sensor_download
Sensor Download examples
The examples within this folder focus on leveraging CrowdStrike's Falcon Sensor Download API to list and retrieve versions of the CrowdStrike agent.
Sensor Download by Operating System or Version
This sample demonstrates how to list and download sensors by operating system and versions.
Running the program
In order to run this demonstration, you will need access to CrowdStrike API keys with the following scopes:
Sensor Download
READ
Execution syntax
This demonstration was developed to leverage easy to use command-line arguments.
Command line arguments
This program accepts the following command-line arguments.
-h
--help
show help message and exit
-k KEY
--key KEY
CrowdStrike API Key
-s SECRET
--secret SECRET
CrowdStrike API Secret
-a
--all
Show all columns / Download all versions
-d
--download
Shortcut for --command download
-n NMINUS
--nminus NMINUS
Download previous version (n-1, n-2, 0 = current, 2 = n-2)
-c COMMAND
--command COMMAND
Command to perform. (list or download, defaults to list)
-o OS
--os OS
Sensor operating system
-v OSVER
--osver OSVER
Sensor operating system version
-f FILENAME
--filename FILENAME
Name to use for downloaded file
-t TABLE_FORMAT
--table_format TABLE_FORMAT
Table format to use for display.
-debug
--debug
Enable API debugging
-b
--base-url
GovCloud access to Crowdstrike API
Basic usage
The only required command line arguments are -k (CrowdStrike Falcon API Client ID) and -s (CrowdStrike Falcon API Client Secret).
The default command is "list" with no filters specified, which displays all sensor versions for all available operating systems.
python3 download_sensor.py -k $FALCON_CLIENT_ID -s $FALCON_CLIENT_SECRETFiltering by operating system
You can filter results by operating system with the -o argument.
python3 download_sensor.py -k $FALCON_CLIENT_ID -s $FALCON_CLIENT_SECRET -o ubuntuShowing all available detail
Extended detail for the versions listed can be shown by using the -a argument.
python3 download_sensor.py -k $FALCON_CLIENT_ID -s $FALCON_CLIENT_SECRET -o ubuntu -aFiltering by Operating System version
You can additionally filter by operating system version using the -v argument.
python3 download_sensor.py -k $FALCON_CLIENT_ID -s $FALCON_CLIENT_SECRET -o centos -v 7Downloading a sensor
Downloading is performed using the -d argument. (Defaults to Windows.)
Simple example
This example will download the latest sensor version for Windows.
python3 download_sensor.py -k $FALCON_CLIENT_ID -s $FALCON_CLIENT_SECRET -dFiltering by Operating System and Version
Filters described above are applied to select the appropriate version to download.
python3 download_sensor.py -k $FALCON_CLIENT_ID -s $FALCON_CLIENT_SECRET -o centos -v 7 -dActivating Debugging
This example shows how you can activate debugging functionality when you run download_senor.py.
python3 download_sensor.py -k $FALCON_CLIENT_ID -s $FALCON_CLIENT_SECRET -debug Allowing Access to GovCloud Users
This example shows how you GovCloud user can access sensor_download.py.
python3 download_sensor.py -k $FALCON_CLIENT_ID -s $FALCON_CLIENT_SECRET -b Specifying N-1 or N-2 versions.
You can specify the previous, or 2nd previous version to download by leveraging the -n argument.
0
Current
1
N-1 (previous)
2
N-2 (second previous)
python3 download_sensor.py -k $FALCON_CLIENT_ID -s $FALCON_CLIENT_SECRET -d -n 2Downloading all
You can download all available versions, or all versions for a specific Operating System using the -a argument. Passing the -n argument here will also be respected, and only download versions that are N-1 or N-2.
python3 download_sensor.py -k $FALCON_CLIENT_ID -s $FALCON_CLIENT_SECRET -d -aCommand-line help
Command-line help is available via the -h argument.
usage: download_sensor.py [-h] -k KEY -s SECRET [-a] [-d] [-n NMINUS] [-c COMMAND] [-o OS] [-v OSVER] [-f FILENAME] [-t TABLE_FORMAT]
CrowdStrike Falcon Sensor Download utility.
CrowdStrike Falcon
_______ ______ __ __
| _ .-----.-----.-----.-----.----.| _ \ .-----.--.--.--.-----| .-----.---.-.--| |
| 1___| -__| |__ --| _ | _||. | \| _ | | | | | | _ | _ | _ |
|____ |_____|__|__|_____|_____|__| |. | |_____|________|__|__|__|_____|___._|_____|
|: 1 | |: 1 /
|::.. . | |::.. . / - jshcodes@CrowdStrike
`-------' `------'
This example requires the crowdstrike-falconpy (0.6.2+) and tabulate packages.
Required API Scope - Sensor Download: READ
optional arguments:
-h, --help show this help message and exit
-k KEY, --key KEY CrowdStrike API Key
-s SECRET, --secret SECRET
CrowdStrike API Secret
-a, --all Show all columns / Download all versions
-d, --download Shortcut for '--command download'
-b, --base-url Allows access to usgov1
-n NMINUS, --nminus NMINUS
Download previous version (n-1, n-2, 0 = current, 2 = n-2)
-c COMMAND, --command COMMAND
Command to perform. (list or download, defaults to list)
-o OS, --os OS Sensor operating system
-debug, --debug Command to activate debugging
-v OSVER, --osver OSVER
Sensor operating system version
-f FILENAME, --filename FILENAME
Name to use for downloaded file
-t TABLE_FORMAT, --table_format TABLE_FORMAT
Table format to use for display.
(plain, simple, github, grid, fancy_grid, pipe, orgtbl, jira, presto,
pretty, psql, rst, mediawiki, moinmoin, youtrack, html, unsafehtml,
latext, latex_raw, latex_booktabs, latex_longtable, textile, tsv)
Example source code
Source code for this example can be found here.
Last updated
Was this helpful?