Replies: 2 comments
-
Hi @Sshahar - Here's an example of connecting to the Event Streams API (we'll add an example for this to the samples folder soon), does this help? https://github.com/CrowdStrike/falcon-integration-gateway/blob/main/fig/falcon/api.py#L36 |
Beta Was this translation helpful? Give feedback.
-
An important part of this is that there's no API to pull actual events from falconpy only. gofalcon does this (https://github.com/crowdstrike/gofalcon/blob/v0.8.0/falcon/api_streaming.go#L63), you need to have a custom specific HTTP client ( aka requests.Session ), see https://github.com/CrowdStrike/falconpy/blob/main/tests/test_event_streams.py#L47 which instanciates a stream but does nothing but refreshing it. Once you get Here is an example, just in case this helps folks like me searching for an implementation, so that you don't have to go scavenge code from third-party working implementations by $vendors :P response = session.request('get',dataFeedURL,
headers = {
'Authorization': f'Token {sessionToken}',
'Connection': 'Keep-Alive'
},
params = params, # {"offset":454545,"eventType":"DetectionSummaryEvent"} - if needed
stream = True,
verify = False, # WARNING STREAMING THROUGH A PROXY ( mitmproxy / burp ) won't work smoothly hahah skfjhqmsdlkfj
)
for stream_data in response.iter_lines(chunk_size=None):
if stream_data == '':
continue # empty lines sent every 5s when you reached realtime
data = loads(stream_data)
print(data) |
Beta Was this translation helpful? Give feedback.
-
When using event streams, how else are you supposed to get the data?
after you call (listAvailableStreamsOAuth2 -> dict of event-streams), you should have an easy way to use those event-streams
Beta Was this translation helpful? Give feedback.
All reactions