Crowdstrike-falconpy

Added features and functionality
+ Added: `include_hidden` argument added to the _PostAggregatesAlertsV2_, _PostEntitiesAlertsV2_, _PatchEntitiesAlertsV3_ and _GetQueriesAlertsV2_ operations.
- `_endpoint/_alerts.py`

+ Added: _ReadContainerAlertsCountBySeverity_ operation added to the __Container Alerts__ service collection.
- `_endpoint/_container_alerts.py`
- `container_alerts.py`
> Unit testing expanded to complete code coverage.
- `tests/test_container_alerts.py`

+ Added: `cspm_lite` argument added to the _GetCSPMAwsAccount_ and _GetCSPMAzureAccount_ operations within the __CSPM Registration__ service collection.
- `_endpoint/_cspm_registration.py`
- `cspm_registration.py`

+ Added: `azure_management_group` argument added to the _GetCSPMAzureUserScriptsAttachment_ operation within the __CSPM Registration__ service collection.
- `_endpoint/_cspm_registration.py`
- `cspm_registration.py`

+ Added: 9 new operations added to the __CSPM Registration__ service collection.
* _GetCSPMAzureManagementGroup_
* _CreateCSPMAzureManagementGroup_
* _GetCSPMCGPAccount_
* _CreateCSPMGCPAccount_
* _DeleteCSPMGCPAccount_
* _UpdateCSPMGCPAccount_
* _ConnectCSPMGCPAccount_
* _GetCSPMGCPServiceAccountsExt_
* _GetCSPMGCPUserScriptsAttachment_
- `_endpoint/_cspm_registration.py`
- `_payload/_cspm_registration.py`
- `cspm_registration.py`
> Unit testing expanded to complete code coverage.
- `tests/test_cspm_registration.py`

+ Added: `azure_management_group` argument added to the _GetDiscoverCloudAzureUserScriptsAttachment_ operation within the __D4C Registration__ service collection.
- `_endpoint/_d4c_registration.py`
- `d4c_registration.py`

+ Added: 4 new operations added to the __D4C Registration__ service collection.
* _DeleteD4CGCPAccount_
* _ConnectD4CGCPAccount_
* _GetD4CGCPServiceAccountsExt_
* _GetD4CGCPUserScriptsAttachment_
- `_endpoint/_d4c_registration.py`
- `_payload/_d4c_registration.py`
- `d4c_registration.py`
> Unit testing expanded to complete code coverage.
- `tests/test_d4c_registration.py`

+ Added: `execution_cid` argument added to the _WorkflowExecute_ operation within the __Workflows__ service collection.
- `_endpoint/_workflows.py`
- `workflows.py`

+ Added: New service collection __Image Assessment Policies__ containing 11 new operations.
* _ReadPolicies_
* _CreatePolicies_
* _UpdatePolicies_
* _DeletePolicy_
* _ReadPolicyExclusions_
* _UpdatePolicyExclusions_
* _ReadPolicyGroups_
* _CreatePolicyGroups_
* _UpdatePolicyGroups_
* _DeletePolicyGroup_
* _UpdatePolicyPrecedence_
- `_endpoint/__init__.py`
- `_endpoint/_image_assessment_policies.py`
> 3 new payload handlers are added.
- `_payload/__init__.py`
- `_payload/_container.py`
- `__init__.py`
- `image_assessment_policies.py`
> Unit testing expanded to complete code coverage.
- `tests/test_image_assessment_policies.py`

+ Added: 8 new operations added to the __Workflows__ service collection.
* _WorkflowDefinitionsCombined_
* _WorkflowExecutionsCombined_
* _WorkflowDefinitionsExport_
* _WorkflowDefinitionsImport_
* _WorkflowDefinitionsUpdate_
* _WorkflowDefinitionsCreate_
* _WorkflowGetHumanInputV1_
* _WorkflowUpdateHumanInputV1_
- `_endpoint/_workflows.py`
- `workflows.py`
> 2 new payload handlers are added.
- `_payload/__init__.py`
- `_payload/_workflows.py`
> Unit testing expanded to complete code coverage.
- `tests/test_workflows.py`

Issues resolved
+ Fixed: `member_cid` argument is not being passed to the authentication event when leveraging Environment Authentication. Closes 1105.
- `_auth_object/_falcon_interface.py`

+ Fixed: `rule_ids` is not included in body payloads when the list is empty for the _update_rule_groups_ operation within the __Firewall Management__ Service Class. Closes 1107.
- `_payload/_firewall.py`

+ Fixed: Added missing actions to _allowed_actions validator within `PerformActionV2` method of the __Hosts__ service collection. Closes 1108.
- `hosts.py`
- Thanks go out to i-shubham01 for identifying and resolving this issue! 🙇

Other
+ Updated: Enums added to _GetCSPMAwsAccount_ and _GetCSPMAwsConsoleSetupURLs_ operations within the __CSPM Registration__ endpoint module.
- `_endpoint/_cspm_registration.py`

+ Updated: Several parameter descriptions within the __Custom IOA__ endpoint module updated.
- `_endpoint/_custom_ioa.py`
- `_endpoint/deprecated/_custom_ioa.py`

+ Updated: Enum updated within the _GetD4CAwsAccount_ operation of the __D4C Registration__ endpoint module.
- `_endpoint/_d4c_registration.py`

+ Updated: Parameter description for the _Submit_ operation within the __Falcon Intelligence Sandbox__ endpoint module updated.
- `_endpoint/_falconx_sandbox.py`

+ Updated: Multiple parameter descriptions within the __Kubernetes Protection__ endpoint module updated.
- `_endpoint/_kubernetes_protection_.py`

+ Updated: Enum updated within the _QueryActivityByCaseID_ operation of the __Message Center__ endpoint module.
- `_endpoint/_message_center.py`

---

Other
+ Dropped: Python 3.6 support.
> Unit testing adjusted to reflect supported versions.
- `README.md`
- `SECURITY.md`
- `setup.py`

+ Refactored: Simple private child objects within the [__APIRequest__](https://www.falconpy.io/Usage/Extensibility.html#apirequest) object updated to leverage data classes.
- `_api_request/_request_connection.py`
- `_api_request/_request_payloads.py`
- `_api_request/_request_validator.py`

---

Added features and functionality
+ Added: 4 new operations added to the __*Alerts*__ service collection.
- *PostAggregateAlertsV2*
- *PostEntitiesAlertsV2*
- *PatchEntitiesAlertsV3*
- *GetQueriesAlertsV2*
- `_endpoint/_alerts.py`
- `alerts.py`
> Unit testing expanded to complete code coverage.
- `tests/test_alerts.py`
+ Added: `source_event_url` argument added to the _WorkflowExecute_ operation definition within the endpoint module.
- `_endpoint/_workflows.py`
+ Added: New Configuration Assessment service collection providing 2 new operations.
- *getCombinedAssessmentsQuery*
- *getRuleDetails*
- `_endpoint/__init__.py`
- `_endpoint/_configuration_assessment.py`
- `__init__.py`
- `configuration_assessment.py`
> Unit testing expanded to complete code coverage.
- `tests/test_configuration_assessment.py`
+ Added: New Configuration Assessment Evaluation Logic service collection providing 1 new operation.
- *getEvaluationLogicMixin0*
- `_endpoint/__init__.py`
- `_endpoint/_configuration_assessment_evaluation_logic.py`
- `__init__.py`
- `configuration_assessment_evaluation_logic.py`
> Unit testing expanded to complete code coverage.
- `tests/test_configuration_assessment_evaluation_logic.py`
+ Added: New Container Alerts service collection providing 2 new operations.
- *ReadContainerAlertsCount*
- *SearchAndReadContainerAlerts*
- `_endpoint/__init__.py`
- `_endpoint/_container_alerts.py`
- `__init__.py`
- `container_alerts.py`
> Unit testing expanded to complete code coverage.
- `tests/test_container_alerts.py`
+ Added: New Container Detections service collection providing 6 new operations.
- *ReadDetectionsCountBySeverity*
- *ReadDetectionsCountByType*
- *ReadDetectionsCount*
- *ReadCombinedDetections*
- *ReadDetections*
- *SearchDetections*
- `_endpoint/__init__.py`
- `_endpoint/_container_detections.py`
- `__init__.py`
- `container_detections.py`
> Unit testing expanded to complete code coverage.
- `tests/test_container_detections.py`
+ Added: New Container Images service collection providing 10 new operations.
- *AggregateImageAssessmentHistory*
- *AggregateImageCountByBaseOS*
- *AggregateImageCountByState*
- *AggregateImageCount*
- *GetCombinedImages*
- *CombinedImageByVulnerabilityCount*
- *CombinedImageDetail*
- *ReadCombinedImagesExport*
- *CombinedImageIssuesSummary*
- *CombinedImageVulnerabilitySummary*
- `_endpoint/__init__.py`
- `_endpoint/_container_images.py`
- `__init__.py`
- `container_images.py`
> Unit testing expanded to complete code coverage.
- `tests/test_container_images.py`
+ Added: New Container Packages service collection providing 5 new operations.
- *ReadPackagesCountByZeroDay*
- *ReadPackagesByFixableVulnCount*
- *ReadPackagesByVulnCount*
- *ReadPackagesCombinedExport*
- *ReadPackagesCombined*
- `_endpoint/__init__.py`
- `_endpoint/_container_packages.py`
- `__init__.py`
- `container_packages.py`
> Unit testing expanded to complete code coverage.
- `tests/test_container_packages.py`
+ Added: New Container Vulnerabilities service collection providing 10 new operations.
- *ReadCombinedVulnerabilities*
- *ReadCombinedVulnerabilitiesInfo*
- *ReadCombinedVulnerabilitiesDetails*
- *ReadVulnerabilitiesPublicationDate*
- *ReadVulnerabilitiesByImageCount*
- *ReadVulnerabilityCount*
- *ReadVulnerabilityCountBySeverity*
- *ReadVulnerabilityCountByCPSRating*
- *ReadVulnerabilityCountByCVSSScore*
- *ReadVulnerabilityCountByActivelyExploited*
- `_endpoint/__init__.py`
- `_endpoint/_container_vulnerabilities.py`
- `__init__.py`
- `container_vulnerabilities.py`
> Unit testing expanded to complete code coverage.
- `tests/test_container_vulnerabilities.py`
+ Added: `next_token` argument added to the _GetConfigurationDetectionIDsV2_ operation within the __*CSPM Registration*__ service collection.
- `_endpoint/_cspm_registration.py`
- `cspm_registration.py`
+ Added: New Drift Indicators service collection providing 5 new operations.
- *GetDriftIndicatorsValuesByDate*
- *ReadDriftIndicatorsCount*
- *SearchAndReadDriftIndicatorEntities*
- *ReadDriftIndicatorEntities*
- *SearchDriftIndicators*
- `_endpoint/__init__.py`
- `_endpoint/_drift_indicators.py`
- `__init__.py`
- `drift_indicators.py`
> Unit testing expanded to complete code coverage.
- `tests/test_drift_indicators.py`
+ Added: 3 new operations added to the __*Falcon Complete Dashboard*__ service collection.
- *AggregatePreventionPolicy*
- *AggregateSensorUpdatePolicy*
- *AggregateTotalDeviceCounts*
- `_endpoint/_falcon_complete_dashboard.py`
- `falcon_complete_dashboard.py`
> Unit testing expanded to complete code coverage.
- `tests/test_falcon_complete_dashboard.py`
+ Added: New arguments added to 5 operations within the __*Foundry LogScale*__ service collection. 2 arguments are removed from 1 operation.
- `check_test_data` is added to _ListReposV1_.
- `app_id` is added to _CreateSavedSearchesDynamicExecuteV1_.
- `app_id` is added to _GetSavedSearchesExecuteV1_.
- `app_id` is added to _CreateSavedSearchesExecuteV1_.
- `check_test_data` is added to _ListViewV1_.
- The duplicative query string parameter arguments `mode` and `version` have been removed from _CreateSavedSearchesExecuteV1_.
- `_endpoint/_foundry_logscale.py`
- `foundry_logscale.py`
> Unit testing expanded to complete code coverage.
- `tests/test_foundry_logscale.py`
+ Added: 1 new operation added to the __*Hosts*__ service collection.
- *QueryDeviceLoginHistoryV2*
- `_endpoint/_hosts.py`
- `hosts.py`
> Unit testing expanded to complete code coverage.
- `tests/test_hosts.py`
+ Added: 3 new operations added to the __*IOC*__ service collection. These operations replace legacy operations from the deprecated __*IOCS*__ service collection.
- *indicator_get_device_count_v1* replaces _DevicesCount_.
- *indicator_get_devices_ran_on_v1* replaces _DevicesRanOn_.
- *indicator_get_processes_ran_on_v1* replaces _ProcessRanOn_.
- `_endpoint/_ioc.py`
- `_endpoint/deprecated/_ioc.py`
- `ioc.py`
> Unit testing expanded to complete code coverage.
- `tests/test_ioc.py`
+ Added: 41 new operations added to the __*Kubernetes Protection*__ service collection.
- *ReadClustersByDateRangeCount*
- *ReadClustersByKubernetesVersionCount*
- *ReadClustersByStatusCount*
- *ReadClusterCount*
- *ReadContainersByDateRangeCount*
- *ReadContainerCountByRegistry*
- *FindContainersCountAffectedByZeroDayVulnerabilities*
- *ReadVulnerableContainerImageCount*
- *ReadContainerCount*
- *FindContainersByContainerRunTimeVersion*
- *GroupContainersByManaged*
- *ReadContainerImageDetectionsCountByDate*
- *ReadContainerImagesByState*
- *ReadContainersSensorCoverage*
- *ReadContainerVulnerabilitiesBySeverityCount*
- *ReadDeploymentsByDateRangeCount*
- *ReadDeploymentCount*
- *ReadClusterEnrichment*
- *ReadContainerEnrichment*
- *ReadDeploymentEnrichment*
- *ReadNodeEnrichment*
- *ReadPodEnrichment*
- *ReadDistinctContainerImageCount*
- *ReadContainerImagesByMostUsed*
- *ReadKubernetesIomByDateRange*
- *ReadKubernetesIomCount*
- *ReadNodesByCloudCount*
- *ReadNodesByContainerEngineVersionCount*
- *ReadNodesByDateRangeCount*
- *ReadNodeCount*
- *ReadPodsByDateRangeCount*
- *ReadPodCount*
- *ReadClusterCombined*
- *ReadRunningContainerImages*
- *ReadContainerCombined*
- *ReadDeploymentCombined*
- *SearchAndReadKubernetesIomEntities*
- *ReadNodeCombined*
- *ReadPodCombined*
- *ReadKubernetesIomEntities*
- *SearchKubernetesIoms*
- `_endpoint/_kubernetes_protection.py`
- `kubernetes_protection.py`
> Unit testing expanded to complete code coverage.
- `tests/test_kubernetes_protection.py`
+ Added: 1 new operation added to the __*ODS*__ service collection.
- *get_scans_by_scan_ids_v2*
> *get_scans_by_scan_ids_v1* has been deprecated. The PEP8 method `get_scans` has been redirected to the new operation. Developers wanting to leverage the legacy operation should call `get_scans_v1` or `get_scans_by_scan_ids_v1`.
- `_endpoint/_ods.py`
- `_endpoint/deprecated/_ods.py`
- `ods.py`
> Unit testing expanded to complete code coverage.
- `tests/test_ods.py`
+ Added: 2 new operations added to the __*Real Time Response Admin*__ service collection.
- *RTR_GetFalconScripts*
- *RTR_ListFalconScripts*
- `_endpoint/_real_time_response_admin.py`
- `_endpoint/deprecated/_real_time_response_admin.py`
- `real_time_response_admin.py`
> Unit testing expanded to complete code coverage.
- `tests/test_real_time_response_admin.py`
+ Added: New Unidentified Containers service collection providing 3 new operations.
- *ReadUnidentifiedContainersByDateRangeCount*
- *ReadUnidentifiedContainersCount*
- *SearchAndReadUnidentifiedContainers*
- `_endpoint/__init__.py`
- `_endpoint/_unidentified_containers.py`
- `__init__.py`
- `unidentified_containers.py`
> Unit testing expanded to complete code coverage.
- `tests/test_unidentified_containers.py`

Issues resolved
+ Fixed: `batch_id` and `batch_get_cmd_req_id` not available on pythonic Result object.
- `_result/_result.py`
+ Fixed: Pythonic responses not properly populating Result object resources attribute when a dictionary is returned for the resources branch.
- `_result/_result.py`
+ Fixed: `trace_id` property is not available on Result objects that do not contain a Meta attribute.
- `_result/_headers.py`
- `_result/_result.py`
+ Fixed: Changes the datatype for the `ids` argument within the _GetCSPMPolicy_ operation from __`string`__ to __`integer`__.
- `_endpoint/_cspm_registration.py`

Other
+ Fixed: A typo that incorrectly listed the default value for the `limit` keyword was resolved in the QueryDetects operation docstring. Closes 1089.
- `detects.py`
+ Refactored: Reduced complexity within the Result object constructor method by abstracting construction logic to a new method.
- `_result/_result.py`
+ Regenerated: Updated endpoint module to align to new library automation, resulting in cosmetic changes to description fields.
- `_endpoint/*`
+ Renamed: _RetrieveUser_ operation has been renamed to _retrieveUser_ within the __*User Management*__ service collection.
- `_endpoint/_user_management.py`
+ Deprecated: Adds additional deprecated operation IDs to the __*Firewall Management*__ service collection.
- `_endpoint/_firewall_management.py`
+ Fixed: Resolves a constant naming typo within the endpoint module for the __*Cloud Snapshots*__ service collection.
- `_endpoint/__init__.py`
- `_endpoint/_cloud_snapshots.py`
- `cloud_snapshots.py`
+ Fixed: Endpoint definition mismatch in _UploadSampleV3_ operation within the __*Sample Uploads*__ service collection.
- `_endpoint/_sample_uploads.py`
+ Fixed: Endpoint definition mismatch in _UploadSampleV2_ operation within the __*Falcon Intelligence Sandbox*__ service collection.
- `_endpoint/_falconx_sandbox.py`
> Unit testing expanded to complete code coverage.
- `tests/test_falconx_sandbox.py`

---

Added features and functionality
+ Added: Use a Service Class or the Uber Class as a context manager.
> Leveraging this functionality will automatically revoke your bearer token on context manager exit.
python
from falconpy import Hosts
with Hosts(pythonic=True) as hosts:
for device in hosts.query_devices().data:
print(device)

- `_auth_object/_uber_interface.py`
- `_service_class/_service_class.py`
+ Added: `app_id` keyword added to _CreateSavedSearchesIngestV1_ operation.
- `foundry_logscale.py`
> Unit testing expanded to complete code coverage.
- `tests/test_foundry_logscale.py`

Issues resolved
+ Fixed: _update_policy_container_ operation payload handler is missing the `policy_id` key. Closes 1068.
- `_payload/_firewall.py`
> Expanded unit testing to complete code coverage.
- `tests/test_firewall_management.py`
+ Fixed: `after` property is missing from the __Meta__ object. Closes 1069.
- `_result/_meta.py`
- `_result/_result.py`
+ Fixed: Payload handler for _tokens_update_ operation is not properly passing the `revoked` key. Closes 1074.
- `installation_tokens.py`
+ Fixed: API operations generating leveraging the raw attribute are not properly displaying results when leveraging result object expansion. Closes 1076.
- `_result/_result.py`
+ Fixed: Per-operation pythonic override is not working as expected. Closes 1078.
- `_util/_functions.py`

Other
+ Changed: Updated field mapping for Uber Class path variables to a cleaner solution.
- `_util/_uber.py`
+ Removed: The unsupported actions `add-rule-group` and `remove-rule-group` are removed from the _performFirewallPoliciesAction_ operation. Relates to 1059.
- `firewall_policies.py`

---

Added features and functionality
+ Added: Deprecation warnings for deprecated classes and operations. Closes 1055.
- `_endpoint/__init__.py`
- `_endpoint/deprecated/__init__.py`
- `_endpoint/deprecated/_mapping.py`
- `_error/__init__.py`
- `_error/_warnings.py`
- `_service_class/_service_class.py`
- `_util/__init__.py`
- `_util/_functions.py`
+ Added: New Custom Storage service collection.
- `__init__.py`
- `_endpoint/__init__.py`
- `_endpoint/_custom_storage.py`
- `_util/_functions.py`
- `custom_storage.py`
> Expanded unit testing to complete code coverage.
- `tests/test_custom_storage.py`
> The following new operations are provided by this service collection:
+ _ListObjects_
+ _SearchObjects_
+ _GetObject_
+ _PutObject_
+ _DeleteObject_
+ _GetObjectMetadata_
+ Added: New Workflows service collection.
- `__init__.py`
- `_endpoint/__init__.py`
- `_endpoint/_workflows.py`
- `_endpoint/_workflows.py`
- `_payload/__init__.py`
- `_payload/_generic.py`
- `_payload/_workflows.py`
- `workflows.py`
> Expanded unit testing to complete code coverage.
- `tests/test_workflows.py`
> The following new operations are provided by this service collection:
+ _WorkflowExecute_
+ _WorkflowExecutionsAction_
+ _WorkflowExecutionResults_
+ _WorkflowSystemsDefinitionsDeProvision_
+ _WorkflowSystemsDefinitionsPromote_
+ _WorkflowSystemsDefinitionsProvision_
+ Added: New Real Time Response Audit service collection.
- `__init__.py`
- `_endpoint/__init__.py`
- `_endpoint/_real_time_response_audit.py`
- `real_time_response_audit.py`
> Expanded unit testing to complete code coverage.
- `tests/test_real_time_response_audit.py`
> The following new operations are provided by this service collection:
+ _RTRAuditSessions_
+ Added: New Foundry LogScale service collection.
- `__init__.py`
- `_endpoint/__init__.py`
- `_endpoint/_foundry_logscale.py`
- `_payload/__init__.py`
- `_payload/_foundry.py`
- `foundry_logscale.py`
> Expanded unit testing to complete code coverage.
- `tests/test_foundry_logscale.py`
> The following new operations are provided by this service collection:
+ _ListReposV1_
+ _ListViewV1_
+ _IngestDataV1_
+ _CreateSavedSearchesDynamicExecuteV1_
+ _GetSavedSearchesExecuteV1_
+ _CreateSavedSearchesExecuteV1_
+ _CreateSavedSearchesIngestV1_
+ _GetSavedSearchesJobResultsDownloadV1_

Issues resolved
+ Fixed: Error when trying to directly import falconpy module (no package installation). Closes 1056.
- `_auth_object/_falcon_interface.py`
- `_util/_functions.py`
- Thanks go out to tsullivan06 for identifying and reporting this issue. 🙇
+ Fixed: Legacy Uber Class is not logging Operation ID in debug logs. Closes 1057.
- `api_complete/_legacy.py`
+ Fixed: Can not use `add-rule-group` and `remove-rule-group` actions with the __`performFirewallPoliciesAction`__ operation. Closes 1059.
- `firewall_policies.py`
- Thanks go out to api-clobberer for identifying and reporting this issue. 🙇

---

> This release resolves a breaking change introduced in Version 1.3.0. This issue presents itself when developers attempt to call the `authenticated` method directly from the `OAuth2` Service Class. Review issue 1043 for more detail.

Added features and functionality
+ Added: Expanded the Uber Class into a submodule, and restored the 1.2.16 version of this class as `APIHarness`. This class is now __DEPRECATED__. The 1.3.0 version of this class is now named `APIHarnessV2` (The advanced Uber Class) .
- `_auth_object/_base_falcon_auth.py`
- `_auth_object/_falcon_interface.py`
- `_auth_object/_uber_interface.py`
- `api_complete/__init__.py`
- `api_complete/_advanced.py`
- `api_complete/_legacy.py`
- `__init__.py`
> Expanded unit testing to complete code coverage.
- `tests/test_authorizations.py`
- `tests/test_falcon_container.py`
- `tests/test_uber_api_complete.py`
- `tests/test_uber.py`

Issues resolved
+ Fixed: Error generated when trying leverage the legacy `authenticated` lambda method handler within the `OAuth2` Service Class. Closes 1043.
- `_auth_object/_base_falcon_auth.py`
- `_auth_object/_falcon_interface.py`
- `_service_class/_service_class.py`
- `oauth2.py`
> Expanded unit testing to complete code coverage.
- `tests/test_service_class.py`
- Thanks go out to morcef for identifying and reporting this issue. 🙇
+ Fixed: Type check failure when creating a mock of the `OAuth2` Service Class. Relates to 1043.
- `_service_class/_base_service_class.py`
- Thanks go out to davidt99 for identifying / reporting this issue and providing the fix. 🙇

---