Crowdstrike-falconpy

Other
+ Dropped: Python 3.6 support.
> Unit testing adjusted to reflect supported versions.
- `README.md`
- `SECURITY.md`
- `setup.py`

+ Refactored: Simple private child objects within the [__APIRequest__](https://www.falconpy.io/Usage/Extensibility.html#apirequest) object updated to leverage data classes.
- `_api_request/_request_connection.py`
- `_api_request/_request_payloads.py`
- `_api_request/_request_validator.py`

---

Added features and functionality
+ Added: 4 new operations added to the __*Alerts*__ service collection.
- *PostAggregateAlertsV2*
- *PostEntitiesAlertsV2*
- *PatchEntitiesAlertsV3*
- *GetQueriesAlertsV2*
- `_endpoint/_alerts.py`
- `alerts.py`
> Unit testing expanded to complete code coverage.
- `tests/test_alerts.py`
+ Added: `source_event_url` argument added to the _WorkflowExecute_ operation definition within the endpoint module.
- `_endpoint/_workflows.py`
+ Added: New Configuration Assessment service collection providing 2 new operations.
- *getCombinedAssessmentsQuery*
- *getRuleDetails*
- `_endpoint/__init__.py`
- `_endpoint/_configuration_assessment.py`
- `__init__.py`
- `configuration_assessment.py`
> Unit testing expanded to complete code coverage.
- `tests/test_configuration_assessment.py`
+ Added: New Configuration Assessment Evaluation Logic service collection providing 1 new operation.
- *getEvaluationLogicMixin0*
- `_endpoint/__init__.py`
- `_endpoint/_configuration_assessment_evaluation_logic.py`
- `__init__.py`
- `configuration_assessment_evaluation_logic.py`
> Unit testing expanded to complete code coverage.
- `tests/test_configuration_assessment_evaluation_logic.py`
+ Added: New Container Alerts service collection providing 2 new operations.
- *ReadContainerAlertsCount*
- *SearchAndReadContainerAlerts*
- `_endpoint/__init__.py`
- `_endpoint/_container_alerts.py`
- `__init__.py`
- `container_alerts.py`
> Unit testing expanded to complete code coverage.
- `tests/test_container_alerts.py`
+ Added: New Container Detections service collection providing 6 new operations.
- *ReadDetectionsCountBySeverity*
- *ReadDetectionsCountByType*
- *ReadDetectionsCount*
- *ReadCombinedDetections*
- *ReadDetections*
- *SearchDetections*
- `_endpoint/__init__.py`
- `_endpoint/_container_detections.py`
- `__init__.py`
- `container_detections.py`
> Unit testing expanded to complete code coverage.
- `tests/test_container_detections.py`
+ Added: New Container Images service collection providing 10 new operations.
- *AggregateImageAssessmentHistory*
- *AggregateImageCountByBaseOS*
- *AggregateImageCountByState*
- *AggregateImageCount*
- *GetCombinedImages*
- *CombinedImageByVulnerabilityCount*
- *CombinedImageDetail*
- *ReadCombinedImagesExport*
- *CombinedImageIssuesSummary*
- *CombinedImageVulnerabilitySummary*
- `_endpoint/__init__.py`
- `_endpoint/_container_images.py`
- `__init__.py`
- `container_images.py`
> Unit testing expanded to complete code coverage.
- `tests/test_container_images.py`
+ Added: New Container Packages service collection providing 5 new operations.
- *ReadPackagesCountByZeroDay*
- *ReadPackagesByFixableVulnCount*
- *ReadPackagesByVulnCount*
- *ReadPackagesCombinedExport*
- *ReadPackagesCombined*
- `_endpoint/__init__.py`
- `_endpoint/_container_packages.py`
- `__init__.py`
- `container_packages.py`
> Unit testing expanded to complete code coverage.
- `tests/test_container_packages.py`
+ Added: New Container Vulnerabilities service collection providing 10 new operations.
- *ReadCombinedVulnerabilities*
- *ReadCombinedVulnerabilitiesInfo*
- *ReadCombinedVulnerabilitiesDetails*
- *ReadVulnerabilitiesPublicationDate*
- *ReadVulnerabilitiesByImageCount*
- *ReadVulnerabilityCount*
- *ReadVulnerabilityCountBySeverity*
- *ReadVulnerabilityCountByCPSRating*
- *ReadVulnerabilityCountByCVSSScore*
- *ReadVulnerabilityCountByActivelyExploited*
- `_endpoint/__init__.py`
- `_endpoint/_container_vulnerabilities.py`
- `__init__.py`
- `container_vulnerabilities.py`
> Unit testing expanded to complete code coverage.
- `tests/test_container_vulnerabilities.py`
+ Added: `next_token` argument added to the _GetConfigurationDetectionIDsV2_ operation within the __*CSPM Registration*__ service collection.
- `_endpoint/_cspm_registration.py`
- `cspm_registration.py`
+ Added: New Drift Indicators service collection providing 5 new operations.
- *GetDriftIndicatorsValuesByDate*
- *ReadDriftIndicatorsCount*
- *SearchAndReadDriftIndicatorEntities*
- *ReadDriftIndicatorEntities*
- *SearchDriftIndicators*
- `_endpoint/__init__.py`
- `_endpoint/_drift_indicators.py`
- `__init__.py`
- `drift_indicators.py`
> Unit testing expanded to complete code coverage.
- `tests/test_drift_indicators.py`
+ Added: 3 new operations added to the __*Falcon Complete Dashboard*__ service collection.
- *AggregatePreventionPolicy*
- *AggregateSensorUpdatePolicy*
- *AggregateTotalDeviceCounts*
- `_endpoint/_falcon_complete_dashboard.py`
- `falcon_complete_dashboard.py`
> Unit testing expanded to complete code coverage.
- `tests/test_falcon_complete_dashboard.py`
+ Added: New arguments added to 5 operations within the __*Foundry LogScale*__ service collection. 2 arguments are removed from 1 operation.
- `check_test_data` is added to _ListReposV1_.
- `app_id` is added to _CreateSavedSearchesDynamicExecuteV1_.
- `app_id` is added to _GetSavedSearchesExecuteV1_.
- `app_id` is added to _CreateSavedSearchesExecuteV1_.
- `check_test_data` is added to _ListViewV1_.
- The duplicative query string parameter arguments `mode` and `version` have been removed from _CreateSavedSearchesExecuteV1_.
- `_endpoint/_foundry_logscale.py`
- `foundry_logscale.py`
> Unit testing expanded to complete code coverage.
- `tests/test_foundry_logscale.py`
+ Added: 1 new operation added to the __*Hosts*__ service collection.
- *QueryDeviceLoginHistoryV2*
- `_endpoint/_hosts.py`
- `hosts.py`
> Unit testing expanded to complete code coverage.
- `tests/test_hosts.py`
+ Added: 3 new operations added to the __*IOC*__ service collection. These operations replace legacy operations from the deprecated __*IOCS*__ service collection.
- *indicator_get_device_count_v1* replaces _DevicesCount_.
- *indicator_get_devices_ran_on_v1* replaces _DevicesRanOn_.
- *indicator_get_processes_ran_on_v1* replaces _ProcessRanOn_.
- `_endpoint/_ioc.py`
- `_endpoint/deprecated/_ioc.py`
- `ioc.py`
> Unit testing expanded to complete code coverage.
- `tests/test_ioc.py`
+ Added: 41 new operations added to the __*Kubernetes Protection*__ service collection.
- *ReadClustersByDateRangeCount*
- *ReadClustersByKubernetesVersionCount*
- *ReadClustersByStatusCount*
- *ReadClusterCount*
- *ReadContainersByDateRangeCount*
- *ReadContainerCountByRegistry*
- *FindContainersCountAffectedByZeroDayVulnerabilities*
- *ReadVulnerableContainerImageCount*
- *ReadContainerCount*
- *FindContainersByContainerRunTimeVersion*
- *GroupContainersByManaged*
- *ReadContainerImageDetectionsCountByDate*
- *ReadContainerImagesByState*
- *ReadContainersSensorCoverage*
- *ReadContainerVulnerabilitiesBySeverityCount*
- *ReadDeploymentsByDateRangeCount*
- *ReadDeploymentCount*
- *ReadClusterEnrichment*
- *ReadContainerEnrichment*
- *ReadDeploymentEnrichment*
- *ReadNodeEnrichment*
- *ReadPodEnrichment*
- *ReadDistinctContainerImageCount*
- *ReadContainerImagesByMostUsed*
- *ReadKubernetesIomByDateRange*
- *ReadKubernetesIomCount*
- *ReadNodesByCloudCount*
- *ReadNodesByContainerEngineVersionCount*
- *ReadNodesByDateRangeCount*
- *ReadNodeCount*
- *ReadPodsByDateRangeCount*
- *ReadPodCount*
- *ReadClusterCombined*
- *ReadRunningContainerImages*
- *ReadContainerCombined*
- *ReadDeploymentCombined*
- *SearchAndReadKubernetesIomEntities*
- *ReadNodeCombined*
- *ReadPodCombined*
- *ReadKubernetesIomEntities*
- *SearchKubernetesIoms*
- `_endpoint/_kubernetes_protection.py`
- `kubernetes_protection.py`
> Unit testing expanded to complete code coverage.
- `tests/test_kubernetes_protection.py`
+ Added: 1 new operation added to the __*ODS*__ service collection.
- *get_scans_by_scan_ids_v2*
> *get_scans_by_scan_ids_v1* has been deprecated. The PEP8 method `get_scans` has been redirected to the new operation. Developers wanting to leverage the legacy operation should call `get_scans_v1` or `get_scans_by_scan_ids_v1`.
- `_endpoint/_ods.py`
- `_endpoint/deprecated/_ods.py`
- `ods.py`
> Unit testing expanded to complete code coverage.
- `tests/test_ods.py`
+ Added: 2 new operations added to the __*Real Time Response Admin*__ service collection.
- *RTR_GetFalconScripts*
- *RTR_ListFalconScripts*
- `_endpoint/_real_time_response_admin.py`
- `_endpoint/deprecated/_real_time_response_admin.py`
- `real_time_response_admin.py`
> Unit testing expanded to complete code coverage.
- `tests/test_real_time_response_admin.py`
+ Added: New Unidentified Containers service collection providing 3 new operations.
- *ReadUnidentifiedContainersByDateRangeCount*
- *ReadUnidentifiedContainersCount*
- *SearchAndReadUnidentifiedContainers*
- `_endpoint/__init__.py`
- `_endpoint/_unidentified_containers.py`
- `__init__.py`
- `unidentified_containers.py`
> Unit testing expanded to complete code coverage.
- `tests/test_unidentified_containers.py`

Issues resolved
+ Fixed: `batch_id` and `batch_get_cmd_req_id` not available on pythonic Result object.
- `_result/_result.py`
+ Fixed: Pythonic responses not properly populating Result object resources attribute when a dictionary is returned for the resources branch.
- `_result/_result.py`
+ Fixed: `trace_id` property is not available on Result objects that do not contain a Meta attribute.
- `_result/_headers.py`
- `_result/_result.py`
+ Fixed: Changes the datatype for the `ids` argument within the _GetCSPMPolicy_ operation from __`string`__ to __`integer`__.
- `_endpoint/_cspm_registration.py`

Other
+ Fixed: A typo that incorrectly listed the default value for the `limit` keyword was resolved in the QueryDetects operation docstring. Closes 1089.
- `detects.py`
+ Refactored: Reduced complexity within the Result object constructor method by abstracting construction logic to a new method.
- `_result/_result.py`
+ Regenerated: Updated endpoint module to align to new library automation, resulting in cosmetic changes to description fields.
- `_endpoint/*`
+ Renamed: _RetrieveUser_ operation has been renamed to _retrieveUser_ within the __*User Management*__ service collection.
- `_endpoint/_user_management.py`
+ Deprecated: Adds additional deprecated operation IDs to the __*Firewall Management*__ service collection.
- `_endpoint/_firewall_management.py`
+ Fixed: Resolves a constant naming typo within the endpoint module for the __*Cloud Snapshots*__ service collection.
- `_endpoint/__init__.py`
- `_endpoint/_cloud_snapshots.py`
- `cloud_snapshots.py`
+ Fixed: Endpoint definition mismatch in _UploadSampleV3_ operation within the __*Sample Uploads*__ service collection.
- `_endpoint/_sample_uploads.py`
+ Fixed: Endpoint definition mismatch in _UploadSampleV2_ operation within the __*Falcon Intelligence Sandbox*__ service collection.
- `_endpoint/_falconx_sandbox.py`
> Unit testing expanded to complete code coverage.
- `tests/test_falconx_sandbox.py`

---

Added features and functionality
+ Added: Use a Service Class or the Uber Class as a context manager.
> Leveraging this functionality will automatically revoke your bearer token on context manager exit.
python
from falconpy import Hosts
with Hosts(pythonic=True) as hosts:
for device in hosts.query_devices().data:
print(device)

- `_auth_object/_uber_interface.py`
- `_service_class/_service_class.py`
+ Added: `app_id` keyword added to _CreateSavedSearchesIngestV1_ operation.
- `foundry_logscale.py`
> Unit testing expanded to complete code coverage.
- `tests/test_foundry_logscale.py`

Issues resolved
+ Fixed: _update_policy_container_ operation payload handler is missing the `policy_id` key. Closes 1068.
- `_payload/_firewall.py`
> Expanded unit testing to complete code coverage.
- `tests/test_firewall_management.py`
+ Fixed: `after` property is missing from the __Meta__ object. Closes 1069.
- `_result/_meta.py`
- `_result/_result.py`
+ Fixed: Payload handler for _tokens_update_ operation is not properly passing the `revoked` key. Closes 1074.
- `installation_tokens.py`
+ Fixed: API operations generating leveraging the raw attribute are not properly displaying results when leveraging result object expansion. Closes 1076.
- `_result/_result.py`
+ Fixed: Per-operation pythonic override is not working as expected. Closes 1078.
- `_util/_functions.py`

Other
+ Changed: Updated field mapping for Uber Class path variables to a cleaner solution.
- `_util/_uber.py`
+ Removed: The unsupported actions `add-rule-group` and `remove-rule-group` are removed from the _performFirewallPoliciesAction_ operation. Relates to 1059.
- `firewall_policies.py`

---

Added features and functionality
+ Added: Deprecation warnings for deprecated classes and operations. Closes 1055.
- `_endpoint/__init__.py`
- `_endpoint/deprecated/__init__.py`
- `_endpoint/deprecated/_mapping.py`
- `_error/__init__.py`
- `_error/_warnings.py`
- `_service_class/_service_class.py`
- `_util/__init__.py`
- `_util/_functions.py`
+ Added: New Custom Storage service collection.
- `__init__.py`
- `_endpoint/__init__.py`
- `_endpoint/_custom_storage.py`
- `_util/_functions.py`
- `custom_storage.py`
> Expanded unit testing to complete code coverage.
- `tests/test_custom_storage.py`
> The following new operations are provided by this service collection:
+ _ListObjects_
+ _SearchObjects_
+ _GetObject_
+ _PutObject_
+ _DeleteObject_
+ _GetObjectMetadata_
+ Added: New Workflows service collection.
- `__init__.py`
- `_endpoint/__init__.py`
- `_endpoint/_workflows.py`
- `_endpoint/_workflows.py`
- `_payload/__init__.py`
- `_payload/_generic.py`
- `_payload/_workflows.py`
- `workflows.py`
> Expanded unit testing to complete code coverage.
- `tests/test_workflows.py`
> The following new operations are provided by this service collection:
+ _WorkflowExecute_
+ _WorkflowExecutionsAction_
+ _WorkflowExecutionResults_
+ _WorkflowSystemsDefinitionsDeProvision_
+ _WorkflowSystemsDefinitionsPromote_
+ _WorkflowSystemsDefinitionsProvision_
+ Added: New Real Time Response Audit service collection.
- `__init__.py`
- `_endpoint/__init__.py`
- `_endpoint/_real_time_response_audit.py`
- `real_time_response_audit.py`
> Expanded unit testing to complete code coverage.
- `tests/test_real_time_response_audit.py`
> The following new operations are provided by this service collection:
+ _RTRAuditSessions_
+ Added: New Foundry LogScale service collection.
- `__init__.py`
- `_endpoint/__init__.py`
- `_endpoint/_foundry_logscale.py`
- `_payload/__init__.py`
- `_payload/_foundry.py`
- `foundry_logscale.py`
> Expanded unit testing to complete code coverage.
- `tests/test_foundry_logscale.py`
> The following new operations are provided by this service collection:
+ _ListReposV1_
+ _ListViewV1_
+ _IngestDataV1_
+ _CreateSavedSearchesDynamicExecuteV1_
+ _GetSavedSearchesExecuteV1_
+ _CreateSavedSearchesExecuteV1_
+ _CreateSavedSearchesIngestV1_
+ _GetSavedSearchesJobResultsDownloadV1_

Issues resolved
+ Fixed: Error when trying to directly import falconpy module (no package installation). Closes 1056.
- `_auth_object/_falcon_interface.py`
- `_util/_functions.py`
- Thanks go out to tsullivan06 for identifying and reporting this issue. 🙇
+ Fixed: Legacy Uber Class is not logging Operation ID in debug logs. Closes 1057.
- `api_complete/_legacy.py`
+ Fixed: Can not use `add-rule-group` and `remove-rule-group` actions with the __`performFirewallPoliciesAction`__ operation. Closes 1059.
- `firewall_policies.py`
- Thanks go out to api-clobberer for identifying and reporting this issue. 🙇

---

> This release resolves a breaking change introduced in Version 1.3.0. This issue presents itself when developers attempt to call the `authenticated` method directly from the `OAuth2` Service Class. Review issue 1043 for more detail.

Added features and functionality
+ Added: Expanded the Uber Class into a submodule, and restored the 1.2.16 version of this class as `APIHarness`. This class is now __DEPRECATED__. The 1.3.0 version of this class is now named `APIHarnessV2` (The advanced Uber Class) .
- `_auth_object/_base_falcon_auth.py`
- `_auth_object/_falcon_interface.py`
- `_auth_object/_uber_interface.py`
- `api_complete/__init__.py`
- `api_complete/_advanced.py`
- `api_complete/_legacy.py`
- `__init__.py`
> Expanded unit testing to complete code coverage.
- `tests/test_authorizations.py`
- `tests/test_falcon_container.py`
- `tests/test_uber_api_complete.py`
- `tests/test_uber.py`

Issues resolved
+ Fixed: Error generated when trying leverage the legacy `authenticated` lambda method handler within the `OAuth2` Service Class. Closes 1043.
- `_auth_object/_base_falcon_auth.py`
- `_auth_object/_falcon_interface.py`
- `_service_class/_service_class.py`
- `oauth2.py`
> Expanded unit testing to complete code coverage.
- `tests/test_service_class.py`
- Thanks go out to morcef for identifying and reporting this issue. 🙇
+ Fixed: Type check failure when creating a mock of the `OAuth2` Service Class. Relates to 1043.
- `_service_class/_base_service_class.py`
- Thanks go out to davidt99 for identifying / reporting this issue and providing the fix. 🙇

---

Added features and functionality
+ Added: 1 new operation added (`highVolumeQueryChanges`) from the _FileVantage_ service collection.
- `_endpoint/_filevantage.py`
- `filevantage.py`
> Unit testing expanded to complete code coverage.
- `tests/test_filevantage.py`
+ Added: Warn when providing API arguments that are unnecessarily URLEncoded. Closes 850.
- `_error/__init__.py`
- `_error/_warnings.py`
- `_util/_functions.py`
- `_util/_uber.py`
- `__init__.py`
- Thanks go out to aboese for suggesting this enhancement. 🙇
+ Added: `add_comment` keyword added to the _PerformIncidentAction_ operation within the _**Incidents**_ Service Class. Closes 1003.
- `_payload/_incidents.py`
- `incidents.py`
> Unit testing expanded to complete code coverage.
- `tests/test_incidents.py`
- Thanks go out to morcef for suggesting this enhancement. 🙇
+ Added: `add-rule-group` and `remove-rule-group` options added to _performFirewallPoliciesAction_ operation in the __Firewall Policies__ service collection.
- `_endpoint/_firewall_policies.py`
- `firewall_policies.py`
+ Added: Sort by `alert_ids` option added to _QueryBehaviors_ operation in the __Incidents_ service collection.
- `_endpoint/_incidents.py`
+ Added: _AggregateAlerts_ and _QueryAlertIdsByFilter_ operations added to the __Falcon Complete Dashboard__ service collection.
- `_endpoint/_falcon_complete_dashboard.py`
- `falcon_complete_dashboard.py`
> Unit testing expanded to complete code coverage.
- `tests/test_falcon_complete_dashboard.py`
+ Added: _GetCombinedImages_ operation added to the __Falcon Container__ service collection.
- `_endpoint/_falcon_container.py`
- `falcon_container.py`
> Unit testing expanded to complete code coverage.
- `test_falcon_container.py`
+ Added: `ids` keyword argument added to _GetIntelReportPDF_ and _QueryMitreAttacks_ operations. `if_none_match` and `if_modified_since` keyword arguments added to _GetLatestIntelRuleFile_ operation. __Intel__ service collection.
- `_endpoint/_intel.py`
- `intel.py`
> Unit testing expanded to complete code coverage.
- `test_intel.py`
+ Added: Override functionality - All service classes are now able to call manually specified operation endpoints via the `override` method. This method mirrors functionality provided by the `override` keyword within the Uber Class.
- `_service_class.py`
+ Added: 23 new operations added to the __FileVantage__ service collection.
* updatePolicyHostGroups
* updatePolicyPrecedence
* updatePolicyRuleGroups
* getPolicies
* createPolicies
* deletePolicies
* updatePolicies
* getScheduledExclusions
* createScheduledExclusions
* deleteScheduledExclusions
* updateScheduledExclusions
* updateRuleGroupPrecedence
* getRules
* createRules
* deleteRules
* updateRules
* getRuleGroups
* createRuleGroups
* deleteRuleGroups
* updateRuleGroups
* highVolumeQueryChanges
* queryRuleGroups
* queryScheduledExclusions
* queryPolicies
- `_endpoint/_filevantage.py`
- `filevantage.py`
> 4 new payload handlers were implemented.
- `_payload/__init__.py`
- `_payload/_filevantage.py`
> Unit testing expanded to complete code coverage.
- `tests/test_filevantage.py`
+ Added: A new service collection, __Cloud Snapshots__ was implemented with three new operations (_GetCredentialsMixin0_, _CreateInventory_, and _RegisterCspmSnapshotAccount_).
- `_endpoint/__init__.py`
- `_endpoint/_cloud_snapshots.py`
- `__init__.py`
- `cloud_snapshots.py`
> Two new payload handlers were implemented.
- `_payload/__init__.py`
- `_payload/_cloud_snapshots.py`
> Unit testing expanded to complete code coverage.
- `tests/test_cloud_snapshot.py`
+ Added: 3 new operations added to the __Identity Protection__ service collection (_GetSensorAggregates_, _GetSensorDetails_, and _QuerySensorsByFilter_).
- `_endpoint/_identity_protection.py`
- `identity_protection.py`
> Unit testing expanded to complete code coverage.
- `tests/test_identity_protection.py`

Issues resolved
+ Fixed: API errors generated by the Uber Class do not stop execution when in pythonic mode.
- `api_complete.py`
+ Fixed: Result object failure on JSON formatted list response from _report_executions_download_get_ operation within the __Report Executions__ service collection. Closes 1033.
- `_result/result.py`

Other
+ Deprecated: _deleteCIDGroupMembersV1_ is now deprecated. Calls to _deleteCIDGroupMembers_ are now redirected to _deleteCIDGroupMembersV2_. __MSSP__ service collection.
- `_endpoint/_mssp.py`
- `mssp.py`
> Unit testing expanded to complete code coverage.
- `test_mssp.py`

---