def uberCCAWS_BadAuthentication(self):
falcon = FalconSDK.APIHarness()
if falcon.command("QueryAWSAccounts",
parameters={"limit": 1})["status_code"] == 401:
return True
else:
return False
def uberCCAWS_BadAuthentication(self):
falcon = FalconSDK.APIHarness(creds={
"client_id": "BadClientID",
"client_secret": "BadClientSecret"
})
if falcon.command("QueryAWSAccounts",
parameters={"limit": 1})["status_code"] == 401:
return True
else:
return False
def uberAuth(self):
self.getConfig()
self.falcon = FalconSDK.APIHarness(creds={
"client_id": self.config["falcon_client_id"],
"client_secret": self.config["falcon_client_secret"]
}
)
self.falcon.authenticate()
if self.falcon.authenticated:
return True
else:
return False
def uberCCAWS_DisableSSLVerify(self):
falcon = FalconSDK.APIHarness(creds={
"client_id":
config["falcon_client_id"],
"client_secret":
config["falcon_client_secret"]
},
ssl_verify=False)
if falcon.command("QueryAWSAccounts",
parameters={"limit":
1})["status_code"] in AllowedResponses:
return True
else:
return False
# \___/|_.__/ \___|_| \____|_|\__,_|___/___/
#
# These examples show how to interact with the Sample Uploads API using the Uber class.
#
import json
# Import the Uber Class
from falconpy import api_complete as FalconSDK
# Grab our config parameters
with open('../config.json', 'r') as file_config:
config = json.loads(file_config.read())
# Create an instance of the Uber class
falcon = FalconSDK.APIHarness(
creds={
"client_id": config["falcon_client_id"],
"client_secret": config["falcon_client_secret"]
})
# Define our file
FILENAME = "testfile.jpg"
# Open the file for binary read, this will be our payload
PAYLOAD = open(FILENAME, 'rb').read()
# Upload the file using the Sample Uploads API, name this file "newfile.jpg" in the API
response = falcon.command('UploadSampleV3',
file_name="newfile.jpg",
data=PAYLOAD,
content_type="application/octet-stream")
# Grab the SHA256 unique identifier for the file we just uploaded
sha = response["body"]["resources"][0]["sha256"]
# Download a copy of this file, use the SHA256 ID to retrieve it
except KeyError:
# Any failure assume we're doing commercial
baseURL = "https://api.crowdstrike.com"
try:
verify_ssl_connections = config["ssl_verify"]
if verify_ssl_connections == "":
verify_ssl_connections = True
except KeyError:
verify_ssl_connections = True
config["ssl_verify"] = verify_ssl_connections
# Connect to the API
falcon = FalconSDK.APIHarness(creds={
'client_id': config["falcon_client_id"],
'client_secret': config["falcon_client_secret"]
},
base_url=baseURL,
ssl_verify=verify_ssl_connections)
# Authenticate to the API
falcon.authenticate()
# Cry about our bad keys
if not falcon.authenticated:
status.statusWrite(
f"Failed to connect to the API on {baseURL}. Check base_url and ssl_verify configuration settings."
)
raise SystemExit(
f"Failed to connect to the API on {baseURL}. Check base_url and ssl_verify configuration settings."
)
else:
# Retrieve our current CID (MSSP functionality) or add it to config?
# This method requires Sensor Install API, our fallback option uses the Hosts API but a device must exist
else:
parser.error("The {} command is not recognized.".format(command))
#These globals exist for all requests
falcon_client_id = args.falcon_client_id
falcon_client_secret = args.falcon_client_secret
log_enabled = args.log_enabled
if args.query_limit is None:
query_limit = 100
else:
query_limit = args.query_limit
############### MAIN ROUTINE
#Connect to the API using our provided falcon client_id and client_secret
try:
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
except:
#We can't communicate with the endpoint
print("Unable to communicate with API")
#Authenticate
if falcon.authenticate():
try:
#Execute the command by calling the named function
exec("{}_account()".format(command.lower()))
except Exception as e:
#Handle any previously unhandled errors
print("Command failed with error: {}.".format(str(e)))
#Discard our token before we exit
falcon.deauthenticate()
else:
AllowedResponses = [200, 400, 415, 429, 500]
if "DEBUG_API_ID" in os.environ and "DEBUG_API_SECRET" in os.environ:
config = {}
config["falcon_client_id"] = os.getenv("DEBUG_API_ID")
config["falcon_client_secret"] = os.getenv("DEBUG_API_SECRET")
else:
cur_path = os.path.dirname(os.path.abspath(__file__))
if os.path.exists('%s/test.config' % cur_path):
with open('%s/test.config' % cur_path, 'r') as file_config:
config = json.loads(file_config.read())
else:
sys.exit(1)
falcon = FalconSDK.APIHarness(client_id=config["falcon_client_id"],
client_secret=config["falcon_client_secret"])
falcon.authenticate()
if not falcon.authenticated:
sys.exit(1)
class TestUber:
def uberCCAWS_GetAWSSettings(self):
if falcon.command("GetAWSSettings")["status_code"] in AllowedResponses:
return True
else:
return False
def uberCCAWS_QueryAWSAccounts(self):
if falcon.command("QueryAWSAccounts",
parameters={"limit":