def sync_hosts(
neo4j_session: neo4j.Session,
update_tag: int,
authorization: OAuth2,
) -> None:
client = Hosts(auth_object=authorization)
all_ids = get_host_ids(client)
for ids in all_ids:
host_data = get_hosts(client, ids)
load_host_data(neo4j_session, host_data, update_tag)
def get_host_ids(client: Hosts) -> List[List[str]]:
ids = []
parameters = {"filter": 'service_provider:"AWS_EC2"', "limit": 400}
response = client.QueryDevicesByFilter(parameters=parameters)
body = response.get("body", {})
resources = body.get("resources", [])
if not resources:
logger.warning("No host IDs in QueryDevicesByFilter.")
return []
ids.append(resources)
offset = body.get("meta", {}).get("pagination", {}).get("offset")
while offset:
parameters["offset"] = offset
response = client.QueryDevicesByFilter(parameters=parameters)
body = response.get("body", {})
resources = body.get("resources", [])
if not resources:
break
ids.append(resources)
offset = body.get("meta", {}).get("pagination", {}).get("offset")
return ids
parser.add_argument( # CrowdStrike API Client ID
'-k',
'--key',
help='Your CrowdStrike API key ID\n'
' Required Scopes\n'
' Hosts: READ\n'
' RTR: WRITE\n'
' RTR Admin: WRITE',
required=True)
parser.add_argument( # CrowdStrike API Client secret
'-s',
'--secret',
help='Your CrowdStrike API key secret',
required=True)
args = parser.parse_args() # Retrieve our provided command line arguments
hostname = args.target # Grab the hostname of our target from the user
falcon_auth = OAuth2( # Create an instance of our authentication class
client_id=args.key, # and authenticate to the API
client_secret=args.secret,
)
falcon_hosts = Hosts(
auth_object=falcon_auth) # Connect to the Hosts API using our auth object
falcon_rtr = RealTimeResponse(
auth_object=falcon_auth) # Connect to the RTR API using our auth object
falcon_rtra = RealTimeResponseAdmin(
auth_object=falcon_auth
) # Connect to the RTR Admin API using our auth object
if __name__ == "__main__":
main()
# Set the value of offset to be the offset returned
offset = offset_value
# This will be the same every time,
# overrides our init value of 1
total = result["meta"]["pagination"]["total"]
# Retrieve the list of IDs returned
id_list = result["resources"]
# Append this list to our running list of all IDs
returning.extend(id_list)
return returning
# Connect to the Hosts API
falcon = Hosts(client_id=os.environ["FALCON_CLIENT_ID"],
client_secret=os.environ["FALCON_CLIENT_SECRET"]
)
# Dictionary to hold our results
compare = {}
# Number of records to return per call, max is 5000
LIMIT = 100
# Standard offset handling using QueryDevicesByFilter
indicator = Indicator(msg="Offset method )( ")
indicator.display()
compare["offset_style"] = get_query_results("offset_style", LIMIT)
# "After" style offset handling using QueryDevicesByFilterScroll
indicator = ind_message(indicator, "Token method")
indicator.display()
def connect_api(key: str, secret: str) -> object:
"""
Connects to the API and returns an instance of the Hosts Service Class.
"""
return Hosts(client_id=key, client_secret=secret)
for device in result["body"]["resources"]:
res = {}
res["hostname"] = device["hostname"]
res["agent_version"] = device["agent_version"]
devices.append(res)
return devices
# Grab our config parameters from a local file.
with open('../config.json', 'r') as file_config:
config = json.loads(file_config.read())
falcon = Hosts(
creds={
"client_id": config["falcon_client_id"],
"client_secret": config["falcon_client_secret"]
},
# base_url = "https://YOUR_BASE_URL.crowdstrike.com" # Enter your base URL here if it is not US-1
)
offset = 0 # Start at the beginning
displayed = 0 # This is just so we can show a running count
total = 1 # Assume there is at least one
limit = 500 # Quick limit to prove pagination
while offset < total:
offset, total, devices = device_list(offset, limit)
details = device_detail(devices)
for detail in details:
displayed += 1
print(
f"{displayed}: {detail['hostname']} is on version {detail['agent_version']}"
def get_hosts(client: Hosts, ids: List[str]) -> List[Dict]:
response = client.GetDeviceDetails(ids=",".join(ids))
body = response.get("body", {})
return body.get("resources", [])