Skip to content

CrowdStrike/falconpy

Folders and files

NameName
Last commit message
Last commit date
Dec 6, 2021
Nov 24, 2021
Dec 4, 2021
Dec 6, 2021
Dec 6, 2021
Nov 1, 2021
Jul 30, 2021
Nov 23, 2021
Nov 30, 2021
Dec 6, 2021
Nov 28, 2021
Nov 28, 2021
Nov 28, 2021
Dec 7, 2020
Nov 23, 2021
Nov 24, 2021
Dec 2, 2021
Mar 30, 2021
Sep 27, 2021
Aug 6, 2021

Repository files navigation

CrowdStrike FalconPy

Twitter URL

FalconPy - The CrowdStrike Falcon SDK for Python 3

PyPI - Implementation PyPI - Python Version CodeQL CI Test Coverage OSS Lifecycle
The FalconPy SDK contains a collection of Python classes that abstract CrowdStrike Falcon OAuth2 API interaction, removing duplicative code and allowing developers to focus on just the logic of their solution requirements.

Table of Contents

Overview

This SDK provides two distinct methods for interacting with CrowdStrike's Falcon OAuth2 APIs: Service Classes and the Uber Class. Class Types

Service Classes

Representing a single API service collection, each service class has a method defined for every operation available in that service collection.

Service Collection Code Location
CrowdStrike Device Control device_control_policies.py
CrowdStrike Sensor Update Policy Management sensor_update_policy.py
CrowdStrike Custom Indicators of Attack (IOAs) custom_ioa.py
ioa_exclusions.py
CrowdStrike Custom Indicators of Compromise (IOCs) ioc.py
iocs.py #f03c15 Deprecated
CrowdStrike Detections detects.py
CrowdStrike Falcon Discover discover.py
CrowdStrike Event Streams event_streams.py
CrowdStrike Falcon Container falcon_container.py
CrowdStrike Falcon Horizon cspm_registration.py
CrowdStrike Falcon X sample_uploads.py
falconx_sandbox.py
quick_scan.py
CrowdStrike Firewall Management firewall_management.py
CrowdStrike Firewall Policy Management firewall_policies.py
CrowdStrike Falcon Complete Dashboard falcon_complete_dashboard.py
CrowdStrike Falcon Flight Control mssp.py
CrowdStrike Host Groups host_group.py
CrowdStrike Hosts hosts.py
CrowdStrike Incident and Detection Monitoring incidents.py
CrowdStrike Installation Tokens installation_tokens.py
CrowdStrike Intel intel.py
CrowdStrike Kubernetes Protection kubernetes_protection.py
CrowdStrike MalQuery malquery.py
CrowdStrike ML Exclusions ml_exclusions.py
CrowdStrike OAuth2 Auth Token oauth2.py
CrowdStrike Overwatch Dashboard overwatch_dashboard.py
CrowdStrike Prevention Policy prevention_policy.py
CrowdStrike Quarantine quarantine.py
CrowdStrike Real Time Response (RTR) real_time_response.py
CrowdStrike Realtime Response (RTR) Administration real_time_response_admin.py
CrowdStrike Realtime Response (RTR) Policies response_policies.py
CrowdStrike Sensor Download sensor_download.py
CrowdStrike Sensor Visibility Exclusions sensor_visibility_exclusions.py
CrowdStrike Spotlight spotlight_vulnerabilities.py
CrowdStrike User and Roles user_management.py
Falcon Discover for Cloud and Containers - AWS Accounts cloud_connect_aws.py
Falcon Discover for Cloud and Containers - Azure Subscriptions d4c_registration.py
Falcon Discover for Cloud and Containers - GCP Projects d4c_registration.py
CrowdStrike Falcon Zero Trust Assessment zero_trust_assessment.py

#f03c15 Documentation links shown in the table above require a CrowdStrike customer login. Check falconpy.io or the FalconPy wiki for library-specific documentation.

The Uber Class

Provides a single harness for interacting with the entire API, covering every available operation within every API service collection.

api_complete.py - The Uber Class provides an interface to all CrowdStrike APIs with a single handler. This solution supports communicating with API endpoints that do not have an available Service Class or are recently released.

Installation & Removal

PyPI - Status PyPI PyPI - Wheel PyPI - Downloads CI Tests Pylint
Stable releases of FalconPy are available on the Python Package Index:

python3 -m pip install crowdstrike-falconpy

If you'd like to try the absolute bleeding edge, an automated GitHub action releases a test package with every merged pull request containing the string [DEPLOY] in the head of the commit.

To install this testing version of the package, use the command:

python3 -m pip install -i https://test.pypi.org/simple crowdstrike-falconpy

To uninstall and remove FalconPy:

python3 -m pip uninstall crowdstrike-falconpy

Contributing

There are many ways you can contribute to the FalconPy project!

  • Providing feedback by opening a GitHub ticket. Even a fly-by "Hey, this worked!" is appreciated and helps validate approaches. Ideas on improving the project are most welcome.
  • Documenting, blogging, or creating videos, of how you've used FalconPy! This type of content is invaluable and helps communities grow. Open a pull request for inclusion in the Documentation and Collateral section.
  • Fix a bug or implement a new feature. Check out our open issues on GitHub for inspiration.
  • Review pull requests by going through the queue of open pull requests on GitHub and giving feedback to the authors.

Review CONTRIBUTING.md for more details regarding contributing to the FalconPy project.

Open to do something else but not sure where to start? Try opening an issue or posting a topic on our discussion board to introduce yourself and your interests. We look forward to chatting with you!

Support & Community Forums

FalconPy is an open source project, not a formal CrowdStrike product, to assist developers implement CrowdStrike's APIs within their applications. As such it carries no formal support, expressed or implied.

πŸ”₯ Is something going wrong? πŸ”₯
GitHub Issues are used to report bugs. Submit a ticket here:
https://github.com/CrowdStrike/falconpy/issues/new/choose

GitHub Discussions provide the community with means to communicate. There are four discussion categories:

  • πŸ’¬ General: Catch all for general discussions.
  • πŸ’‘ Ideas: Have a suggestion for a feature request? Is there something the community or project could improve upon? Let us know here.
  • πŸ™ Q&A: Have a question about how to accomplish something? A usability question? Submit them here!
  • πŸ™Œ Show and Tell: Share with the community what you're up to! Perhaps this is letting everyone know about your upcoming conference talk, sharing a project that has embedded FalconPy, or your recent blog.

Documentation & Collateral

Official Project Documentation

Extended documentation is available via our wiki or at falconpy.io.

Videos (Tutorials, Trainings, Overviews)

Coming soon.

Conference Presentations

API Office Hour 03.23.21

Blogs/Articles/Prose

Coming soon.