Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Version 1.4.7 - Correlation Rules, Intelligence Feeds and NG-SIEM #1282

Merged
merged 24 commits into from
Feb 13, 2025
Merged

Version 1.4.7 - Correlation Rules, Intelligence Feeds and NG-SIEM #1282

merged 24 commits into from
Feb 13, 2025

Conversation

jshcodes
Copy link
Member

@jshcodes jshcodes commented Feb 12, 2025
edited
Loading

FalconPy 1.4.7

This update adds 3 new service collections and addresses multiple bugs.

  • Enhancement
  • Bug fixes
  • Updated unit tests

Unit test coverage

Name                                                                   Stmts   Miss  Cover
------------------------------------------------------------------------------------------
src/falconpy/__init__.py                                                 107      0   100%
src/falconpy/_api_request/__init__.py                                      7      0   100%
src/falconpy/_api_request/_request.py                                    109      0   100%
src/falconpy/_api_request/_request_behavior.py                            55      0   100%
src/falconpy/_api_request/_request_connection.py                           8      0   100%
src/falconpy/_api_request/_request_meta.py                                26      0   100%
src/falconpy/_api_request/_request_payloads.py                             8      0   100%
src/falconpy/_api_request/_request_validator.py                            6      0   100%
src/falconpy/_auth_object/__init__.py                                      6      0   100%
src/falconpy/_auth_object/_base_falcon_auth.py                            13      0   100%
src/falconpy/_auth_object/_bearer_token.py                                63      0   100%
src/falconpy/_auth_object/_falcon_interface.py                           257      0   100%
src/falconpy/_auth_object/_interface_config.py                            40      0   100%
src/falconpy/_auth_object/_uber_interface.py                              42      0   100%
src/falconpy/_constant/__init__.py                                        11      0   100%
src/falconpy/_endpoint/__init__.py                                       208      0   100%
src/falconpy/_endpoint/_alerts.py                                          1      0   100%
src/falconpy/_endpoint/_api_integrations.py                                1      0   100%
src/falconpy/_endpoint/_aspm.py                                            1      0   100%
src/falconpy/_endpoint/_certificate_based_exclusions.py                    1      0   100%
src/falconpy/_endpoint/_cloud_connect_aws.py                               1      0   100%
src/falconpy/_endpoint/_cloud_snapshots.py                                 1      0   100%
src/falconpy/_endpoint/_compliance_assessments.py                          1      0   100%
src/falconpy/_endpoint/_configuration_assessment.py                        1      0   100%
src/falconpy/_endpoint/_configuration_assessment_evaluation_logic.py       1      0   100%
src/falconpy/_endpoint/_container_alerts.py                                1      0   100%
src/falconpy/_endpoint/_container_detections.py                            1      0   100%
src/falconpy/_endpoint/_container_images.py                                1      0   100%
src/falconpy/_endpoint/_container_packages.py                              1      0   100%
src/falconpy/_endpoint/_container_vulnerabilities.py                       1      0   100%
src/falconpy/_endpoint/_correlation_rules.py                               1      0   100%
src/falconpy/_endpoint/_cspm_registration.py                               1      0   100%
src/falconpy/_endpoint/_custom_ioa.py                                      1      0   100%
src/falconpy/_endpoint/_custom_storage.py                                  1      0   100%
src/falconpy/_endpoint/_d4c_registration.py                                1      0   100%
src/falconpy/_endpoint/_datascanner.py                                     1      0   100%
src/falconpy/_endpoint/_delivery_settings.py                               1      0   100%
src/falconpy/_endpoint/_detects.py                                         1      0   100%
src/falconpy/_endpoint/_device_control_policies.py                         1      0   100%
src/falconpy/_endpoint/_discover.py                                        1      0   100%
src/falconpy/_endpoint/_downloads.py                                       1      0   100%
src/falconpy/_endpoint/_drift_indicators.py                                1      0   100%
src/falconpy/_endpoint/_event_streams.py                                   1      0   100%
src/falconpy/_endpoint/_exposure_management.py                             1      0   100%
src/falconpy/_endpoint/_falcon_complete_dashboard.py                       1      0   100%
src/falconpy/_endpoint/_falcon_container.py                                1      0   100%
src/falconpy/_endpoint/_falconx_sandbox.py                                 1      0   100%
src/falconpy/_endpoint/_fdr.py                                             1      0   100%
src/falconpy/_endpoint/_filevantage.py                                     1      0   100%
src/falconpy/_endpoint/_firewall_management.py                             1      0   100%
src/falconpy/_endpoint/_firewall_policies.py                               1      0   100%
src/falconpy/_endpoint/_foundry_logscale.py                                1      0   100%
src/falconpy/_endpoint/_host_group.py                                      1      0   100%
src/falconpy/_endpoint/_host_migration.py                                  1      0   100%
src/falconpy/_endpoint/_hosts.py                                           1      0   100%
src/falconpy/_endpoint/_identity_protection.py                             1      0   100%
src/falconpy/_endpoint/_image_assessment_policies.py                       1      0   100%
src/falconpy/_endpoint/_incidents.py                                       1      0   100%
src/falconpy/_endpoint/_installation_tokens.py                             1      0   100%
src/falconpy/_endpoint/_intel.py                                           1      0   100%
src/falconpy/_endpoint/_intelligence_feeds.py                              1      0   100%
src/falconpy/_endpoint/_ioa_exclusions.py                                  1      0   100%
src/falconpy/_endpoint/_ioc.py                                             1      0   100%
src/falconpy/_endpoint/_iocs.py                                            1      0   100%
src/falconpy/_endpoint/_kubernetes_protection.py                           1      0   100%
src/falconpy/_endpoint/_malquery.py                                        1      0   100%
src/falconpy/_endpoint/_message_center.py                                  1      0   100%
src/falconpy/_endpoint/_ml_exclusions.py                                   1      0   100%
src/falconpy/_endpoint/_mobile_enrollment.py                               1      0   100%
src/falconpy/_endpoint/_mssp.py                                            1      0   100%
src/falconpy/_endpoint/_ngsiem.py                                          1      0   100%
src/falconpy/_endpoint/_oauth2.py                                          1      0   100%
src/falconpy/_endpoint/_ods.py                                             1      0   100%
src/falconpy/_endpoint/_overwatch_dashboard.py                             1      0   100%
src/falconpy/_endpoint/_prevention_policies.py                             1      0   100%
src/falconpy/_endpoint/_quarantine.py                                      1      0   100%
src/falconpy/_endpoint/_quick_scan.py                                      1      0   100%
src/falconpy/_endpoint/_quick_scan_pro.py                                  1      0   100%
src/falconpy/_endpoint/_real_time_response.py                              1      0   100%
src/falconpy/_endpoint/_real_time_response_admin.py                        1      0   100%
src/falconpy/_endpoint/_real_time_response_audit.py                        1      0   100%
src/falconpy/_endpoint/_recon.py                                           1      0   100%
src/falconpy/_endpoint/_report_executions.py                               1      0   100%
src/falconpy/_endpoint/_response_policies.py                               1      0   100%
src/falconpy/_endpoint/_sample_uploads.py                                  1      0   100%
src/falconpy/_endpoint/_scheduled_reports.py                               1      0   100%
src/falconpy/_endpoint/_sensor_download.py                                 1      0   100%
src/falconpy/_endpoint/_sensor_update_policies.py                          1      0   100%
src/falconpy/_endpoint/_sensor_usage.py                                    1      0   100%
src/falconpy/_endpoint/_sensor_visibility_exclusions.py                    1      0   100%
src/falconpy/_endpoint/_spotlight_evaluation_logic.py                      1      0   100%
src/falconpy/_endpoint/_spotlight_vulnerabilities.py                       1      0   100%
src/falconpy/_endpoint/_tailored_intelligence.py                           1      0   100%
src/falconpy/_endpoint/_threatgraph.py                                     1      0   100%
src/falconpy/_endpoint/_unidentified_containers.py                         1      0   100%
src/falconpy/_endpoint/_user_management.py                                 1      0   100%
src/falconpy/_endpoint/_workflows.py                                       1      0   100%
src/falconpy/_endpoint/_zero_trust_assessment.py                           1      0   100%
src/falconpy/_endpoint/deprecated/__init__.py                             43      0   100%
src/falconpy/_endpoint/deprecated/_certificate_based_exclusions.py         1      0   100%
src/falconpy/_endpoint/deprecated/_correlation_rules.py                    1      0   100%
src/falconpy/_endpoint/deprecated/_custom_ioa.py                           1      0   100%
src/falconpy/_endpoint/deprecated/_d4c_registration.py                     1      0   100%
src/falconpy/_endpoint/deprecated/_datascanner.py                          1      0   100%
src/falconpy/_endpoint/deprecated/_discover.py                             1      0   100%
src/falconpy/_endpoint/deprecated/_exposure_management.py                  1      0   100%
src/falconpy/_endpoint/deprecated/_fdr.py                                  1      0   100%
src/falconpy/_endpoint/deprecated/_firewall_management.py                  1      0   100%
src/falconpy/_endpoint/deprecated/_hosts.py                                1      0   100%
src/falconpy/_endpoint/deprecated/_identity_protection.py                  1      0   100%
src/falconpy/_endpoint/deprecated/_installation_tokens.py                  1      0   100%
src/falconpy/_endpoint/deprecated/_ioc.py                                  1      0   100%
src/falconpy/_endpoint/deprecated/_iocs.py                                 1      0   100%
src/falconpy/_endpoint/deprecated/_mapping.py                              2      0   100%
src/falconpy/_endpoint/deprecated/_ods.py                                  1      0   100%
src/falconpy/_endpoint/deprecated/_real_time_response.py                   1      0   100%
src/falconpy/_endpoint/deprecated/_real_time_response_admin.py             1      0   100%
src/falconpy/_endpoint/deprecated/_report_executions.py                    1      0   100%
src/falconpy/_endpoint/deprecated/_scheduled_reports.py                    1      0   100%
src/falconpy/_endpoint/deprecated/_zero_trust_assessment.py                1      0   100%
src/falconpy/_enum/__init__.py                                             4      0   100%
src/falconpy/_enum/_base_url.py                                            8      0   100%
src/falconpy/_enum/_container_base_url.py                                  7      0   100%
src/falconpy/_enum/_token_fail_reason.py                                   4      0   100%
src/falconpy/_error/__init__.py                                            3      0   100%
src/falconpy/_error/_exceptions.py                                        68      0   100%
src/falconpy/_error/_warnings.py                                          73      0   100%
src/falconpy/_log/__init__.py                                              2      0   100%
src/falconpy/_log/_facility.py                                            34      0   100%
src/falconpy/_payload/__init__.py                                         38      0   100%
src/falconpy/_payload/_alerts.py                                          11      0   100%
src/falconpy/_payload/_api_integrations.py                                25      0   100%
src/falconpy/_payload/_aspm.py                                           104      0   100%
src/falconpy/_payload/_certificate_based_exclusions.py                    24      0   100%
src/falconpy/_payload/_cloud_snapshots.py                                 22      0   100%
src/falconpy/_payload/_container.py                                       76      0   100%
src/falconpy/_payload/_correlation_rules.py                               10      0   100%
src/falconpy/_payload/_cspm_registration.py                               64      0   100%
src/falconpy/_payload/_d4c_registration.py                                38      0   100%
src/falconpy/_payload/_delivery_settings.py                               10      0   100%
src/falconpy/_payload/_device_control_policy.py                           33      0   100%
src/falconpy/_payload/_exposure_management.py                             14      0   100%
src/falconpy/_payload/_falconx.py                                         25      0   100%
src/falconpy/_payload/_filevantage.py                                     46      0   100%
src/falconpy/_payload/_firewall.py                                       122      0   100%
src/falconpy/_payload/_foundry.py                                         16      0   100%
src/falconpy/_payload/_generic.py                                         66      0   100%
src/falconpy/_payload/_host_group.py                                      31      0   100%
src/falconpy/_payload/_identity_protection.py                             11      0   100%
src/falconpy/_payload/_incidents.py                                       15      0   100%
src/falconpy/_payload/_ioa.py                                             35      0   100%
src/falconpy/_payload/_ioc.py                                             52      0   100%
src/falconpy/_payload/_malquery.py                                        56      0   100%
src/falconpy/_payload/_message_center.py                                  22      0   100%
src/falconpy/_payload/_mobile_enrollment.py                               12      0   100%
src/falconpy/_payload/_mssp.py                                            15      0   100%
src/falconpy/_payload/_ods.py                                             13      0   100%
src/falconpy/_payload/_prevention_policy.py                               19      0   100%
src/falconpy/_payload/_real_time_response.py                              27      0   100%
src/falconpy/_payload/_recon.py                                           84      0   100%
src/falconpy/_payload/_reports.py                                         19      0   100%
src/falconpy/_payload/_response_policy.py                                 19      0   100%
src/falconpy/_payload/_sample_uploads.py                                   9      0   100%
src/falconpy/_payload/_sensor_update_policy.py                            30      0   100%
src/falconpy/_payload/_workflows.py                                       42      0   100%
src/falconpy/_result/__base_resource.py                                   28      0   100%
src/falconpy/_result/__init__.py                                           9      0   100%
src/falconpy/_result/_base_dictionary.py                                  31      0   100%
src/falconpy/_result/_errors.py                                            2      0   100%
src/falconpy/_result/_expanded_result.py                                   7      0   100%
src/falconpy/_result/_headers.py                                          24      0   100%
src/falconpy/_result/_meta.py                                             30      0   100%
src/falconpy/_result/_resources.py                                        14      0   100%
src/falconpy/_result/_response_component.py                               24      0   100%
src/falconpy/_result/_result.py                                          220      1    99%
src/falconpy/_service_class/__init__.py                                    3      0   100%
src/falconpy/_service_class/_base_service_class.py                       118      0   100%
src/falconpy/_service_class/_service_class.py                            104      0   100%
src/falconpy/_util/__init__.py                                             5      0   100%
src/falconpy/_util/_auth.py                                               47      0   100%
src/falconpy/_util/_functions.py                                         428      1    99%
src/falconpy/_util/_service.py                                             3      0   100%
src/falconpy/_util/_uber.py                                               49      0   100%
src/falconpy/_version.py                                                  37      0   100%
src/falconpy/alerts.py                                                    62      0   100%
src/falconpy/api_complete/__init__.py                                      3      0   100%
src/falconpy/api_complete/_advanced.py                                    59      0   100%
src/falconpy/api_complete/_legacy.py                                     202      0   100%
src/falconpy/api_integrations.py                                          22      0   100%
src/falconpy/aspm.py                                                     147      0   100%
src/falconpy/certificate_based_exclusions.py                              34      0   100%
src/falconpy/cloud_snapshots.py                                           35      0   100%
src/falconpy/compliance_assessments.py                                    49      0   100%
src/falconpy/configuration_assessment.py                                  13      0   100%
src/falconpy/configuration_assessment_evaluation_logic.py                  9      0   100%
src/falconpy/container_alerts.py                                          17      0   100%
src/falconpy/container_detections.py                                      33      0   100%
src/falconpy/container_images.py                                          59      0   100%
src/falconpy/container_packages.py                                        25      0   100%
src/falconpy/container_vulnerabilities.py                                 46      0   100%
src/falconpy/correlation_rules.py                                         35      0   100%
src/falconpy/cspm_registration.py                                        212      0   100%
src/falconpy/custom_ioa.py                                                91      0   100%
src/falconpy/custom_storage.py                                           142      0   100%
src/falconpy/d4c_registration.py                                         120      0   100%
src/falconpy/datascanner.py                                               26      0   100%
src/falconpy/delivery_settings.py                                         15      0   100%
src/falconpy/device_control_policies.py                                   78      0   100%
src/falconpy/discover.py                                                  47      0   100%
src/falconpy/downloads.py                                                 13      0   100%
src/falconpy/drift_indicators.py                                          25      0   100%
src/falconpy/event_streams.py                                             20      0   100%
src/falconpy/exposure_management.py                                       42      0   100%
src/falconpy/falcon_complete_dashboard.py                                111      0   100%
src/falconpy/falcon_container.py                                          57      0   100%
src/falconpy/falconx_sandbox.py                                           96      0   100%
src/falconpy/fdr.py                                                       23      0   100%
src/falconpy/filevantage.py                                              159      0   100%
src/falconpy/firewall_management.py                                      139      0   100%
src/falconpy/firewall_policies.py                                         71      0   100%
src/falconpy/foundry_logscale.py                                          68      0   100%
src/falconpy/host_group.py                                                61      0   100%
src/falconpy/host_migration.py                                            88      0   100%
src/falconpy/hosts.py                                                    113      0   100%
src/falconpy/identity_protection.py                                       51      0   100%
src/falconpy/image_assessment_policies.py                                 63      0   100%
src/falconpy/incidents.py                                                 41      0   100%
src/falconpy/installation_tokens.py                                       43      0   100%
src/falconpy/intel.py                                                    105      0   100%
src/falconpy/intelligence_feeds.py                                        17      0   100%
src/falconpy/ioa_exclusions.py                                            33      0   100%
src/falconpy/ioc.py                                                       94      0   100%
src/falconpy/iocs.py                                                      40      0   100%
src/falconpy/kubernetes_protection.py                                    261      0   100%
src/falconpy/malquery.py                                                  50      0   100%
src/falconpy/message_center.py                                            90      0   100%
src/falconpy/ml_exclusions.py                                             37      0   100%
src/falconpy/mobile_enrollment.py                                         19      0   100%
src/falconpy/mssp.py                                                     174      0   100%
src/falconpy/ngsiem.py                                                   103     11    89%
src/falconpy/oauth2.py                                                    30      0   100%
src/falconpy/ods.py                                                       73      0   100%
src/falconpy/overwatch_dashboard.py                                       31      0   100%
src/falconpy/prevention_policy.py                                         62      0   100%
src/falconpy/quarantine.py                                                46      0   100%
src/falconpy/quick_scan.py                                                27      0   100%
src/falconpy/quick_scan_pro.py                                            45      0   100%
src/falconpy/real_time_response.py                                       127      0   100%
src/falconpy/real_time_response_admin.py                                  83      0   100%
src/falconpy/real_time_response_audit.py                                  10      0   100%
src/falconpy/recon.py                                                    129      0   100%
src/falconpy/report_executions.py                                         24      0   100%
src/falconpy/response_policies.py                                         61      0   100%
src/falconpy/sample_uploads.py                                            92      0   100%
src/falconpy/scheduled_reports.py                                         20      0   100%
src/falconpy/sensor_download.py                                           55      0   100%
src/falconpy/sensor_update_policy.py                                     110      0   100%
src/falconpy/sensor_usage.py                                               9      0   100%
src/falconpy/sensor_visibility_exclusions.py                              31      0   100%
src/falconpy/spotlight_evaluation_logic.py                                23      0   100%
src/falconpy/spotlight_vulnerabilities.py                                 31      0   100%
src/falconpy/tailored_intelligence.py                                     41      0   100%
src/falconpy/threatgraph.py                                               29      0   100%
src/falconpy/unidentified_containers.py                                   17      0   100%
src/falconpy/user_management.py                                          139      0   100%
src/falconpy/workflows.py                                                100      0   100%
src/falconpy/zero_trust_assessment.py                                     23      0   100%
------------------------------------------------------------------------------------------
TOTAL                                                                   9110     13    99%

Bandit analysis

[main]	INFO	running on Python 3.13.1
Run started:2025-02-12 05:51:42.787866

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 80462
	Total lines skipped (#nosec): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
Files skipped (0):

Version 1.4.7

Added features and functionality

  • Added: Added new Intelligence Feeds service collection with 3 operations.

    • DownloadFeedArchive
    • ListFeedTypes
    • QueryFeedArchives
    • _endpoint/__init__.py
    • _endpoint/_intelligence_feeds.py
    • __init__.py
    • intelligence_feeds.py

    Unit testing expanded to complete code coverage.

    • tests/test_intelligence_feeds.py

  • Added: Added new NGSIEM service collection with 9 operations.

    • UploadLookupV1
    • GetLookupV1
    • GetLookupFromPackageWithNamespaceV1
    • GetLookupFromPackageV1
    • StartSearchV1
    • GetSearchStatusV1
    • StopSearchV1
    • CreateFileV1
    • UpdateFileV1
    • _endpoint/__init__.py
    • _endpoint/_ngsiem.py
    • _util/_functions.py
    • __init__.py
    • ngsiem.py

    Unit testing expanded to complete code coverage.

    • tests/test_ngsiem.py

  • Added: Added new Correlation Rules service collection with 6 operations. Closes Missing correlation endpoints #1275.

    • combined_rules_get_v1
    • entities_rules_get_v1
    • entities_rules_post_v1
    • entities_rules_delete_v1
    • entities_rules_patch_v1
    • queries_rules_get_v1
    • _endpoint/__init__.py
    • _endpoint/_correlation_rules.py
    • _endpoint/deprecated/__init__.py
    • _endpoint/deprecated/_correlation_rules.py
    • _payload/__init__.py
    • _payload/_correlation_rules.py
    • __init__.py
    • correlation_rules.py

    Unit testing expanded to complete code coverage.

    • tests/test_correlation_rules.py

Issues resolved

  • Resolved: timezone argument is not available for the createScheduledExclusions operation within the FileVantage Service Class. Closes FileVantage's createScheduledExclusions missing Keyword Argumment for timezone #1231.

    • _payload/_filevantage.py
    • filevantage.py
    • Thanks go out to @security-roberts for identifying and reporting this issue! 🙇

  • Resolved: Fixed payload handler issue when providing certificate keys via keywords as opposed to providing the certificate keyword when using the cb_exclusions_create_v1 operation within the CertificateBasedExclusions service class.

    • _payload/_certificate_based_exclusions.py

  • Resolved: Added error handling for when invalid API responses are received from the GraphQL operation within the Identity Protection service collection.

    • _util/_functions.py

  • Resolved: Fixed invalid default body payload for createMLExclusionsV1 operation in MLExclusions Service Class.

    • ml_exclusions.py

  • Resolved: Fix operation name for the FileUploadQuickScanPro operation within the Quick Scan Pro service collection. Closes Allow file name override in QS Pro upload_file operation #1276. Closes [ DOC ] QuickScan Pro upload file operation name is incorrect #1277.

    • _endpoint\_quick_scan_pro.py
    • quick-scan-pro.py

@jshcodes
Update payload handler to support new values. Closes #1231.
d91eaca
@jshcodes
Fix payload handler when providing certificate keys as keywords
4caa3dc
@jshcodes
Update CHANGELOG.md
1b8f6c7
@jshcodes
Add new IntelligenceFeeds service collection
34a9e91
@jshcodes
Add NGSIEM service collection
f2888a7
@jshcodes
Fix error handling of invalid response from IdentityProtection GraphQ…
50dfc26 
…L operation
@jshcodes
Adjust Detects unit testing
cce946b
@jshcodes
Bump version -> 1.4.7
1ba9f3c
@jshcodes
Adjust unit testing to allow temporary 500
fbf6796
@jshcodes
Description updates. Operation ID Update (UploadFileQuickScanPro). Cl…
dc44f74 
…oses #1277.
@jshcodes
Allow custom file name. Closes #1276.
8feb87c
@jshcodes
Add CorrelationRules service collection. Closes #1275.
d875fbe
@jshcodes
Fix invalid body payload default in createMLExclusionsV1.
79f4676
@jshcodes
Add NGSIEM service collection
d48435c
@jshcodes
Add CorrelationRules service collection. Closes #1275.
e585ba9
@jshcodes
Adjust workflows unit testing
bb386a5
@jshcodes
Adjust NGSIEM unit testing
6411917
@jshcodes
Remove detects from coverage reporting
7d4bf75
@jshcodes jshcodes self-assigned this Feb 12, 2025
@jshcodes jshcodes requested a review from jlangdev February 12, 2025 20:42
@jshcodes jshcodes merged commit c206eec into main Feb 13, 2025
27 checks passed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@jlangdev jlangdev jlangdev approved these changes

@crowdstrikedcs crowdstrikedcs crowdstrikedcs approved these changes

Assignees

@jshcodes jshcodes

Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@jshcodes @jlangdev @crowdstrikedcs