Example #1
0
 def uberCCAWS_BadAuthentication(self):
     falcon = FalconSDK.APIHarness()
     if falcon.command("QueryAWSAccounts",
                       parameters={"limit": 1})["status_code"] == 401:
         return True
     else:
         return False
 def uberCCAWS_BadAuthentication(self):
     falcon = FalconSDK.APIHarness(creds={
         "client_id": "BadClientID",
         "client_secret": "BadClientSecret"
     })
     if falcon.command("QueryAWSAccounts",
                       parameters={"limit": 1})["status_code"] == 401:
         return True
     else:
         return False
Example #3
0
 def uberAuth(self):
     self.getConfig()       
     self.falcon = FalconSDK.APIHarness(creds={
             "client_id": self.config["falcon_client_id"],
             "client_secret": self.config["falcon_client_secret"]
         }
     )
     self.falcon.authenticate()
     if self.falcon.authenticated:
         return True
     else:
         return False
 def uberCCAWS_DisableSSLVerify(self):
     falcon = FalconSDK.APIHarness(creds={
         "client_id":
         config["falcon_client_id"],
         "client_secret":
         config["falcon_client_secret"]
     },
                                   ssl_verify=False)
     if falcon.command("QueryAWSAccounts",
                       parameters={"limit":
                                   1})["status_code"] in AllowedResponses:
         return True
     else:
         return False
Example #5
0
#  \___/|_.__/ \___|_|     \____|_|\__,_|___/___/
#
# These examples show how to interact with the Sample Uploads API using the Uber class.
#
import json
# Import the Uber Class
from falconpy import api_complete as FalconSDK

# Grab our config parameters
with open('../config.json', 'r') as file_config:
    config = json.loads(file_config.read())

# Create an instance of the Uber class
falcon = FalconSDK.APIHarness(
    creds={
        "client_id": config["falcon_client_id"],
        "client_secret": config["falcon_client_secret"]
    })

# Define our file
FILENAME = "testfile.jpg"
# Open the file for binary read, this will be our payload
PAYLOAD = open(FILENAME, 'rb').read()
# Upload the file using the Sample Uploads API, name this file "newfile.jpg" in the API
response = falcon.command('UploadSampleV3',
                          file_name="newfile.jpg",
                          data=PAYLOAD,
                          content_type="application/octet-stream")
# Grab the SHA256 unique identifier for the file we just uploaded
sha = response["body"]["resources"][0]["sha256"]
# Download a copy of this file, use the SHA256 ID to retrieve it
Example #6
0
except KeyError:
    # Any failure assume we're doing commercial
    baseURL = "https://api.crowdstrike.com"

try:
    verify_ssl_connections = config["ssl_verify"]
    if verify_ssl_connections == "":
        verify_ssl_connections = True
except KeyError:
    verify_ssl_connections = True
    config["ssl_verify"] = verify_ssl_connections

# Connect to the API
falcon = FalconSDK.APIHarness(creds={
    'client_id': config["falcon_client_id"],
    'client_secret': config["falcon_client_secret"]
},
                              base_url=baseURL,
                              ssl_verify=verify_ssl_connections)
# Authenticate to the API
falcon.authenticate()
# Cry about our bad keys
if not falcon.authenticated:
    status.statusWrite(
        f"Failed to connect to the API on {baseURL}. Check base_url and ssl_verify configuration settings."
    )
    raise SystemExit(
        f"Failed to connect to the API on {baseURL}.  Check base_url and ssl_verify configuration settings."
    )
else:
    # Retrieve our current CID (MSSP functionality) or add it to config?
    # This method requires Sensor Install API, our fallback option uses the Hosts API but a device must exist
Example #7
0
    else:
        parser.error("The {} command is not recognized.".format(command))
    #These globals exist for all requests
    falcon_client_id = args.falcon_client_id
    falcon_client_secret = args.falcon_client_secret
    log_enabled = args.log_enabled
    if args.query_limit is None:
        query_limit = 100
    else:
        query_limit = args.query_limit

    ############### MAIN ROUTINE
    #Connect to the API using our provided falcon client_id and client_secret
    try:
        falcon = FalconSDK.APIHarness(creds={
            'client_id': falcon_client_id,
            'client_secret': falcon_client_secret
        })
    except:
        #We can't communicate with the endpoint
        print("Unable to communicate with API")
    #Authenticate
    if falcon.authenticate():
        try:
            #Execute the command by calling the named function
            exec("{}_account()".format(command.lower()))
        except Exception as e:
            #Handle any previously unhandled errors
            print("Command failed with error: {}.".format(str(e)))
        #Discard our token before we exit
        falcon.deauthenticate()
    else:
Example #8
0
AllowedResponses = [200, 400, 415, 429, 500]

if "DEBUG_API_ID" in os.environ and "DEBUG_API_SECRET" in os.environ:
    config = {}
    config["falcon_client_id"] = os.getenv("DEBUG_API_ID")
    config["falcon_client_secret"] = os.getenv("DEBUG_API_SECRET")
else:
    cur_path = os.path.dirname(os.path.abspath(__file__))
    if os.path.exists('%s/test.config' % cur_path):
        with open('%s/test.config' % cur_path, 'r') as file_config:
            config = json.loads(file_config.read())
    else:
        sys.exit(1)

falcon = FalconSDK.APIHarness(client_id=config["falcon_client_id"],
                              client_secret=config["falcon_client_secret"])
falcon.authenticate()
if not falcon.authenticated:
    sys.exit(1)


class TestUber:
    def uberCCAWS_GetAWSSettings(self):
        if falcon.command("GetAWSSettings")["status_code"] in AllowedResponses:
            return True
        else:
            return False

    def uberCCAWS_QueryAWSAccounts(self):
        if falcon.command("QueryAWSAccounts",
                          parameters={"limit":