1.The duplicative query string parameter arguments
modeandversionhave been removed from CreateSavedSearchesExecuteV1._endpoint/_foundry_logscale.pyfoundry_logscale.py
Unit testing expanded to complete code coverage.
tests/test_foundry_logscale.py
Added: 1 new operation added to the Hosts service collection.
QueryDeviceLoginHistoryV2
_endpoint/_hosts.pyhosts.py
Unit testing expanded to complete code coverage.
tests/test_hosts.py
Added: 3 new operations added to the IOC service collection. These operations replace legacy operations from the deprecated IOCS service collection.
indicator_get_device_count_v1 replaces DevicesCount.
indicator_get_devices_ran_on_v1 replaces DevicesRanOn.
indicator_get_processes_ran_on_v1 replaces ProcessRanOn.
_endpoint/_ioc.py_endpoint/deprecated/_ioc.pyioc.py
Unit testing expanded to complete code coverage.
tests/test_ioc.py
Added: 41 new operations added to the Kubernetes Protection service collection.
ReadClustersByDateRangeCount
ReadClustersByKubernetesVersionCount
ReadClustersByStatusCount
ReadClusterCount
ReadContainersByDateRangeCount
ReadContainerCountByRegistry
FindContainersCountAffectedByZeroDayVulnerabilities
ReadVulnerableContainerImageCount
ReadContainerCount
FindContainersByContainerRunTimeVersion
GroupContainersByManaged
ReadContainerImageDetectionsCountByDate
ReadContainerImagesByState
ReadContainersSensorCoverage
ReadContainerVulnerabilitiesBySeverityCount
ReadDeploymentsByDateRangeCount
ReadDeploymentCount
ReadClusterEnrichment
ReadContainerEnrichment
ReadDeploymentEnrichment
ReadNodeEnrichment
ReadPodEnrichment
ReadDistinctContainerImageCount
ReadContainerImagesByMostUsed
ReadKubernetesIomByDateRange
ReadKubernetesIomCount
ReadNodesByCloudCount
ReadNodesByContainerEngineVersionCount
ReadNodesByDateRangeCount
ReadNodeCount
ReadPodsByDateRangeCount
ReadPodCount
ReadClusterCombined
ReadRunningContainerImages
ReadContainerCombined
ReadDeploymentCombined
SearchAndReadKubernetesIomEntities
ReadNodeCombined
ReadPodCombined
ReadKubernetesIomEntities
SearchKubernetesIoms
_endpoint/_kubernetes_protection.pykubernetes_protection.py
Unit testing expanded to complete code coverage.
tests/test_kubernetes_protection.py
Added: 1 new operation added to the ODS service collection.
get_scans_by_scan_ids_v2
get_scans_by_scan_ids_v1 has been deprecated. The PEP8 method
get_scanshas been redirected to the new operation. Developers wanting to leverage the legacy operation should callget_scans_v1orget_scans_by_scan_ids_v1._endpoint/_ods.py_endpoint/deprecated/_ods.pyods.py
Unit testing expanded to complete code coverage.
tests/test_ods.py
Added: 2 new operations added to the Real Time Response Admin service collection.
RTR_GetFalconScripts
RTR_ListFalconScripts
_endpoint/_real_time_response_admin.py_endpoint/deprecated/_real_time_response_admin.pyreal_time_response_admin.py
Unit testing expanded to complete code coverage.
tests/test_real_time_response_admin.py
Added: New Unidentified Containers service collection providing 3 new operations.
ReadUnidentifiedContainersByDateRangeCount
ReadUnidentifiedContainersCount
SearchAndReadUnidentifiedContainers
_endpoint/__init__.py_endpoint/_unidentified_containers.py__init__.pyunidentified_containers.py
Unit testing expanded to complete code coverage.
tests/test_unidentified_containers.py
Issues resolved
Fixed:
batch_idandbatch_get_cmd_req_idnot available on pythonic Result object._result/_result.py
Fixed: Pythonic responses not properly populating Result object resources attribute when a dictionary is returned for the resources branch.
_result/_result.py
Fixed:
trace_idproperty is not available on Result objects that do not contain a Meta attribute._result/_headers.py_result/_result.py
Fixed: Changes the datatype for the
idsargument within the GetCSPMPolicy operation fromstringtointeger._endpoint/_cspm_registration.py
Other
Fixed: A typo that incorrectly listed the default value for the
limitkeyword was resolved in the QueryDetects operation docstring. Closes #1089.detects.py
Refactored: Reduced complexity within the Result object constructor method by abstracting construction logic to a new method.
_result/_result.py
Regenerated: Updated endpoint module to align to new library automation, resulting in cosmetic changes to description fields.
_endpoint/*
Renamed: RetrieveUser operation has been renamed to retrieveUser within the User Management service collection.
_endpoint/_user_management.py
Deprecated: Adds additional deprecated operation IDs to the Firewall Management service collection.
_endpoint/_firewall_management.py
Fixed: Resolves a constant naming typo within the endpoint module for the Cloud Snapshots service collection.
_endpoint/__init__.py_endpoint/_cloud_snapshots.pycloud_snapshots.py
Fixed: Endpoint definition mismatch in UploadSampleV3 operation within the Sample Uploads service collection.
_endpoint/_sample_uploads.py
Fixed: Endpoint definition mismatch in UploadSampleV2 operation within the Falcon Intelligence Sandbox service collection.
_endpoint/_falconx_sandbox.py
Unit testing expanded to complete code coverage.
tests/test_falconx_sandbox.py
Version 1.3.4
Added features and functionality
Added: Use a Service Class or the Uber Class as a context manager.
Leveraging this functionality will automatically revoke your bearer token on context manager exit.
_auth_object/_uber_interface.py_service_class/_service_class.py
Added:
app_idkeyword added to CreateSavedSearchesIngestV1 operation.foundry_logscale.py
Unit testing expanded to complete code coverage.
tests/test_foundry_logscale.py
Issues resolved
Fixed: update_policy_container operation payload handler is missing the
policy_idkey. Closes #1068._payload/_firewall.py
Expanded unit testing to complete code coverage.
tests/test_firewall_management.py
Fixed:
afterproperty is missing from the Meta object. Closes #1069._result/_meta.py_result/_result.py
Fixed: Payload handler for tokens_update operation is not properly passing the
revokedkey. Closes #1074.installation_tokens.py
Fixed: API operations generating leveraging the raw attribute are not properly displaying results when leveraging result object expansion. Closes #1076.
_result/_result.py
Fixed: Per-operation pythonic override is not working as expected. Closes #1078.
_util/_functions.py
Other
Changed: Updated field mapping for Uber Class path variables to a cleaner solution.
_util/_uber.py
Removed: The unsupported actions
add-rule-groupandremove-rule-groupare removed from the performFirewallPoliciesAction operation. Relates to #1059.firewall_policies.py
Version 1.3.3
Added features and functionality
Added: Deprecation warnings for deprecated classes and operations. Closes #1055.
_endpoint/__init__.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_mapping.py_error/__init__.py_error/_warnings.py_service_class/_service_class.py_util/__init__.py_util/_functions.py
Added: New Custom Storage service collection.
__init__.py_endpoint/__init__.py_endpoint/_custom_storage.py_util/_functions.pycustom_storage.py
Expanded unit testing to complete code coverage.
tests/test_custom_storage.py
The following new operations are provided by this service collection:
ListObjects
SearchObjects
GetObject
PutObject
DeleteObject
GetObjectMetadata
Added: New Workflows service collection.
__init__.py_endpoint/__init__.py_endpoint/_workflows.py_endpoint/_workflows.py_payload/__init__.py_payload/_generic.py_payload/_workflows.pyworkflows.py
Expanded unit testing to complete code coverage.
tests/test_workflows.py
The following new operations are provided by this service collection:
WorkflowExecute
WorkflowExecutionsAction
WorkflowExecutionResults
WorkflowSystemsDefinitionsDeProvision
WorkflowSystemsDefinitionsPromote
WorkflowSystemsDefinitionsProvision
Added: New Real Time Response Audit service collection.
__init__.py_endpoint/__init__.py_endpoint/_real_time_response_audit.pyreal_time_response_audit.py
Expanded unit testing to complete code coverage.
tests/test_real_time_response_audit.py
The following new operations are provided by this service collection:
RTRAuditSessions
Added: New Foundry LogScale service collection.
__init__.py_endpoint/__init__.py_endpoint/_foundry_logscale.py_payload/__init__.py_payload/_foundry.pyfoundry_logscale.py
Expanded unit testing to complete code coverage.
tests/test_foundry_logscale.py
The following new operations are provided by this service collection:
ListReposV1
ListViewV1
IngestDataV1
CreateSavedSearchesDynamicExecuteV1
GetSavedSearchesExecuteV1
CreateSavedSearchesExecuteV1
CreateSavedSearchesIngestV1
GetSavedSearchesJobResultsDownloadV1
Issues resolved
Fixed: Error when trying to directly import falconpy module (no package installation). Closes #1056.
_auth_object/_falcon_interface.py_util/_functions.pyThanks go out to @tsullivan06 for identifying and reporting this issue. 🙇
Fixed: Legacy Uber Class is not logging Operation ID in debug logs. Closes #1057.
api_complete/_legacy.py
Fixed: Can not use
add-rule-groupandremove-rule-groupactions with theperformFirewallPoliciesActionoperation. Closes #1059.firewall_policies.pyThanks go out to @api-clobberer for identifying and reporting this issue. 🙇
Version 1.3.2
This release resolves a breaking change introduced in Version 1.3.0. This issue presents itself when developers attempt to call the
authenticatedmethod directly from theOAuth2Service Class. Review issue #1043 for more detail.
Added features and functionality
Added: Expanded the Uber Class into a submodule, and restored the 1.2.16 version of this class as
APIHarness. This class is now DEPRECATED. The 1.3.0 version of this class is now namedAPIHarnessV2(The advanced Uber Class) ._auth_object/_base_falcon_auth.py_auth_object/_falcon_interface.py_auth_object/_uber_interface.pyapi_complete/__init__.pyapi_complete/_advanced.pyapi_complete/_legacy.py__init__.py
Expanded unit testing to complete code coverage.
tests/test_authorizations.pytests/test_falcon_container.pytests/test_uber_api_complete.pytests/test_uber.py
Issues resolved
Fixed: Error generated when trying leverage the legacy
authenticatedlambda method handler within theOAuth2Service Class. Closes #1043._auth_object/_base_falcon_auth.py_auth_object/_falcon_interface.py_service_class/_service_class.pyoauth2.py
Expanded unit testing to complete code coverage.
tests/test_service_class.pyThanks go out to @morcef for identifying and reporting this issue. 🙇
Fixed: Type check failure when creating a mock of the
OAuth2Service Class. Relates to #1043._service_class/_base_service_class.pyThanks go out to @davidt99 for identifying / reporting this issue and providing the fix. 🙇
Version 1.3.1
Added features and functionality
Added: 1 new operation added (
highVolumeQueryChanges) from the FileVantage service collection._endpoint/_filevantage.pyfilevantage.py
Unit testing expanded to complete code coverage.
tests/test_filevantage.py
Added: Warn when providing API arguments that are unnecessarily URLEncoded. Closes #850.
_error/__init__.py_error/_warnings.py_util/_functions.py_util/_uber.py__init__.pyThanks go out to @aboese for suggesting this enhancement. 🙇
Added:
add_commentkeyword added to the PerformIncidentAction operation within the Incidents Service Class. Closes #1003._payload/_incidents.pyincidents.py
Unit testing expanded to complete code coverage.
tests/test_incidents.pyThanks go out to @morcef for suggesting this enhancement. 🙇
Added:
add-rule-groupandremove-rule-groupoptions added to performFirewallPoliciesAction operation in the Firewall Policies service collection._endpoint/_firewall_policies.pyfirewall_policies.py
Added: Sort by
alert_idsoption added to QueryBehaviors operation in the _Incidents service collection._endpoint/_incidents.py
Added: AggregateAlerts and QueryAlertIdsByFilter operations added to the Falcon Complete Dashboard service collection.
_endpoint/_falcon_complete_dashboard.pyfalcon_complete_dashboard.py
Unit testing expanded to complete code coverage.
tests/test_falcon_complete_dashboard.py
Added: GetCombinedImages operation added to the Falcon Container service collection.
_endpoint/_falcon_container.pyfalcon_container.py
Unit testing expanded to complete code coverage.
test_falcon_container.py
Added:
idskeyword argument added to GetIntelReportPDF and QueryMitreAttacks operations.if_none_matchandif_modified_sincekeyword arguments added to GetLatestIntelRuleFile operation. Intel service collection._endpoint/_intel.pyintel.py
Unit testing expanded to complete code coverage.
test_intel.py
Added: Override functionality - All service classes are now able to call manually specified operation endpoints via the
overridemethod. This method mirrors functionality provided by theoverridekeyword within the Uber Class._service_class.py
Added: 23 new operations added to the FileVantage service collection.
updatePolicyHostGroups
updatePolicyPrecedence
updatePolicyRuleGroups
getPolicies
createPolicies
deletePolicies
updatePolicies
getScheduledExclusions
createScheduledExclusions
deleteScheduledExclusions
updateScheduledExclusions
updateRuleGroupPrecedence
getRules
createRules
deleteRules
updateRules
getRuleGroups
createRuleGroups
deleteRuleGroups
updateRuleGroups
highVolumeQueryChanges
queryRuleGroups
queryScheduledExclusions
queryPolicies
_endpoint/_filevantage.pyfilevantage.py
4 new payload handlers were implemented.
_payload/__init__.py_payload/_filevantage.py
Unit testing expanded to complete code coverage.
tests/test_filevantage.py
Added: A new service collection, Cloud Snapshots was implemented with three new operations (GetCredentialsMixin0, CreateInventory, and RegisterCspmSnapshotAccount).
_endpoint/__init__.py_endpoint/_cloud_snapshots.py__init__.pycloud_snapshots.py
Two new payload handlers were implemented.
_payload/__init__.py_payload/_cloud_snapshots.py
Unit testing expanded to complete code coverage.
tests/test_cloud_snapshot.py
Added: 3 new operations added to the Identity Protection service collection (GetSensorAggregates, GetSensorDetails, and QuerySensorsByFilter).
_endpoint/_identity_protection.pyidentity_protection.py
Unit testing expanded to complete code coverage.
tests/test_identity_protection.py
Issues resolved
Fixed: API errors generated by the Uber Class do not stop execution when in pythonic mode.
api_complete.py
Fixed: Result object failure on JSON formatted list response from report_executions_download_get operation within the Report Executions service collection. Closes #1033.
_result/result.py
Other
Deprecated: deleteCIDGroupMembersV1 is now deprecated. Calls to deleteCIDGroupMembers are now redirected to deleteCIDGroupMembersV2. MSSP service collection.
_endpoint/_mssp.pymssp.py
Unit testing expanded to complete code coverage.
test_mssp.py
Version 1.3.0
Developer Enhancements Release 🎉
Added features and functionality
Added: Developer Extensibility features - Enhanced existing programmatic architecture with new objects and submodules to address technical debt and provide developers with the necessary structures to easily extend core library functionality.
APIHarness - Derivative and an interface class commonly referred to as the Uber Class, APIHarness has been refactored to inherit common functionality provided by the FalconInterface class, remove technical debt, add typing, and expand available operations and extensibility features.
api_complete.py
APIRequest - Simple interface class comprised of multiple data classes that is leveraged for managing the components of a request sent to the CrowdStrike API. This is a new object.
_api_request/__init__.py_api_request/_request.py_api_request/_request_behavior.py_api_request/_request_connection.py_api_request/_request_meta.py_api_request/_request_payloads.py_api_request/_request_validator.py
Constant submodule - Stores global constants used throughout the library. This is a new module implemented to store new and pre-existing constants.
_constant/__init__.py
Enum submodule - Stores enumerators available within the library. This is a new module implemented to store pre-existing enumerators.
_enum/__init__.py_enum/_base_url.py_enum/_container_base_url.py_enum/_token_fail_reason.py
Error submodule - Provides python native errors and warnings. This is a new module.
_error/__init__.py_error/_exceptions.py_error/_warnings.py
FalconInterface - Interface class that handles authentication and state management, also referred to as the authentication object or the
auth_object. Refactored to address technical debt and add new functionality._auth_object/__init__.py_auth_object/_base_falcon_auth.py_auth_object/_bearer_token.py_auth_object/_falcon_interface.py_auth_object/_interface_config.py_auth_object/_uber_interface.py
Log submodule - Provides debug logging functionality. This is a new module.
_log/__init__.py_log/_facility.py
Result - Complex interface class that is leveraged to parse and return results received from the CrowdStrike API. This class has been refactored to address technical debt and provide new developer functionality and extensibility. Default behavior for requests received from the CrowdStrike API remains unchanged (results are returned as a Python dictionary). Expanded functionality provides developers the ability to handle received responses as python structures, allowing for easy iteration and processing without having to handle a dictionary.
_result/__init__.py_result/_base_resource.py_result/_base_dictionary.py_result/_errors.py_result/_expanded_result.py_result/_headers.py_result/_meta.py_result/_resources.py_result/_response_component.py_result/_result.py
ServiceClass - Interface class leveraged by Service Classes to provide common functionality. This class has also been refactored to expand on functionality provided by the FalconInterface class, remove technical debt, add typing and expand extensibility features.
_service_class/_init__.py_service_class/_base_service_class.py_service_class/_service_class.py
Util submodule - Functions and utilities library containing both private and public methods. This is a new module implemented to store new and pre-existing functions.
_util/__init__.py_util/_auth.py_util/_functions.py_util/_uber.py
Added: Debug logging - Native debug logging can now be activated per class upon construction. Logs are sanitized by default.
Log sanitization can also be disabled when instantiating the class.
Local unit testing has been expanded to take advantage of this functionality. To activate, set the environment variable
FALCONPY_UNIT_TEST_DEBUGtoDEBUG._log/__init__.py_log/_facility.py
Added: Environment Authentication - New authentication mechanism that retrieves CrowdStrike API credentials that are pre-defined as variables within the runtime environment. These environment variables must be named
FALCON_CLIENT_IDandFALCON_CLIENT_SECRETand both must be present in order for this mechanism to be used. Environment Authentication is the last mechanism attempted, meaning all other authentication mechanisms will take precedence._auth_object/_falcon_interface.py
Added: Pythonic response handling - Allows for the handling of responses received from the CrowdStrike API as pythonic structures as opposed to dictionaries.
_result/__init__.py_result/_base_resource.py_result/_base_dictionary.py_result/_errors.py_result/_expanded_result.py_result/_headers.py_result/_meta.py_result/_resources.py_result/_response_component.py_result/_result.py
Added: Pythonic errors and warnings - Leverages native Python exceptions to implement error and warning handling.
_error/__init__.py_error/_exceptions.py_error/_warnings.py
Added: Typing - Type hints have been added throughout the library. This is an ongoing initiative.
Issues resolved
Fixed: Unusual responses from operations within the Falcon Container service collection.
_result/_result.py_util/_functions.py
Fixed: Uber Class functionality using operations within the OAuth2 service collection. Closes #835.
api_complete.py_auth_object/_falcon_interface.py_auth_object/_uber_interface.py
Fixed: Inbound strings provided to the
credsandproxykeywords are not automatically converted to dictionaries. Closes #909._auth_object/_falcon_interface.py
Fixed: Fixed missing facet keyword in follow request for vulnerabilities - Grab CVEs for CID sample. Closes #1004.
samples/spotlight/spotlight_grab_cves_for_cid.py
Fixed: IDs are not being migrated to the body payload when calling the
PostEntitiesAlertsV1operation. Closes #1016._constant/__init__.pyThanks to @tsullivan06 for identifying this issue! 🙇
Other
Expanded: Unit testing expanded to complete code coverage.
Updated: Added column prune keyword to Grab CVEs by CID sample. Closes #1005.
samples/spotlight/spotlight_grab_cves_for_cid.py
PLEASE NOTE: Python 3.6 support will be discontinued in January 2024.
Version 1.2.16
Added features and functionality
Added: New keywords were added to 1 operations within the Alerts Service Class.
exclude, from, include and max_doc_count were added to the
PostAggregatesAlertsV1operation._payload/_generic.pyalerts.py
Added: New keywords were added to 6 operations within the CompleteDashboard Service Class.
exclude, from, include and max_doc_count were added to the
AggregateBlockListoperation.exclude, from, include and max_doc_count were added to the
AggregateDetectionsoperation.exclude, from, include and max_doc_count were added to the
AggregateDeviceCountCollectionoperation.exclude, from, include and max_doc_count were added to the
AggregateEscalationsoperation.exclude, from, include and max_doc_count were added to the
AggregateFCIncidentsoperation.exclude, from, include and max_doc_count were added to the
AggregateRemediationsoperation.falcon_complete_dashboard.py
Added: 3 new operations added to the CSPMRegistration Service Class,
GetConfigurationDetectionEntities,GetConfigurationDetectionIDsV2, andGetCSPMPoliciesDetails._endpoint/_cspm_registration.py_payload/_cspm_registration.pycspm_registration.py
Unit testing expanded to complete code coverage.
tests/test_cspm_registration.py
Added: New keywords were added to 11 operations within the CSPMRegistration Service Class.
iam_role_arns and migrated were added to the
GetCSPMAwsAccountoperation.account_type, behavior_assessment_enabled, iam_role_arn, is_master, sensor_management_enabled and use_existing_cloudtrail were added to the
CreateCSPMAwsAccountoperation.behavior_assessment_enabled, iam_role_arn, remediation_region, remediation_tou_accepted and sensor_management_enabled were added to the
UpdateCSPMAwsAccountoperation.ids, use_existing_cloudtrail, and region were added to the
GetCSPMAwsConsoleSetupURLsoperation.ids was added to the
GetCSPMAwsAccountScriptsAttachmentoperation.tenant_ids was added to the
GetCSPMAzureAccountoperation.account_type, client_id, default_subscription, tenant_id and years_valid were added to the
CreateCSPMAzureAccountoperation.retain_tenant and tenant_ids were added to the
DeleteCSPMAzureAccountoperation.years_valid was added to the
AzureDownloadCertificateoperation.account_type, subscription_ids, and template were added to the
GetCSPMAzureUserScriptsAttachmentoperation.resource_id and resource_uuid were added to the
GetBehaviorDetectionsoperation._endpoint/_cspm_registration.pycspm_registration.py
Added: 1 new operation added to the D4CRegistration Service Class,
GetDiscoverCloudAzureTenantIDs._endpoint/_d4c_registration.pyd4c_registration.py
Unit testing expanded to complete code coverage.
tests/test_d4c_registration.py
Added: New keywords were added to 11 operations within the D4CRegistration Service Class.
iam_role_arn was added to the
CreateD4CAwsAccountoperation.limit, offset, status and tenant_ids were added to the
GetCSPMAzureAccountoperation.account_type, client_id, default_subscription and years_valid were added to the
CreateCSPMAzureAccountoperation.object_id and tenant_id were added to the
UpdateCSPMAzureAccountClientIDoperation.subscription_ids, tenant_id and template were added to the
GetCSPMAzureUserScriptsAttachmentoperation.limit, offset, parent_type, sort and status were added to the
GetCSPMCGPAccountoperation.years_valid was added to the
DiscoverCloudAzureDownloadCertificateoperation.parent_type was added to the
GetCSPMGCPUserScriptsoperation.parent_type was added to the
CreateD4CGCPAccountoperation._endpoint/_d4c_registration.py_payload/_d4c_registration.pyd4c_registration.py
Added: New keywords were added to 2 operations within the Detects Service Class.
exclude, from, include and max_doc_count were added to the
GetAggregateDetectsoperation.new_behaviors_processed was added to the
UpdateDetectsByIdsV2operation._payload/_detects.pydetects.py
Added: add-rule-group and remove-rule-group added as possible values for the action_name keyword within the
performDeviceControlPoliciesActionoperation in the DeviceControlPolicies Service Class._endpoint/_device_control_policy.pydevice_control_policy.py
Added: 3 new operations added to the FalconXSandbox Service Class,
GetMemoryDumpExtractedStrings,GetMemoryDumpHexDump, andGetMemoryDump._endpoint/_falconx_sandbox.pyfalconx_sandbox.py
Unit testing expanded to complete code coverage.
tests/test_falconx_sandbox.py
Added: New FDR Service Class with 5 new operations,
fdrschema_combined_event_get,fdrschema_entities_event_get,fdrschema_entities_field_get,fdrschema_queries_event_get, andfdrschema_queries_field_get._endpoint/_fdr.py_endpoint/__init__.py_endpoint/deprecated/_fdr.py_endpoint/deprecated/__init__.pyfdr.py
Unit testing expanded to complete code coverage.
tests/test_fdr.py
Added: New keyword was added to 1 operation within the FalconContainer Service Class.
applicationPackages was added to the
ReadImageVulnerabilitiesoperation._payload/_container.pyfalcon_container.py
Added: New keywords were added to 9 operations within the FirewallManagement Service Class.
exclude, from, include and max_doc_count were added to the
aggregate_eventsoperation.exclude, from, include and max_doc_count were added to the
aggregate_policy_rulesoperation.exclude, from, include and max_doc_count were added to the
aggregate_rule_groupsoperation.exclude, from, include and max_doc_count were added to the
aggregate_rulesoperation.created_by and created_on were added to the
upsert_network_locationsoperation.created_by and created_on were added to the
update_network_locationsoperation.local_logging was added to the
update_policy_container_v1operation.platform was added to the
create_rule_groupoperation.platform_ids was removed from the
create_rule_groupoperationfqdn and
fqdn_enabledwere added to thecreate_rule_group_validationoperation._payload/_firewall.pyfirewall_management.py
Added: New keyword was added to 1 operation within the FlightControl Service Class.
filter was added to the
queryChildrenoperation._endpoint/_mssp.pymssp.py
Added: New keyword was added to 1 operation within the Hosts Service Class.
disable_hostname_check was added to the
entities_perform_actionoperation._endpoint/_hosts.pyhosts.py
Added: New keywords were added to 1 operation within the Incidents Service Class.
overwrite_detects and update_detects were added to the
PerformIncidentActionoperation._endpoint/_incidents.pyincidents.py
Added: New keywords were added to 3 operations within the IOC Service Class.
exclude, from, include and max_doc_count were added to the
indicator_aggregate_v1operation.from_parent was added to the
GetIndicatorsReportoperation.from_parent was added to the
indicator_search_v1operation.from_parent was added to the
indicator_update_v1operation._endpoint/_ioc.py_payload/_ioc.pyioc.py
Added: New keywords were added to 3 operations within the KubernetesProtection Service Class.
is_horizon_acct was added to the
GetAWSAccountsMixin0operation.is_self_managed_cluster was added to the
GetHelmValuesYamloperation.status was added to the
GetClustersoperation._endpoint/_kubernetes_protection.pykubernetes_protection.py
Added: 1 new operation added to the ODS Service Class,
aggregate_query_scan_host_metadata._endpoint/_ods.py_endpoint/deprecated/_ods.pyods.py
Unit testing expanded to complete code coverage.
tests/test_ods.py
Added: New keywords were added to 3 operations within the ODS Service Class.
exclude, from, include and max_doc_count were added to the
aggregate_scansoperation.exclude, from, include and max_doc_count were added to the
aggregate_scheduled_scansoperation.scan_inclusions was added to the
schedule_scanoperation._payload/_ods.pyods.py
Added: New keyword was added to 1 operation within the OAuth2 Service Class.
client_id was added to the
revokeoperation._endpoint/_oauth2.pyoauth2.py
Added: New keywords were added to 2 operations within the OverwatchDashboard Service Class.
exclude, from, include and max_doc_count were added to the
AggregatesEventsCollectionsoperation.exclude, from, include and max_doc_count were added to the
AggregatesEventsoperation.overwatch_dashboard.py
Added: New keyword was added to 1 operation within the Quarantine Service Class.
exclude, from, include and max_doc_count were added to the
GetAggregateFilesoperation.quarantine.py
Added: New keyword was added to 1 operation within the RealTimeResponse Service Class.
exclude, from, include and max_doc_count were added to the
RTR_AggregateSessionsoperation.real_time_response.py
Added: New keywords were added to 7 operations within the Recon Service Class.
exclude, from, include and max_doc_count were added to the
AggregateNotificationsExposedDataRecordsV1operation.exclude, from, include and max_doc_count were added to the
AggregateNotificationsV1operation.content_format and trigger_matchless were added to the
CreateActionsV1operation.content_format and trigger_matchless were added to the
UpdateActionsV1operation.breach_monitoring_enabled and substring_matching_enabled were added to the
CreateRulesV1operation.breach_monitoring_enabled and substring_matching_enabled were added to the
UpdateRulesV1operation.notificationsDeletionRequested was added to the
DeleteRulesV1operation._endpoint/_recon.py_payload/_recon.pyrecon.py
Added: New keywords were added to 3 operations within the SensorUpdatePolicy Service Class.
scheduler, show_early_adopter_builds and variants were added to the
createSensorUpdatePoliciesV2operation.scheduler, show_early_adopter_builds and variants were added to the
updateSensorUpdatePoliciesV2operation.stage was added to the
queryCombinedSensorUpdateBuildsoperation._endpoint/_sensor_update_policy.pysensor_update_policy.py
Added: add-rule-group and remove-rule-group added as possible values for the action_name keyword within the
performSensorUpdatePoliciesActionoperation in the SensorUpdatePolicy Service Class._endpoint/_sensor_update_policies.pysensor_update_policies.py
Added: New keyword was added to 1 operation within the UserManagement Service Class.
action was added to the
queryiesRolesV1operation._endpoint/_user_management.pyuser_management.py
Added: 1 new operation added to the ZeroTrustAssessment Service Class,
getCombinedAssessmentsQuery._endpoint/_zero_trust_assessment.pyzero_trust_assessment.py
Unit testing expanded to complete code coverage.
tests/test_zero_trust_assessment.py
Other
Expanded: Additional parameters were added to the settings dictionary/keyword within the
createDeviceControlPoliciesandupdateDeviceControlPoliciesoperations._payload/_device_control_policies.pydevice_control_policies.py
Renamed: 1 keyword was renamed within the FalconContainer Service Class.
credentials was renamed to credential within the
CreateRegistryEntitiesoperation._payload/_container.pyfalcon_container.py
Reduced: Limit maximum for
queryCombinedSensorUpdateKernelsoperation within the SensorUpdatePolicy Service Class was changed from 5000 to 500._endpoint/_sensor_update_policies.py
Reduced: Limit maximum for
querySensorUpdateKernelsDistinctoperation within the SensorUpdatePolicy Service Class was changed from 5000 to 500._endpoint/_sensor_update_policies.py
Increased: Limit maximum for
QueryAWSAccountsoperation within the CloudConnectAWS Service Class was changed from 500 to 1000._endpoint/_cloud_connect_aws.py
Increased: Limit maximum for
QueryAWSAccountsForIDsoperation within the CloudConnectAWS Service Class was changed from 500 to 1000._endpoint/_cloud_connect_aws.py
Renamed: 8 operations renamed within the D4CRegistration Service Class. Legacy operation IDs were deprecated, with aliases created to avoid introducing breaking changes.
GetCSPMAzureAccount is now
GetDiscoverCloudAzureAccount.CreateCSPMAzureAccount is now
CreateDiscoverCloudAzureAccount.UpdateCSPMAzureAccountClientID is now
UpdateDiscoverCloudAzureAccountClientID.GetCSPMAzureUserScriptsAttachment is now
GetDiscoverCloudAzureUserScriptsAttachment.GetCSPMAzureUserScripts is now
GetDiscoverCloudAzureUserScripts.GetCSPMCGPAccount is now
GetD4CCGPAccount.CreateCSPMGCPAccount is now
CreateD4CGCPAccount.GetCSPMGCPUserScripts is now
GetD4CGCPUserScripts._endpoint/_d4c_registration.py_endpoint/__init__.py_endpoint/deprecated/_d4c_registration.py_endpoint/deprecated/__init__.pyd4c_registration.py
Renamed: 1 operation renamed within the ZeroTrustAssessment Service Class. Legacy operation ID was deprecated, with an alias created to avoid introducing a breaking change.
getComplianceV1 is now
getAuditV1._endpoint/_zero_trust_assessment.py_endpoint/__init__.py_endpoint/deprecated/_zero_trust_assessment.py_endpoint/deprecated/__init__.pyzero_trust_assessment.py
Version 1.2.15
Added features and functionality
Added: 1 new operation added to the ZeroTrustAssessment Service Class,
getAssessmentsByScoreV1._endpoint/_zero_trust_assessment.pyzero_trust_assessment.py
Unit testing expanded to complete code coverage.
tests/test_zero_trust_assessment.py
Issues resolved
Fixed: JSONDecoder error when running within an environment leveraging the
simplejson3rd party library versus the standardjsonlibrary._util.py
Thanks to @khyberspache for identifying and resolving this issue! 🙇
Version 1.2.14
Added features and functionality
Updated: Added
image_idanddigestoptions to theGetImageAssessmentReportoperation (FalconContainer Service Class)._endpoint/_falcon_container.pyfalcon_container.py
Added: 5 new operations added to the FalconContainer Service Class,
ReadRegistryEntitiesByUUID,CreateRegistryEntities,DeleteRegistryEntities,UpdateRegistryEntities,ReadRegistryEntities._endpoint/_falcon_container.pyfalcon_container.py
Adds one new payload handler.
_payload/_container.py
Unit testing expanded to complete code coverage.
tests/test_falcon_container.py
Version 1.2.13
Added features and functionality
Added: 2 new operations (IoT) added to the Discover Service Class,
get_iot_hostsandquery_iot_hosts._endpoint/_discover.py_endpoint/deprecated/_discover.pydiscover.pytests/test_discover.py
Added: 1 new operation added to the MessageCenter Service Class,
CreateCaseV2._endpoint/_message_center.py_payload/_message_center.pymessage_center.pytests/test_message_center.py
Issues resolved
Fixed: Docstring typo in the
GetAzureInstallScriptoperation within the KubernetesProtection Service Class. Closes #933.kubernetes_protection.py
Version 1.2.12
Added features and functionality
Added: Enhanced payload handler for
create_ruleoperation to allow for passing a list of dictionaries for thefield_valueskeyword. Closes #916._payload/_ioa.pytests/test_custom_ioa.py
Added: 5 new operations added to the KubernetesProtection Service Class,
GetAzureInstallScript,GetAzureTenantConfig,GetAzureTenantIDs,GetCombinedCloudClusters, andGetStaticScripts._endpoint/_kubernetes_protection.pykubernetes_protection.py
Unit testing expanded to complete code coverage.
tests/test_kubernetes_protection.py
Issues resolved
Fixed: Updated docstring comments to properly reflect syntax for providing a trusted certificate bundle for API requests. Closes #910.
_service_class.pyapi_complete.py
Pinned: IPython version pinned to 8.10.0 to avoid
SNYK-PYTHON-IPYTHON-3318382.requirements-dev.txt
Fixed: Added missing
idskeyword handlers for Uber Class operation calls. Closes #919._uber_default_preferences.py
Fixed: Updated docstrings for
combinedQueryVulnerabilitiesoperation to properly list request limit of 5000. Closes #922.spotlight_vulnerabilities.py
Other
Updated: Removed unnecessary
sourceparameter from endpoint module forArchiveUploadV2operation._endpoint/_sample_uploads.py
Version 1.2.11
Added features and functionality
Added: Two new operations added to the Discover Service Class,
query_applicationsandget_applications.discover.py
Unit testing expanded to complete code coverage.
tests/test_discover.py
Issues resolved
Fixed: Added
variableskeyword toGraphQLwithin IdentityProtection Service Class. Closes #902.identity_protection.py
Unit testing expanded to complete code coverage.
tests/test_identity_protection.pyThanks go out to @cl6227 for identifying and reporting this issue! 🙇
Fixed: Missing default value for
file_datakeyword argument of theupload_samplemethod of the SampleUploads Service Class. Closes #898.falconx_sandbox.pyThanks go out to @awhogan for identifying and reporting this issue! 🙇
Version 1.2.10
Added features and functionality
Added: Two new operations added to the DeviceControlPolicies Service Class,
getDefaultDeviceControlPoliciesandupdateDefaultDeviceControlPolicies.device_control_policies.py
Adds one new payload handler.
_payload/__init__.py_payload/_device_control_policy.py
Unit testing expanded to complete code coverage.
tests/test_device_control_policies.py
Added: Three new operations to the Intel Service Class,
GetMitreReport,PostMitreAttacksandQueryMitreAttacks.intel.py
Unit testing expanded to complete code coverage.
tests/test_intel.py
Issues resolved
Fixed: Error handling
idargument within the body payload handler for theupdateDeviceControlPoliciesoperation._payload/_device_control_policy.pySpecial thanks go out to @CommonVulnerability for reporting this issue and submitting the fix! 🙇
Other
Updated: Removed
scans_reportoperation from the new ODS Service Class.ods.py
Unit testing updated.
tests/test_ods.py
Version 1.2.9
Issues resolved
Fixed: Authentication object synchronization issue for certain scenarios. Relates to #829.
_util.pyThanks go out to @davidt99 for contributing this fix!
Version 1.2.8
Issues resolved
Fixed: Add missing operation IDs to
PREFER_IDS_IN_BODYconstant to trigger Uber Class body payload abstraction for theidskeyword. Closes #864._uber_default_preference.pyThanks to @tsullivan06 for identifying this issue!
Version 1.2.7
Added features and functionality
Added: One operation added to the SampleUploads Service Class,
ArchiveUploadV1.sample_uploads.py
Unit testing expanded to complete code coverage.
tests/test_sample_uploads.py
Added: Four new operations to the KubernetesProtection Service Class,
ListAzureAccounts,CreateAzureSubscription,DeleteAzureSubscription, andPatchAzureServicePrincipal.kubernetes_protection.py
Unit testing expanded to complete code coverage.
tests/test_kubernetes_protection.py
Issues resolved
Fixed: Missing redirection endpoints for legacy operations within the MSSP Service Class. (
getCIDGroupMembersByV1,getCIDGroupByIdV1,getUserGroupMembersByIDV1andgetUserGroupsByIDV1) Calls to the generic operation ID (ex:getUserGroupsByID) are redirected to the v2 equivalent. Closes #859.mssp.py
Fixed: Added missing redirection for
update_policy_container_v2operation to the FirewallManagement Service Class. Closes #856.firewall_management.py
Version 1.2.6
Added features and functionality
Added: Nine new operations added to the FirewallManagement Service Class. (
get_network_location_details,update_network_locations_metadata,update_network_locations_precedence,get_network_locations,create_network_locations,update_network_locations,upsert_network_locations,delete_network_locations,query_network_locations)firewall_management.py_endpoint/_firewall_management.py
Adds two new payload handlers.
_payload/_firewall.py
Unit testing expanded to complete code coverage.
tests/test_firewall_management.py
Added: Five new operations added to the Flight Control (MSSP) Service Class. (
getChildrenV2,getCIDGroupMembersByV2,getCIDGroupByIdV2,getUserGroupMembersByIDV2,getUserGroupsByIDV2)mssp.py_endpoint/_mssp.py
Unit testing expanded to complete code coverage.
tests/test_mssp.py
Added: One new operation added to the Hosts Service Class. (
entities_perform_action)hosts.py_endpoint/_hosts.py
One new payload handler was added.
_payload/_generic.py
Unit testing expanded to complete code coverage.
tests/test_hosts.py
Added: One new operation added to the InstallationTokens Service Class. (
customer_settings_update)installation_tokens.py_endpoint/_installation_tokens.py
One new payload handler was added.
_payload/_generic.py
Unit testing expanded to complete code coverage.
tests/test_installation_tokens.py
Added: Two new operations added to the Intel Service Class. (
GetVulnerabilities,QueryVulnerabilities)intel.py_endpoint/_intel.py
Unit testing expanded to complete code coverage.
tests/test_intel.py
Added: New ODS Service Class (On Demand Scan) with fifteen new operations. (
aggregate_scans,aggregate_scheduled_scans,get_malicious_files_by_id,cancel_scans,get_scan_host_metadata_by_ids,scans_report,get_scans_by_scan_ids,scans_report,get_scheduled_scans_by_scan_ids,schedule_scan,delete_scheduled_scans,query_malicious_files,query_scan_host_metadata,query_scans,query_scheduled_scans)__init__.pyods.py_endpoint/__init__.py_endpoint/_ods.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_ods.py
Two new payload handlers were added.
_payload/_ods.py
New unit testing implemented to confirm functionality and complete code coverage.
tests/test_ods.py
Added: Seven new operations added to the Recon Service Class. (
AggregateNotificationsExposedDataRecordsV1,GetFileContentForExportJobsV1,GetExportJobsV1,CreateExportJobsV1,DeleteExportJobsV1,GetNotificationsExposedDataRecordsV1,QueryNotificationsExposedDataRecordsV1)recon.py_endpoint/_recon.py
One new payload handler was added.
_payload/_recon.py
Unit testing expanded to complete code coverage.
tests/test_recon.py
Added: Seven new operations added to the SampleUploads Service Class. (
ArchiveListV1,ArchiveGetV1,ArchiveDeleteV1,ArchiveUploadV2,ExtractionListV1,ExtractionGetV1,ExtractionCreateV1)sample_uploads.py_endpoint/_sample_uploads.py
One new payload handler was added.
_payload/_sample_uploads.py
Unit testing expanded to complete code coverage.
tests/test_sample_uploads.pytests/testfile.zip
Other
Changed: Due to updates in the latest Ubuntu version used in GitHub actions, unit testing for Python 3.6 has been split off to a stand alone workflow.
Added: Python 3.11 support.
setup.py
Version 1.2.5
Issues resolved
Fixed: Invalid
bodypayload when leveraging the Uber Class to call theRTR_DeleteSessionoperation. Closes #839._uber_default_preference.py
Version 1.2.4
Added features and functionality
Added: New TailoredIntelligence Service Class.
__init__.pytailored_intelligence.py_endpoint/__init__.py_endpoint/_tailored_intelligence.pytests/test_tailored_intelligence.py
Unit testing expanded to complete code coverage.
Added:
GetD4CAwsAccount,CreateD4CAwsAccount,DeleteD4CAwsAccount,GetD4CAwsConsoleSetupURLs,GetD4CAWSAccountScriptsAttachment, andGetHorizonD4CScriptsoperations to the D4CRegistration Service Class.d4c_registration.py_endpoint/_d4c_registration.py_payload/__init__.py_payload/_d4c_registration.py
Adds one new payload handler.
tests/test_d4c_registration.py
Unit testing expanded to complete code coverage.
Added:
update_policy_container_v1,create_rule_group_validation,update_rule_group_validation, andvalidate_filepath_patternoperations to the FirewallManagement Service Class.firewall_management.py_endpoint/_firewall_management.py
The legacy operation
update_policy_containernow points to the updated endpoint/fwmgr/entities/policies/v2._payload/__init__.py_payload/_firewall.py
Adds two new payload handlers.
tests/test_firewall_management.py
Unit testing expanded to complete code coverage.
Added:
indicator_aggregate_v1,action_get_v1,GetIndicatorsReport,action_query_v1,ioc_type_query_v1,platform_query_v1, andseverity_query_v1operations to the IOC Service Class.ioc.py_endpoint/_ioc.py_payload/__init__.py_payload/_ioc.py
Adds one new payload handler.
tests/test_ioc.py
Unit testing expanded to complete code coverage.
Added: from_parent parameter to the
indicator_delete_v1operation within the IOC Service Class.ioc.py_endpoint/_ioc.py
Added: timeout and timeout_duration parameters to the
RTR_InitSessionoperation within the RealTimeResponse Service Class.real_time_response.py_endpoint/_real_time_response.py
Added: host_timeout_duration parameter to the
BatchAdminCmdoperation within the RealTimeResponseAdmin Service Class.real_time_response_admin.py_endpoint/_real_time_response_admin.py
Added: Maximum and minimum limits for the limit parameter used by the
QueryNotificationsV1operation within the Recon Service Class._endpoint/_recon.py
Added: New
ReadImageVulnerabilitiesoperation to the FalconContainer Service Class.falcon_container.py_endpoint/_falcon_container.py_payload/__init__.py_payload/_container.py
Adds one new payload handler.
tests/test_falcon_container.py
Unit testing expanded to complete code coverage.
Other
Updated: Updated the description, changed datatype from
stringtointand added maximum / minimum limits for the offset parameter used by theQueryActionsV1operation within the Recon Service Class._endpoint/_recon.py
Removed:
X-CS-USERNAMEparameter from all operations within the IOC Service Class._endpoint/_ioc.py
Updated: query_rule_groups_full and query_rule_groupsMixin0 operations - Removed
descriptionas an available field from enum. Updated operation description._endpoint/_custom_ioa.py
Updated: Changed collectionFormat value from
csvtomultifor multiple operations within the_endpointmodule._endpoint/_ioa_exclusions.py(getIOAExclusionsV1, deleteIOAExclusionsV1)_endpoint/_ml_exclusions.py(getMLExclusionsV1, deleteMLExclusionsV1)_endpoint/_sensor_visibility_exclusions.py(getSensorVisibilityExclusionsV1, deleteSensorVisibilityExclusionsV1)
Updated: Removed maxLength and minLength values for multiple operations within the
_endpointmodule._endpoint/_device_control_policies.py(getDeviceControlPolicies, deleteDeviceControlPolicies)_endpoint/_firewall_policies.py(getFirewallPolicies, deleteFirewallPolicies)_endpoint/_host_group.py(getHostGroups, deleteHostGroups)_endpoint/_prevention_policies.py(getPreventionPolicies, deletePreventionPolicies)_endpoint/_response_policies.py(getRTResponsePolicies, deleteRTResponsePolicies)_endpoint/_sensor_update_policies.py(getSensorUpdatePolicies, deleteSensorUpdatePolicies, getSensorUpdatePoliciesV2)
Updated: GovCloud headers are now returned when providing GovCloud credentials to a commercial cloud region. Deprecated fallback handler within
autodiscover_regionmethod._util.py
This code will be retained for now. As of this version, GovCloud region autodiscovery is not supported.
Updated: Pinned
setuptoolsversion to 65.5.1 (SNYK-PYTHON-SETUPTOOLS-3113904).requirements-dev.txt
Version 1.2.3
Added features and functionality
Added: Specify
N-1andN-2within the Sensor Download sample. Closes #793.samples/sensor_download/download_sensor.py
Issues resolved
Fixed: Invalid
bodypayload passed when leveraging the Uber Class to call theRTR_GetExtractedFileContentsoperation. Closes #788._uber_default_preference.py
Fixed: Invalid data type comparison in RTR dump memory sample.
samples/rtr/pid-dump/rtr_dump_memory.py
Fixed: Invalid arguments provided to
execute_admin_commandmethod within RTR dump memory sample. Closes #789.samples/rtr/pid-dump/rtr_dump_memory.py
Version 1.2.2
Added features and functionality
Added: Easy Object Authentication syntax. You no longer need to specify the
auth_objectattribute of the Service Class you are using to authenticate to subsequent Service Classes. Legacy Object Authentication is still (and will always be) fully supported._service_class.pytests/test_authentications.py
Other
Changed: Updated development package module name to be
falconpydevto prevent confusion with the production package module name.dev_setup.py
Version 1.2.1
Added features and functionality
Added: Added alias for
post_device_details_v2to Hosts Service Class. Closes #773.hosts.pytests/manual/test_get_device_details.py
Issues resolved
Fixed: Typo in docstring for
perform_incident_actionmethod. Closes #776.incidents.py
Fixed: Added
host_timeout_durationdocumentation to docstrings within operations in the Real Time Response Service Class.real_time_response.py
Other
Updated: Adjusted unit testing to cover new API returns.
tests/falcon_container.pytests/kubernetes_protection.py
Version 1.2.0
Added features and functionality
Updated: Updated operation payload parameter datatype details.
_endpoint/_ioc.py_endpoint/_recon.py_endpoint/_sample_uploads.py
Updated: Updated operation payload parameter data location details.
_endpoint/_falconx_sandbox.py_endpoint/_sample_uploads.py
Added: New
host_timeout_durationparameter toBatchActiveResponderCmd,BatchCmd,BatchGetCmdandBatchInitSessionsoperations within the Real Time Response Service Collection._endpoint/_real_time_response.py
Added: New
GetDeviceDetailsV2andPostDeviceDetailsV2operations to Hosts Service Collection.The operation
GetDeviceDetailsis now deprecated, and will eventually be removed from the CrowdStrike API. Due to backwards compatibility considerations, and the added functionality provided by the new endpoint, FalconPy will continue to support this operation ID by redirecting requests toPostDeviceDetailsV2. IDs that are provided in incorrect payload destinations due to the differences between a GET and POST operation are migrated to the appropriate dictionary before the request is made. This solution is implemented within the Hosts Service Class (GetDeviceDetails,get_device_details) and within the Uber Class. Developers must upgrade installations to FalconPy v1.2.0 to benefit from this new functionality. Administrators and end users are strongly urged to consider upgrading to v1.2.0 before this endpoint is removed._endpoint/_hosts.py_uber_default_preference.pyapi_complete.pyhosts.pytests/test_get_device_details.py
Added: Falcon Container registry functionality to Falcon Container Service Class.
This solution implements three "mock" operation IDs;
GetImageAssessmentReport(get_assessment),DeleteImageDetails(delete_image_details), andImageMatchesPolicy(image_matches_policy). All mocked operations are available from both the Service and Uber classes. The Falcon Container Registry base URL is calculated based upon the base URL used for authentication._endpoint/_falcon_container.py__init__.py_container_base_url.py_uber_default_preference.py_util.pyapi_complete.pyfalcon_container.pytests/test_falcon_container.py
Issues resolved
Fixed: Default NoneType preference for body payloads sent to the
RTR_ListFilesandRTR_ListFilesV2operations. Closes #750._uber_default_preference.py
Removed: Unused header payload parameters from operation payloads.
_endpoint/_falconx_sandbox.py_endpoint/_firewall_management.py_endpoint/_recon.py_endpoint/_report_executions.py_endpoint/_sample_uploads.py
Removed: Duplicate parameter definition (
after) fromindicator_combined_v1operation._endpoint/_ioc.py
Other
Updated: Comment updates.
_endpoint/_d4c_registration.py
Updated: Fixed docstring typo within
userActionV1operation. Closes #763.user_management.py
Version 1.1.6
Added features and functionality
Added: New Alerts service collection operation -
PatchEntitiesAlertsV2(update_alerts_v2)._endpoint/_alerts.py_payload/_alerts.pyalerts.pytests/test_alerts.py
Added: New Service Collection - Mobile Enrollment. Matching Service Class / Uber Class functionality. Unit testing expanded to cover new methods.
_endpoint/_mobile_enrollment.pymobile_enrollment.pytests/test_mobile_enrollment.py
Added: New User Management service collection operations
combinedUserRolesV1 -
get_user_grantsget_user_roles -
get_user_grantsget_user_roles_combined -
get_user_grantsentitiesRolesV1 -
get_roles_msspuserActionV1 -
user_actionuserRolesActionV1 -
user_roles_actionretrieveUsersGETV1 -
retrieve_userscreateUserV1 -
create_user_msspdeleteUserV1 -
delete_user_msspupdateUserV1 -
update_user_msspqueryRolesV1 -
query_rolesqueriesRolesV1 -
query_rolesqueryUserV1 -
query_usersuser_management.pytests/test_user_management.py
Added: Extended custom headers (
ext_headers) functionality for Service Classes._service_class.py
Issues resolved
Added: Alias for
get_online_state_v1. Closes #739.hosts.py
Version 1.1.5
Added features and functionality
Added: New Service Collection - Alerts. Matching Service Class / Uber class functionality. Unit testing expanded to cover new methods.
_endpoint/__init__.py_endpoint/_alerts.py_payload/__init__.py_payload/_alerts.pyalerts.py__init__.pytests/test_alerts.py
Added: Expanded IdentityProtection unit testing to cover
US-2.tests/test_identity_protection.py
Issues resolved
Fixed: Uber Class override keyword requires a null action parameter. Closes #706.
api_complete.py
Fixed: Responses containing charset are not parsed as JSON. This impacted responses from the Identity Protection service collection. Closes #708.
_util.pytests/test_identity_protection.pyThanks to @hod-alpert for identifying and resolving this issue!
Other
Moved: Abstracted Cloud Region autodiscovery functionality into a standalone method to reduce code segment size.
_util.py
Version 1.1.4
Added features and functionality
Added: New operation - AzureDownloadCertificate (CSPMRegistration)
_endpoint/_cspm_registration.pycspm_registration.pytests/test_cspm_registration.py
Added: New operation - DiscoverCloudAzureDownloadCertificate (D4CRegistration)
_endpoint/_d4c_registration.pyd4c_registation.pytests/test_d4c_registration.py
Added: New parameter -
disable_hostname_check(QueryString) in performGroupAction (HostGroup)_endpoint/_host_group.pyhost_group.py
Added: New operation - GetOnlineState_V1 (Hosts)
_endpoint/_hosts.pyhosts.pytests/test_hosts.py
Added: New parameter -
include_relationsin QueryIntelIndicatorEntities and QueryIntelIndicatorIds (Intel)_endpoint/_intel.pyintel.py
Added: New operations - RTR_GetPut_FilesV2 and RTR_GetScriptsV2 (RTR Administration)
_endpoint/_real_time_response_admin.pyreal_time_response_admin.pytests/test_real_time_response_admin.py
Updated: DataType -
csv->multifor thefacetparameter in combinedQueryVulnerabilities (SpotlightVulnerabilities)_endpoint/_spotlight_vulnerabilities.py
Issues resolved
Fixed: Docstring typo in
create_rule_groupmethod (FirewallManagement)firewall_management.py
Fixed: Typo in supported values definition for combinedQueryVulnerabilities endpoint definition. _
_endpoint/_spotlight_vulnerabilities.py
Version 1.1.3
Added features and functionality
Added: Firewall rules payload abstraction for the
create_rule_groupmethod. Firewall diff_operations payload abstraction for theupdate_rule_groupmethod._payload/_firewall.pyfirewall_management.pytests/test_firewall_management.py
Version 1.1.2
Issues resolved
Fixed: Resolved issue with aggregate payload generation within the Detects, MessageCenter and Recon Service Classes. Closes #664.
detects.pymessage_center.pyrecon.py
Other
Updated: Added macOS environment detail to docstring in
submitmethod of the Falcon X Sandbox Service Class. Closes #651.falconx_sandbox.py
Version 1.1.1
Issues resolved
Bug fix: Resolved issue impacting the creation of certain action parameters used within payloads for the
perform_incident_actionmethod of the Incidents Service Class. Closes #656._payload/_incidents.py
Version 1.1.0
Added features and functionality
Added: Results object expansion - expanded results are returned as a tuple, Ex:
(status_code, headers, content). This allows for headers and status to be checked on binary API returns. Expanded results are supported for all calls to the API and can be requested from any Service Class method or the Uber Class command method using the keywordexpand_result._result.py_util.pyapi_complete.pytest_sample_uploads.py
Example
Added: Specify action_parameters keys for perform operations using keywords instead of a list of dictionaries.
Keyword:
group_iddevice_control_policies.py(perform_action method)firewall_policies.py(perform_action method)prevention_policy.py(perform_policies_action method)response_policies.py(perform_policies_action method)sensor_update_policy.py(perform_policies_action method)
Keyword:
filterhost_group.py(perform_group_action method)
Keywords:
add_tag,delete_tag,unassign,update_name,update_assigned_to_v2,update_description,update_status_payload/__init__.py_payload/_incidents.pyincidents.py(perform_incident_action method)
Other
Fixed: Docstring typo in sort options for
query_accountsandquery_loginsmethods within the Discover Service Class.discover.py
Fixed: Docstring typo not listing
idrequirements for keyword submissions to theindicator_updatemethod within the IOC Service Class.ioc.py
Fixed: Docstring typo listing an incorrect return type for the
get_downloadoperation within the ReportExecutions Service Class.report_executions.py
Fixed: Docstring typo in Real Time Response Service Class referencing non-existent
action_parameterspayload element.real_time_response.py
Added: Babel fish operation ID to endpoint translator.
util/babel_fish.py
Added: FalconPy terminal word search utility.
util/find-strings.sh
Added: FalconPy module listing utility.
util/public-modules.sh
Added: FalconPy version check utility.
util/vcheck.sh
Version 1.0.10
Added features and functionality
Added: New versions of two operations within the Real Time Response Service Class.
list_files_v2anddelete_file_v2are used the same as the original methods, but provide more results detail. You should leveragedelete_file_v2if you are retrieving files usinglist_files_v2._endpoint/_real_time_response.pyreal_time_response.pytests/test_real_time_response.py
Version 1.0.9
Added features and functionality
Added: New Discover service collection endpoints, matching Service Class operations and unit testing.
New method:
get_accountsNew method:
get_loginsNew method:
query_accountsNew method:
query_logins_endpoint/_discover.pydiscover.pytests/test_discover.py
Other
Fixed: Docstring typo for the
combinedQueryVulnerabilitiesoperation within the Spotlight Vulnerabilities Service Class. Closes #608.spotlight_vulnerabilities.py
Version 1.0.8
Added features and functionality
Added: Spotlight Evaluation Logic Service Class, related service collection endpoints and related unit tests.
_endpoint/__init__.py_endpoint/_spotlight_evaluation_logic.py__init__.pyspotlight_evaluation_logic.pytests/test_spotlight_evaluation_logic.py
Version 1.0.7
Issues resolved
Fixed: Invalid empty payload sent by
report_executions_download_getoperation when leveraging the Uber Class. Closes #596._util.pyapi_complete.pytests/test_uber_api_complete.pyThanks to @tsullivan06 for his assistance in identifying this issue!
Other
Fixed: Typo in docstring - cspm_registration.py#571,
recurring->reoccurring. Closes #592.cspm_registration.py
Added: Updated docstring to reflect newly available host actions. Closes #585.
hosts.py
Version 1.0.6
Added features and functionality
Added: Return headers on failed authorization (401) when using the Uber class. Closes #578.
_util.pyapi_complete.pyThank you to @tsullivan06 for this enhancement suggestion!
Added: Allow dashed base url specifiers when creating instances of any class. Closes #580.
_util.pyThanks to @jhseceng for this enhancement suggestion!
Issues resolved
Fixed: Bandit false positive introduced by changes to hard-coded password scanning in v1.7.3. Relates to PyCQA/bandit#843.
_token_fail_reason.pyapi_complete.pyoauth2.py
Other
Updated: Docstrings updated to reflect newly available platform names (
android,iOS). Closes #582.prevention_policy.py
Version 1.0.5
Added features and functionality
Added: Argument check in
update_detects_by_ids(UpdateDetectsByIdsV2). When only acommentkeyword is provided,show_in_uiis appended to the request with aTruevalue, which satisfies update requirements.detects.pytests/test_detects.py
Added: Default value of
0forsequence_idkeyword incheck_command_status,check_active_responder_command_statusandcheck_admin_command_statusmethods within Real Time Response Service Classes.real_time_response.pyreal_time_response_admin.py
Added: Publicly exposed
confirm_base_region,confirm_base_urlmethods andBaseURLenumerator.__init__.py
Issues resolved
Fixed: Missing alias for
api_preempt_proxy_post_graphql(Operation ID syntax) in Identity Protection Service Class. Closes #567.identity_protection.pyThanks to @tsullivan06 for identifying and reporting this issue!
Fixed: Incorrect variable used for dictionary key on boolean values within
command_payloadbody payload handler. Closes #568._payload/_real_time_response.pyRelates to discussion #415
Version 1.0.4
Added features and functionality
Added: Token renewal window customization. Developers may now customize the length of time between token expiration and token renewal. (Max: 20 minutes)
_service_class.pyapi_complete.pyoauth2.pytests/test_authentications.pyThank you to @tsullivan06 for this contribution!
Added: Error handling for when calling
query_vulnerabilities_combined(combinedQueryVulnerabilities) without specifying afilterargument. (Must be present as a keyword or as part of theparametersdictionary.)spotlight_vulnerabilities.pytests/test_spotlight_vulnerabilities.pyThank you to @tsullivan06 for this contribution!
Added: Export of
ServiceClassgeneric base class as part of__all__within__init__.py. This change will allow developers to inherit from the Service Class base class without importing a protected module (which generates a warning in some editors).__init__.pyThank you to @morcef for this contribution!
Issues resolved
Fixed: Authentication issue when provided a base_url containing a trailing backslash.
_util.pytests/test_authorizations.pyThanks to @mwb8 for identifying and reporting this issue!
Version 1.0.3
Issues resolved
Fixed: Bug in
process_service_request(_util.py) impacting thepartitionkeyword argument of therefresh_active_streammethod in the Event Streams Service Class. Closes #547._util.pytests/test_event_streams.pyThanks go out to @kra-ts for contributing this fix!
Version 1.0.2
Added features and functionality
Added: New queryCombinedSensorUpdateKernels and querySensorUpdateKernelsDistinct operations. (SensorUpdatePolicy Service Class, Uber Class)
_endpoint/_sensor_update_policies.py_util.py_version.pyapi_complete.pysensor_update_policy.pytests/test_sensor_update_policy.pytests/test_uber_api_complete.py
Version 1.0.1
Issues resolved
Fixed: Parameter abstraction handling issue with the
organization_idskeyword of thedelete_aws_accountandget_aws_accountmethods within the CSPMRegistration Service Class. Closes #539.cspm_registration.pytests/test_cspm_registration.py
Version 1.0.0
Stable Release
Other
Updated: Author information,
AUTHORS.mdUpdated: Contributor documentation,
CONTRIBUTING.mdFormatting: Code of Conduct,
CODE_OF_CONDUCT.mdUpdated: Documentation primer,
docs/README.mdUpdated: Package metadata and classifiers,
setup.pyUpdated: Package information and repository overview,
README.mdUpdated: Pull Request template,
.github/pull_request_template.mdUpdated: Samples documentation,
samples/README.mdUpdated: Security Policy,
SECURITY.mdUpdated: Support documentation,
SUPPORT.mdAdded: Unit testing documentation,
tests/README.mdUpdated: Utilities documentation,
util/README.mdFixed: Minor comment typo in Offset vs. Token sample,
samples/hosts/offset_vs_token.py
Version 0.9.0
Release Candidate
Added features and functionality
Added: Token generation failure reason tracking to Service and Uber classes. Closes #501.
_service_class.pyapi_complete.pyoauth2.py
Example usage
Issues resolved
Fixed: Code hint warning in PyCharm for missing auth_object definition within _service_class.py.
Version 0.8.11
Added features and functionality
Added: FileVantage Service Class and all related endpoints.
_endpoint/_filevantage.py_endpoint/__init__.pyfilevantage.pytests/test_filevantage.py
Version 0.8.10
Added features and functionality
Added: MessageCenter Service Class and all related endpoints.
_endpoint/_message_center.py_endpoint/__init__.py_payload/_message_center.py_payload/__init__.pymessage_center.py__init.py__tests/test_message_center.py.github/wordlist.txt
Issues resolved
Fixed: Argument passed to a keyword argument only method error handling.
_util.pytests/test_hosts.py
Fixed: Added non-keyword argument handler for
get_samplemethod.sample_uploads.py
Other
Updated: Minor linting adjustments.
sample_uploads.pytests/test_overwatch_dashboard.pytests/test_prevention_policy.py
Updated: README files updated to reflect new service collection.
Version 0.8.9
Added features and functionality
Added: New operations (GetBehaviorDetections, GetConfigurationDetections) to both the CSPMRegistration Service Class and the Uber Class. Closes #482.
_endpoint/_cspm_registration.pycspm_registration.pytests/test_cspm_registration.py
Version 0.8.8
Issues resolved
Fixed: Added missing payload parameters to body payload handler for
update_policy_settingsmethod (UpdateCSPMPolicySettings operation) within the CSPMRegistration Service Class. Closes #473.cspm_registration.py_payload/_cspm_registration.pytests/test_cspm_registration.py
Version 0.8.7
Issues resolved
Fixed: Stemmed vs. exact comparison for endpoint operation lookup within
args_to_paramsmethod. Closes #467._util.py
Version 0.8.6
Added features and functionality
Added: Cloud Region Autodiscovery - Automatically select the correct cloud region for US1, US2 and EU1 users.
When using a valid login for US1, US2, and EU1, developers will no longer need to specify
base_urlwhen creating an instance of any Service Class, or the Uber Class. Upon successful login, your correct region will be identified and used for all subsequent requests. If you specify the wrong region for your instance, this will be corrected as part of authentication._base_url.py_util.py_service_class.pyapi_complete.pyoauth2.pytest_authentications.pytest_authorization.pyAll unit testing workflows updated to leverage new cross-region testing parameters.
Please note: This functionality does not support the GovCloud region or GovCloud API credentials.
Version 0.8.5
Issues resolved
Fixed: Issue when passing comma-delimited strings or boolean values as keywords to the body payload handler for
indicator_object. Closes #447._payload/_ioc.pytests/test_ioc.py
Fixed: Issue when passing comma-delimited string for the
groupskeyword to the body payload handler forioa_exclusion_payload. Closes #448._payload/_ioa.pytests/test_ioa_exclusions.py
Fixed: Issue when passing comma-delimited string for the
idskeyword to the body payload handler forupdate_detects_payload. Resolved boolean handling ofshow_in_uikeyword. Closes #449._payload/_detects.pytests/test_detects.py
Fixed: Issue when passing comma-delimited string for
user_tagskeyword to the body payload handler forsubmit. Closes #450._payload/_falconx.pytests/test_falconx_sandbox.py
Fixed: Issue when passing comma-delimited string for
role_idskeyword to the body payload handler for Flight Control POST / PATCH operations. Closed #451._payload/_mssp.pytests/test_mssp.py
Fixed: Issue when passing comma-delimited strings or boolean False to certain keywords within the
command_payloadbody payload handler. Closes #452._payload/_real_time_response.pytests/test_real_time_response.py
Fixed: Issue when passing comma-delimited strings to MalQuery Service Class body payload handlers. Closes #453.
_payload/_malquery.pytests/test_malquery.py
Fixed: Issue with passing comma-delimited string for
recipientswithin body payload handler forupdate_actionmethod within Recon Service Class. Closes #454._payload/_recon.pytests/test_recon.py
Fixed: Issue with passing comma-delimited strings for
rule_idsandrule_versionskeywords within FirewallManagement Service Class body payload handlers. Closes #455._payload/firewall.pytests/test_firewall_management.py
Fixed: Issue with passing comma-delimited string for the
groupskeyword within the generic exclusion body payload handler. Closes #456._payload/_generic.pytests/test_ml_exclusions.py
Version 0.8.4
Issues resolved
Fixed: TypeError when using a valid credential in the wrong cloud environment. (GOV -> US1 only). Closes #433.
oauth2.pytest_authentications.pyGratz to @tsullivan06 for his assistance in identifying and resolving this issue.
Fixed: Missing method aliases in OAuth2 Service Class. Closes #432.
oauth2.pyKudos to @tsullivan06 for identifying this issue.
Fixed: Docstring typos in Custom IOA Service Class source.
custom_ioa.py
Version 0.8.3
Added features and functionality
Added: MSSP Direct Authentication - Additional authentication keyword is now available,
member_cid, allowing developers targeting MSSP functionality to make use of Direct Authentication as opposed to still using Credential Authentication. This functionality is supported in all Service Classes and the Uber Class._service_class.pyapi_complete.pyoauth2.pytests/test_authorization.py
Version 0.8.2
Issues resolved
Fixed: Issue in
_util.args_to_paramswhen handling Python reserved words defined as keys incorrectly in the parameter dictionary. Closes #422.Special thanks to @valerianrossigneux for originally identifying this issue, and his assistance testing a fix. :bow:
Version 0.8.1
Added features and functionality
Added: New Discover Service Class and matching unit testing to represent the recently released Falcon Discover API.
discover.py_endpoint/_discover.py_endpoint/_deprecated/discover.pytests/test_discover.py
Added: New generic body payload handler for report execution / scheduling payloads.
_payload/_reports.py
Added: New
report_executions_retrymethod and matching unit tests to ReportExecutions Service Class.report_executions.py_endpoint/_report_executions.py
Added: New
scheduled_reports_launchmethod and matching unit tests to ScheduledReports Service Class.scheduled_reports.py_endpoint/_scheduled_reports.py
Version 0.8.0
Added features and functionality
Added: Parameter abstraction for the Uber Class.
Provides: Query string parameter payload abstraction for calls made using the Uber class.
api_complete.py_util.py
Added: PEP-8 friendly
app_idkeyword for theappIdparameter used by methods within the EventStreams Service Class.event_streams.py
Issues resolved
Fixed: Aggregate payload datatype mismatches in Recon Service Class methods.
recon.py
Fixed: Missing payload parameter in recon rule payload handler.
_payload/_recon.py
Fixed: Invalid query string parameter referenced in body payload handler for
query_samplemethod within FalconXSandbox Service Class. Also resolved matching invalid docstring reference. Closes #409.falconx_sandbox.py
Fixed: Minor formatting issues within docstrings in all package files.
Other
Added: Docstring syntax validation workflow leveraging pydocstyle.
Removed: Deprecated
calc_url_from_argsmethod_util.py
Removed: Deprecated
parse_id_listmethod_util.py
Version 0.7.4
Added features and functionality
Updated: Service Class Refactoring (Rev 4)
Provides: Body Payload Abstraction - Abstracted BODY payload parameters for all methods using PATCH, POST or PUT requests into keywords. Legacy usage pattern of passing the BODY payload directly as the body keyword is still supported.
Provides: PEP-257 formatting of all docstrings.
cspm_registration.py- Closes #394device_control_policies.py- Closes #396falconx_sandbox.py- Closes #397mssp.py- Closes #398kubernetes_protection.py- Closes #399custom_ioa.py- Closes #400falcon_complete_dashboard.py- Closes #401firewall_policies.py- Closes #402firewall_management.py- Closes #403
Version 0.7.3
Added features and functionality
Added: New combinedQueryVulnerabilities operation to SpotlightVulnerabilities Service Class.
spotlight_vulnerabilities.py- Service Class_endpoint/_spotlight_vulnerabilities.py- Endpoint moduletests/test_spotlight_vulnerabilities.py- Unit testing
Updated: Service Class Refactoring (Rev 4)
Provides: Body Payload Abstraction - Abstracted BODY payload parameters for all methods using PATCH, POST or PUT requests into keywords. Legacy usage pattern of passing the BODY payload directly as the body keyword is still supported.
Provides: PEP-257 formatting of all docstrings.
cloud_connect_aws.py- Closes #386d4c_registration.py- Closes #391ioc.py- Closes #388iocs.py- Closes #387identity_protection.py- Closes #385incidents.py- Closes #390overwatch_dashboard.py- Closes #389real_time_response.py- Closes #383real_time_response_admin.py- Closes #384response_policies.py- Closes #382
Version 0.7.2
Issues resolved
Fixed: Missing body payload in CloudConnectAWS.verify_aws_account_access. Closes #376.
Version 0.7.1
Added features and functionality
Updated: Service Class Refactoring (Rev 4)
Provides: Body Payload Abstraction - Abstracted BODY payload parameters for all methods using PATCH, POST or PUT requests into keywords. Legacy usage pattern of passing the BODY payload directly as the body keyword is still supported.
Provides: PEP-257 formatting of all docstrings.
host_group.py- Closes #361ioa_exclusions.py- Closes #359installation_tokens.py- Closes #363ml_exclusions.py- Closes #360prevention_policy.py- Closes #364quarantine.py- Closes #366sensor_update_policy.py- Closes #368user_management.py- Closes #367
Added: Class aliases for Sensor Update Policies and Prevention Policies service collections to provide classes that align to plural naming convention.
Issues resolved
Fixed: Hard-coded user-agent header for all requests. Moving forward, developers may specify a custom string to be used as the User-Agent header for all requests. Closes #365.
Version 0.7.0
Added features and functionality
Added: Updated
__all__parameter in root__init__.py, publishing all PEP8 class names. This change allows developers to import these classes directly.Added: Private Base URL enum.
_base_url.pyYou may now specify your base URL by name or by URL.
US1
US2
USGOV1
EU1
Added: Default value for action_name parameter in refresh_active_stream method of EventStreams service class.
event_streams.pyAdded: Payload handling sub-module.
_payload/_payload/__init__.py_payload/_detects.py_payload/generic.py_payload/malquery.py_payload/recon.py
Updated: Service Class Refactoring (Rev 4)
Provides: Body Payload Abstraction - Abstracted BODY payload parameters for all methods using PATCH, POST or PUT requests into keywords. Legacy usage pattern of passing the BODY payload directly as the body keyword is still supported.
Provides: PEP-257 formatting of all docstrings.
detects.py- Closes #353.event_streams.py- Closes #349falcon_container.py- Closes #348hosts.py- Closes #340.intel.py- Closes #352malquery.py- Closes #354quick_scan.py- Closes #351recon.py- Closes #350report_executions.py- Closes #346sample_uploads.py- Closes #344scheduled_reports.py- Closes #345sensor_download.py- Closes #343sensor_visibility_exclusions.py- Closes #347spotlight_vulnerabilities.py- Closes #342zero_trust_assessment.py- Closes #341
Updated: Endpoint module updated to reflect recent swagger changes.
_cspm_registration.py_mssp.py
Issues resolved
Updated: Linter updates now result in usage of
formatbeing marked as a failure for scenarios where anf-stringcan be used. Updated all occurrences of this issue to make use off-stringformatting._service_class.py_util.pyapi_complete.pyoauth2.py
Other
Updated: PEP-257 syntax applied to all docstrings in all touched files.
Updated: README.md updated
Version 0.6.5
Issues resolved
Removed: Hash Analyzer Service Class and all related unit tests. (Unavailable at this time)
hash_analyzer.py_endpoint/_hash_analyzer.pytest_hash_analyzer.py
Fixed: Missing reference to _quarantine_endpoints in endpoint module.
_endpoint/__init__.pyThis issue only impacted users leveraging the Uber class for these endpoints.
Version 0.6.4
Added features and functionality
Added: New Hash Analyzer Service Class
hash_analyzer.pyRelated unit tests
test_hash_analyzer.pyRelated endpoint module
_hash_analyzer.py
Added: Quarantine Service Class unit tests
test_quarantine.py
Version 0.6.3
Added features and functionality
Added: New FalconContainer Service Class.
falcon_container.pyAdded: Two new methods (operations)) to the Hosts Service Class.
hosts.pyquery_device_login_history / QueryDeviceLoginHistory
query_network_address_history / QueryGetNetworkAddressHistoryV1
Added: New method (operation)) to the SpotlightVulnerabilities Service Class.
spotlight_vulnerabilities.pyget_remediations_v2 - getRemediationsV2
Migrated: Ported still viable methods from legacy IOCS Service Class
iocs.pyto the new IOC Service Class.ioc.pydevices_count / DevicesCount
devices_ran_on / DevicesRanOn
processes_ran_on / ProcessesRanOn
entities_processes / entities_processes
Updated: Deprecated 5 methods within the legacy IOCS Service Class.
iocs.pyget_ioc / GetIOC
create_ioc / CreateIOC
delete_ioc / DeleteIOC
update_ioc / UpdateIOC
query_iocs / QueryIOCs
Updated: Deprecated cs_username keyword from all methods within CustomIOA and FirewallManagement Service Classes.
custom_ioa.py,firewall_management.pyAdded: New Quarantine Service Class and endpoints.
quarantine.pyUpdated: Updated endpoint for getComplianceV1 operation within ZeroTrustAssessment Service Class.
zero_trust_assessment.py
Version 0.6.2
Issues resolved
Bug fix: Fixed Uber class passing empty ids parameter array when no ids had been provided to the command method. Closes #314.
_util.py
Version 0.6.1
Issues resolved
Bug fix: Fixed bad comparison for endpoint lookups when using Service Classes. Closes #305.
_util.pyBug fix: Fixed typo in operation ID for query_platforms method within CustomIOA Service Class. Closes #307.
custom_ioa.pyBug fix: Fixed typo in operation ID for create_user_groups method within FlightControl Service Class. Closes #308.
mssp.py
Version 0.6.0
Added features and functionality
Refactored Cloud Connect AWS Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #271.
cloud_connect_aws.pyRefactored CSPM Registration Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #272.
cspm_registration.pyRefactored Custom IOA Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #258.
custom_ioa.pyRefactored D4C Registration Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #273.
d4c_registration.pyRefactored Detects Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #274.
detects.pyRefactored Device Control Policies Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #275.
device_control_policies.pyRefactored Events Streams Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #248.
event_streams.pyRefactored Falcon Complete Dashboard Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #294.
falcon_complete_dashboard.pyRefactored Falcon Flight Control Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #292.
mssp.pyRefactored Falcon X Sandbox Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #259.
falconx_sandbox.pyRefactored Firewall Management Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #257.
firewall_management.pyRefactored Firewall Policies Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #296.
firewall_policies.pyRefactored Hosts Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #269.
hosts.pyRefactored Host Group Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #286.
host_group.pyRefactored Identity Protection Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #299.
identity_protection.pyRefactored Incidents Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #289.
incidents.pyRefactored Installation Tokens Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #287.
installation_tokens.pyRefactored Intel Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #264.
intel.pyRefactored IOA Exclusions Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #283.
ioa_exclusions.pyRefactored IOC Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #267.
ioc.pyRefactored IOCs Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #284.
iocs.pyRefactored Kubernetes Protection Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #293.
kubernetes_protection.pyRefactored MalQuery Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #298.
malquery.pyRefactored ML Exclusions Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #281.
ml_exclusions.pyRefactored Overwatch Dashboard Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #278.
overwatch_dashboard.pyRefactored Prevention Policy Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #290.
prevention_policy.pyRefactored Quick Scan Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #282.
quick_scan.pyRefactored Real Time Response Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #280.
real_time_response.pyRefactored Real Time Response Admin Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #256.
real_time_response_admin.pyRefactored Recon Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #297.
recon.pyRefactored Response Policies Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #295.
response_policies.pyRefactored Sample Uploads Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #255.
sample_uploads.pyRefactored Sensor Download Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #285.
sensor_download.pyRefactored Sensor Update Policy Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #288.
sensor_update_policy.pyRefactored Sensor Visibility Exclusions Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #279.
sensor_visibility_exclusions.pyRefactored Spotlight Vulnerabilities Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #277.
spotlight_vulnerabilities.pyRefactored User Management Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #276.
user_management.pyRefactored Zero Trust Assessment Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #260.
zero_trust_assessment.pyAdded client_id and client_secret as keywords to the base Service Class, Uber Class, and Authentication class.
api_complete.py,oauth2.py,_service_class.pyThis change allows you to specify your API ID and secret when you create an instance of any of the service class. (Direct Authentication)
Added new Report Executions Service Class.
report_executions.pyBasic unit test implemented:
test_report_executions.py
Added new Schedule Reports Service Class.
scheduled_reports.pyBasic unit test implemented:
test_scheduled_reports.py
Added new operation (getComplianceV1) to Zero Trust Assessment Service Class.
zero_trust_assessment.py
Issues resolved
Bug fix: Resolved HTTP status code 415 on calls to refreshActiveStreamSession (refresh_active_stream). Closes #247.
event_streams.pyBug fix: Resolved header pollution issue within Falcon X Sandbox Service Class. Closes #250.
falconx_sandbox.pyBug fix: Resolved header pollution issue within Firewall Management Service Class. Closes #252.
firewall_management.pyBug fix: Resolved header pollution issue within Custom IOA Service Class. Closes #253.
custom_ioa.pyBug fix: Resolved header pollution issue within Sample Uploads Service Class. Closes #254.
sample_uploads.pyBug fix: Resolved HTTP status code 500 error on calls to RTR_CreatePut_Files (create_put_files). Closes #261.
real_time_response_admin.pyBug fix: Resolved HTTP status code 400 or 500 error on calls to RTR_UpdateScripts (update_scripts) and calls to RTR_CreateScripts (create_scripts). Closes #262.
real_time_response_admin.pyBug fix: Added handle_single_argument helper to attempt to handle single arguments passed to Service Class methods. Addresses a potential breaking change introduced by v0.5.4. Closes #263.
_util.pyDevelopers should use keywords, not arguments, when specifying parameters provided to Service Class or the Uber Class command methods.
Example
Whenever possible, Service Classes attempt to guess the keyword for the first argument passed (if present). Typically these are aligned to the one required parameter for the method. (Example: the ids parameter)
Related to #263: Updated Uber class to no longer leverage the force_default helper, allowing users to still use the first argument to specify the action to be performed.
api_complete.pyBug fix: Added the after parameter to the endpoint parameter definitions for indicator_combined_v1 and indicator_search_v1. Closes #266.
_endpoint/_ioc.pyBug fix: Multiple methods within the Flight Control Service Class make use of the wrong HTTP method. Closes #291.
mssp.py
Other
Initial refactoring of unit test harnesses for service classes detailed above.
Reduced token-related API requests performed by unit testing series.
Minor adjustment to Uber class unit tests to better demonstrate proper method usage.
Updated unit tests to support US-2 / Gov base URL testing.
Version 0.5.6
Added features and functionality
Added: New functionality for handling service class modules within FalconDebug.
Issues resolved
Bug fix: Resolved JSONDecode error on RTR_DeleteSession. Closes #238.
Bug fix: Resolved issue with credential authentication in service classes not respecting custom API configuration attributes. Closes #242.
Other
Package metadata updates
Updated IDP unit tests to more accurately cover functionality
Flaky unit test adjustments
FalconDebug added to linting workflows
debug.py
Version 0.5.5
Added features and functionality
Refactored Custom IOA Service Class to the new pattern to provide for new parameter handling functionality, closes #217.
custom_ioa.pyRefactored Device Control Policies Service Class to the new pattern to provide for new parameter handling functionality, closes #224.
device_control_policies.pyRefactored Firewall Policies Service Class to the new pattern to provide for new parameter handling functionality, closes #227.
firewall_policies.pyRefactored Firewall Management Service Class to match the most recent pattern, closes #232.
firewall_management.pyRefactored Falcon X Sandbox Service Class to the new pattern to provide for new parameter handling functionality, closes #226.
falconx_sandbox.pyRefactored Hosts Service Class to the new pattern to provide for new parameter handling functionality, closes #218.
hosts.pyRefactored Host Group Service Class to the new pattern to provide for new parameter handling functionality, closes #223.
host_group.pyRefactored Intel Service Class to match the most recent pattern, closes #231.
intel.pyRefactored OAuth2 class to reflect new functionality and linting patterns, closes #233.
oauth2.pyRefactored Quick Scan Service Class to match the most recent pattern, closes #219.
quick_scan.pyRefactored Real Time Response Service Class to match the most recent pattern, closes #230.
real_time_response.pyRefactored Real Time Response Admin Service Class to match the most recent pattern, closes #229.
real_time_response_admin.pyRefactored Sensor Updated Policy Service Class to the new pattern to provide for new parameter handling functionality, closes #222.
sensor_update_policy.pyRefactored Sensor Downloads Service Class to the new pattern to provide for new parameter handling functionality, closes #221.
sensor_downloads.pyRefactored Sample Uploads Service Class to the new pattern to provide for new parameter handling functionality, closes #220.
sample_uploads.pyRefactored User Management Service Class to match the most recent pattern, closes #228.
user_management.py
Issues resolved
Bug fix: Resolved issue with the timeout parameter not being passed to the OAuth2 class when legacy authentication was being used. Closes #225.
Other
Enabled Pylint stopping the build on linting failures within package source.
Unit test updates to expand code coverage for new code paths.
This update provides part of the functionality requested in #115.
Version 0.5.4
Added features and functionality
Added
identity_protection.py- Identity Protection service class.Added utility to create a zip archive to be used with AWS Lambda layers. (
create-lambda-layer.sh)
Issues resolved
Bug fix: Resolved order of operations issue with body validation in validate_payload helper function. (
_util.py)Updated
cloud_connect_aws.py- Cloud_Connect_AWS Service Class. Closes #209.Updated
detects.py- Detects Service Class. Closes #210.Updated
event_streams.py- Event Streams Service Class. Closes #212.Updated
incidents.py- Incidents Service Class. Closes #213.Updated
spotlight_vulnerabilities.py- Spotlight Vulnerabilities Service Class. Closes #214.Updated
zero_trust_assessment.py- Zero Trust Assessment Service Class. Closes #211.Updated query used for unit testing of Spotlight Vulnerabilities service class. 2020 -> 2021 (
test_spotlight_vulnerabilities.py)Bug fix: Resolved flaky unit test for RegenerateAPIKey for Kubernetes Protection service class. (
test_kubernetes_protection.py).
Other
Added pylint workflow to push / pull_request actions.
_endpoint module updates to support new service class.
Added unit testing for new service class.
Unit testing updates to complete code coverage.
README.md updated.
Added additional classifiers and developer requirements to PIP package metadata. (
setup.py)
Version 0.5.3
Issues resolved
Bug fix: Resolves #200 by moving the failing method (entities_processes) in
iocs.pyto the latest code pattern.
Version 0.5.2
Issues resolved
Fixed: Incorrect endpoint specified in the updateSensorUpdatePoliciesV2 method within the Sensor Update Policy service class.
Version 0.5.1
Issues resolved
Fixed: https://github.com/CrowdStrike/falconpy/issues/181 by adding the parameters to the create and update ioc functions.
Version 0.5.0
Added features and functionality
Added: IOC API Service Class (
ioc.py)indicator_combined_v1
indicator_get_v1
indicator_create_v1
indicator_delete_v1
indicator_update_v1
indicator_search_v1
Added: Kubernetes Protection API Service Class (
kubernetes_protection.py)GetAWSAccountsMixin0
CreateAWSAccount
DeleteAWSAccountsMixin0
UpdateAWSAccount
GetLocations
GetHelmValuesYaml
RegenerateAPIKey
GetClusters
TriggerScan
Added: Recon API Service Class (
recon.py)AggregateNotificationsV1
PreviewRuleV1
GetActionsV1
CreateActionsV1
DeleteActionV1
UpdateActionV1
GetNotificationsDetailedTranslatedV1
GetNotificationsDetailedV1
GetNotificationsTranslatedV1
GetNotificationsV1
DeleteNotificationsV1
UpdateNotificationsV1
GetRulesV1
CreateRulesV1
DeleteRulesV1
UpdateRulesV1
QueryActionsV1
QueryActionsV1
QueryNotificationsV1
QueryRulesV1
Added: Response Policies API Service Class (
response_policies.py)queryCombinedRTResponsePolicyMembers
queryCombinedRTResponsePolicies
performRTResponsePoliciesAction
setRTResponsePoliciesPrecedence
getRTResponsePolicies
createRTResponsePolicies
deleteRTResponsePolicies
updateRTResponsePolicies
queryRTResponsePolicyMembers
queryRTResponsePolicies
Updated: CSPM Registration API Service Class (
cspm_registration.py)Refactored to utilized updated pattern for Service Classes
Added: PatchCSPMAwsAccount function
Added: UpdateCSPMAzureTenantDefaultSubscriptionID function
Added: GetIOAEvents function
Added: GetIOAUsers function
Updated: Unit tests
Updated: Discover for Cloud Registration API Service Class (
d4c_registration.py)Refactored to remove unnecessary private method call / import of the sys library
Updated: IOA Exclusions API Service Class (
ioa_exclusions.py)Refactored to remove unnecessary private method call / import of the sys library
Updated: IOCs API Service Class (
iocs.py)Refactored to utilized updated pattern for Service Classes
Updated: Deprecated multiple endpoints as part of the release of the new IOC Service Class (
_endpoint/_iocs.py)
Updated: Falcon Complete Dashboard API Service Class (
falcon_complete_dashboard.py)Refactored to remove unnecessary private method call / import of the sys library
Updated: Falcon Flight Control API Service Class (
mssp.py)Refactored to remove unnecessary private method call / import of the sys library
Updated: Installation Tokens API Service Class (
installation_tokens.py)Refactored to remove unnecessary private method call / import of the sys library
Updated: Malquery API Service Class (
malquery.py)Refactored to remove unnecessary private method call / import of the sys library
Updated: ML Exclusions API Service Class (
ml_exclusions.py)Refactored to remove unnecessary private method call / import of the sys library
Updated: Overwatch Dashboard API Service Class (
overwatch_dashboard.py)Refactored to remove unnecessary private method call / import of the sys library
Updated: Prevention Policies API Service Class (
prevention_policy.py)Refactored to utilized updated pattern for Service Classes
Updated: Added add-rule-group and remove-rule-group actions to action_name parameter for performPreventionPoliciesAction function. (
_endpoint/_prevention_policy.py)
Updated: Sensor Visibility Exclusions API Service Class (
sensor_visibility_exclusions.py)Refactored to remove unnecessary private method call / import of the sys library
Other
Added: CSPM Registration API sample - CSPM registration policy export (@mccbryan3)
Version 0.4.10
Added features and functionality
Added: Timeout support - Float / tuple that is passed to the requests library when performing requests to the API. Can specify timeouts for connect, read and global.
Issues resolved
Fixed: Service Class proxy functionality support
Other
Timeout functionality unit tests (
test_timeout.py)
Version 0.4.9
Added features and functionality
Added: Proxy support - dictionary of proxies that are passed to the requests library when performing requests to the API.
Related to discussion post #154
Version 0.4.8
Issues resolved
Fixed: Parsing issue with ids argument within MSSP.getChildren (Flight Control Service Class)
Resolved by migrating
mssp.pysource to the new pattern being tested for Service Classes.Closes #144
Version 0.4.7
Added features and functionality
New Service Class pattern - Query String parameters can now be passed as function arguments.
This functionality is currently only available in the following new Service Classes while regression testing is underway.
Added: D4C Registration API Service Class (
d4c_registration.py)GetCSPMAzureAccount
CreateCSPMAzureAccount
UpdateCSPMAzureAccountClientID
GetCSPMAzureUserScriptsAttachment
GetCSPMAzureUserScripts
GetCSPMCGPAccount
GetCSPMGCPAccount (redirects to GetCSPMCGPAccount)
CreateCSPMGCPAccount
GetCSPMGCPUserScriptsAttachment
GetCSPMGCPUserScripts
Added unit tests (
test_d4c_registration.py)
Added: Installation Tokens API Service Class (
installation_tokens.py)audit_events_read
customer_settings_read
tokens_read
tokens_create
tokens_delete
tokens_update
audit_events_query
tokens_query
Added unit tests (
test_installation_tokens.py)
Added: IOA Exclusions API Service Class (
ioa_exclusions.py)getIOAExclusionsV1
createIOAExclusionsV1
deleteIOAExclusionsV1
updateIOAExclusionsV1
queryIOAExclusionsV1
Added unit tests (
test_ioa_exclusions.py)
Added: Falcon Complete Dashboard API Service Class (
falcon_complete_dashboard.py)AggregateAllowList
AggregateBlockList
AggregateDetections
AggregateDeviceCountCollection
AggregateEscalations
AggregateFCIncidents
AggregateRemediations
QueryAllowListFilter
QueryBlockListFilter
QueryDetectionIdsByFilter
GetDeviceCountCollectionQueriesByFilter
QueryEscalationsFilter
QueryIncidentIdsByFilter
QueryRemediationsFilter
Added unit tests (
test_falcon_complete_dashboard.py)
Added: MalQuery API Service Class (
malquery.py)GetMalQueryQuotasV1
PostMalQueryFuzzySearchV1
GetMalQueryDownloadV1
GetMalQueryMetadataV1
GetMalQueryRequestV1
GetMalQueryEntitiesSamplesFetchV1
PostMalQueryEntitiesSamplesMultidownloadV1
PostMalQueryExactSearchV1
PostMalQueryHuntV1
Added unit tests (
test_malquery.py)
Added: ML Exclusions API Service Class (
ml_exclusions.py)getMLExclusionsV1
createMLExclusionsV1
deleteMLExclusionsV1
updateMLExclusionsV1
queryMLExclusionsV1
Added unit tests (
test_ml_exclusions.py)
Added: Overwatch Dashboard API Service Class (
overwatch_dashboard.py)AggregatesDetectionsGlobalCounts
AggregatesEventsCollections
AggregatesEvents
AggregatesIncidentsGlobalCounts
AggregatesOWEventsGlobalCounts
Added unit tests (
test_overwatch_dashboard.py)
Added: Sensor Visibility Exclusions API Service Class (
sensor_visibility_exclusions.py)getSensorVisibilityExclusionsV1
createSVExclusionsV1
deleteSensorVisibilityExclusionsV1
updateSensorVisibilityExclusionsV1
querySensorVisibilityExclusionsV1
Added unit tests (
test_sensor_visibility_exclusions.py)
Other
Version 0.4.6-spotlight-remediations-patch-1
Added features and functionality
Added: Missing method to Spotlight_Vulnerabilities Service Class (
spotlight_vulnerabilities.py)getRemediations
Added unit test to existing test series (
test_spotlight_vulnerabilities.py)
Version 0.4.6
Added features and functionality
Added: MSSP (Falcon Flight Control) Service Class
getChildren
getCIDGroupMembersBy
addCIDGroupMembers
deleteCIDGroupMembers
getCIDGroupById
createCIDGroups
deleteCIDGroups
updateCIDGroups
getRolesByID
addRole
deleteRoles
getUserGroupMembersByID
addUserGroupMembers
deleteUserGroupMembers
getUserGroupsByID
createUserGroup
deleteUserGroups
updateUserGroups
queryChildren
queryCIDGroupMembers
queryCIDGroups
queryRoles
queryUserGroupMembers
queryUserGroups
Added unit tests (
test_mssp.py)
Added: Zero Trust Assessment Service Class
getAssessmentV1
Added unit tests (
test_zero_trust_assessment.py)
Issues resolved
Fixed KeyError when providing invalid credentials to a Service Class using Credential or Object authentication, Closes #134
Other
Moved _endpoint constant library to a private submodule (No impact to existing usage)
Added payload parameter information to _endpoint constants
Adds service collection ID to endpoint lists
This prepares the package for new functionality planned for future releases
Added:
force_defaultfunction - decorator function that forces default values for function arguments (_util.py)Added: Helper function
get_defaultRefactored Uber class to leverage this new functionality
Unit tests refactored to cover new code paths (
test_uber_api_complete.py)
Depending upon feedback, this updated pattern will be implemented within Service Classes to reduce overall function complexity
Linting
Developers: These patterns are being tested within the Uber Class for migration over to Service Classes in future versions
Reduced Uber class method complexity
Added: Helper function
calc_url_from_args(_util.py)Added: Helper function
_create_header_payload(api_complete.py, Requires class internal variables)
Migrated Uber class variables to snake_case format
Removed unnecessarily complex lambdas
New class method:
valid_cred_format, replaces previous lambda class attributeNew class method:
token_expired, replaces previous lambda class attribute
Reduced overall number of instance attributes
Unit tests updated (
test_uber_api_complete.py)
Minor unit test update to
test_cspm_registration.pyAdded
util/coverage.configMoved unit test coverage reporting over to configuration file for parameter management
Documentation updates
Version 0.4.5
Added features and functionality
Added: Custom Indicators of Attack (IOA) API Service Class (
custom_ioa.py)get_patterns
get_platformsMixin0
get_rule_groupsMixin0
create_rule_groupMixin0
delete_rule_groupsMixin0
update_rule_groupMixin0
get_rule_types
get_rules_get
get_rulesMixin0
create_rule
delete_rules
update_rules
validate
query_patterns
query_platformsMixin0
query_rule_groups_full
query_rule_groupsMixin0
query_rule_types
query_rulesMixin0
Added unit tests (
test_custom_ioa.py)
Added: Falcon X Quick Scan API Service Class (
quick_scan.py)GetScansAggregates
GetScans
ScanSamples
QuerySubmissionsMixin0
Added unit tests (
test_quick_scan.py)
Added: Uber class endpoints (
_endpoints.py)Falcon Complete Dashboard API
Falcon Overwatch Dashboard API
Falcon Flight Control API
Issues resolved
Fixed unidiomatic type check in
_util.py(parse_id_list)Fixed potentially problematic default payload lists and dictionaries (Service Classes and Uber Class)
Other
Added CHANGELOG.md
Documentation updates to reflect new service class and upcoming API additions
Minor comment updates
Adjusted GitHub actions to test operating systems as separate workflows
Minor GitHub workflow adjustments
Unit test updates
Cloud Connect AWS
CSPM Registration
Sensor Download
Version 0.4.4
Added features and functionality
Added: Sensor Download API Service Class (Contributor: @CalebSchwartz)
GetCombinedSensorInstallersByQuery
DownloadSensorInstallerById
GetSensorInstallersEntities
GetSensorInstallersCCIDByQuery
GetSensorInstallersByQuery
Added unit tests
Issues resolved
Fixed: action_name parameter default bug. Resolved by setting a default value and overriding this value if action_name is present in the parameters dictionary, Closes #114.
Other
Documentation updated to reflect the new Sensor Download Service Class
Version 0.4.3
Added features and functionality
Added: Sample_Uploads service class (
sample_uploads.py)UploadSampleV3
GetSampleV3
DeleteSampleV3
Added: Sample_Uploads unit tests (
test_sample_uploads.py)
Added: FalconDebug - Interactive Python3 debugger that provides a pre-defined API token.
Issues resolved
Fixed: Issue with Uber class command method using the action_name variable instead of file_name variable for actions passing the file_name parameter.
Fixed: Issue with
setup.pypassing GitHub emoji text to the package description.Fixed: Issue with Uber class unit testing not deleting uploaded files from Sample_Uploads API. (
test_uber_api_complete.py)
Version 0.4.2
Added features and functionality
Added missing method:
hosts.py- Added UpdateDeviceTags method to Hosts service class. (Contributor: @rewgord)Unit test added to
test_hosts.pyto test device tagging functionality.
API Operation summaries added to the Uber class:
_endpoint.py- This provides for upcoming functionality that will be announced in future updates.New endpoints added to the Uber class:
_endpoint.py
Deprecation Warning: Legacy API operation IDs that made use of the Python reserved characters "." and "-" have been deprecated. New operation IDs have been generated for each that now aligns to the method names defined in the equivalent service class.
Issues resolved
Added method validation to Uber class calls to the requests library. (HTTP 418 is sent when an invalid method is specified.)
Other
Cleaned up
event_streams.pyclass file to match new patterns.Updated return type decorators for service_request and perform_request. (
_util.py)Updated return type decorators for GetArtifacts, GetReports and GetSampleV2. (
falconx_sandbox.py)Abstracted all remaining common error output code paths to a stand-alone generic method. (
_util.py)
Version 0.4.1
Added features and functionality
New service class: cspm_registration.py - Provides the CSPM_Registration service class for handling Horizon registration in Azure and AWS.
Unit test added
Added methods: falconx_sandbox.py - Support for the following operations have been added to the FalconX_Sandbox service class.
QuerySampleV1
DeleteSampleV2
GetSampleV2
DeleteReport
GetReports
Unit test added
Issues resolved
Bug fix: Resolved malformed validator in detects.py - UpdateDetectsByIdsV2
Bug fix: Added action_name parameter to operations that require the parameter. Closes #53. This issue impacted 6 service classes in total:
device_control_policies.py - Device_Control_Policies - performDeviceControlPoliciesAction
firewall_policies.py - Firewall_Policies - performFirewallPoliciesAction
host_group.py - Host_Group - performGroupAction
hosts.py - Host - PerformActionV2
prevention_policy.py - Prevention_Policy - performPreventionPoliciesAction
sensor_update_policy.py - Sensor_Update_Policy - performSensorUpdatePoliciesAction
This issue also impacted the Uber class, resulting in updates to the command method within the APIHarness class.
Unit tests modified
Breaking Change: The action_name parameter does not currently accept unspecified values. This is resolved in the 0.4.4 version of the package.
Other
Minor updates to
_endpoints.pyto reflect operation ID corrections for the CSPM registration API.Abstracted common error output code paths to a stand-alone method within
_util.py.
Version 0.4.0
Added features and functionality
Added additional HTTP status codes
Added parameter input validation handling
Additional validations are planned for all service classes. Currently only enabled in
cloud_connect_aws.py.
Added body payload input validation handling
Additional validations are planned for all service classes. Currently only enabled in
cloud_connect_aws.py.
Added allowed HTTP method restrictions
Added ID list handling to API operations that require ID lists
Developers may now pass in a list of IDs or a comma-delimited string.
Added status code response checks to authentication events
Instantiate Service classes without having to manage tokens
Pass in credentials (Now referred to as "credential authentication")
Pass in the entire auth object (Now referred to as "object authentication")
Please note: Passing a token into Service classes is still fully supported. This is now referred to as "legacy authentication".
Added automatic token refresh functionality to Service Class calls
Developers must make use of either credential or object authentication in order to leverage this functionality.
Issues resolved
Added dynamic package metadata updates (Closes #14)
Generalized version control
New constant file:
_version.py
Added user-agent string to HTTP headers. (Closes #57)
Resolved a bug with token deauthentication (Uber and Service classes)
Resolved a bug in Firewall_Management.update_rule_group
Other
Abstracted calls to the requests library from all classes, reducing code segment size
New library: _util.py
New class: _service_class.py
New class: _result.py
All Service Classes refactored
Abstracted endpoint list from the Uber class to a standalone source file
New constant file: _endpoint.py
Linting / code cleanup
Added function input parameter datatype specifications (where possible)
Added function output datatype decorators
In order to reduce confusion, references to the
jsonrequests attribute are now always referred to as "body".References to the
datarequests attribute are still referred to as "data".
100% unit test coverage
Internal documentation updates
Last updated
Was this helpful?