search

CrowdStrike / MISP-tools

Import CrowdStrike Threat Intelligence into your instance of MISP
MIT License
41 stars 10 forks source link

Bump crowdstrike-falconpy from 1.1.6 to 1.2.0 #49

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps crowdstrike-falconpy from 1.1.6 to 1.2.0.

Release notes

Sourced from crowdstrike-falconpy's releases.

Version 1.2.0

FalconPy v1.2

This version provides the following updates:

  • Adds GetDeviceDetailsV2 and PostDeviceDetailsV2 operations within the Hosts Service Collection. Legacy requests to the old operation GetDeviceDetails are gracefully redirected to the new operation PostDeviceDetailsV2.

    The legacy endpoint can still be called using the GetDeviceDetailsV1 operation.

  • Adds three new operations to the Falcon Container Service Collection, GetImageAssessmentReport, DeleteImageDetails and ImageMatchesPolicy.
    • A new enumerator, ContainerBaseURL is added for retrieving the Falcon Container Registry url base.
  • The default NoneType preference is updated for the RTR_ListFiles and RTR_ListFilesV2 operations when called by the Uber Class.
  • Adds the host_timeout_duration parameter to BatchActiveResponderCmd, BatchCmd, BatchGetCmd and BatchInitSessions operations within the Real Time Response Service Collection.
  • Multiple data quality updates within the _endpoint module.
  • Comment updates.
  • [x] Enhancement
  • [x] Bug fixes
  • [x] Updated unit tests

Unit test coverage

Name                                                             Stmts   Miss  Cover
------------------------------------------------------------------------------------
src/falconpy/__init__.py                                            69      0   100%
src/falconpy/_base_url.py                                            7      0   100%
src/falconpy/_container_base_url.py                                  6      0   100%
src/falconpy/_endpoint/__init__.py                                 125      0   100%
src/falconpy/_endpoint/_alerts.py                                    1      0   100%
src/falconpy/_endpoint/_cloud_connect_aws.py                         1      0   100%
src/falconpy/_endpoint/_cspm_registration.py                         1      0   100%
src/falconpy/_endpoint/_custom_ioa.py                                1      0   100%
src/falconpy/_endpoint/_d4c_registration.py                          1      0   100%
src/falconpy/_endpoint/_detects.py                                   1      0   100%
src/falconpy/_endpoint/_device_control_policies.py                   1      0   100%
src/falconpy/_endpoint/_discover.py                                  1      0   100%
src/falconpy/_endpoint/_event_streams.py                             1      0   100%
src/falconpy/_endpoint/_falcon_complete_dashboard.py                 1      0   100%
src/falconpy/_endpoint/_falcon_container.py                          1      0   100%
src/falconpy/_endpoint/_falconx_sandbox.py                           1      0   100%
src/falconpy/_endpoint/_filevantage.py                               1      0   100%
src/falconpy/_endpoint/_firewall_management.py                       1      0   100%
src/falconpy/_endpoint/_firewall_policies.py                         1      0   100%
src/falconpy/_endpoint/_host_group.py                                1      0   100%
src/falconpy/_endpoint/_hosts.py                                     1      0   100%
src/falconpy/_endpoint/_identity_protection.py                       1      0   100%
src/falconpy/_endpoint/_incidents.py                                 1      0   100%
src/falconpy/_endpoint/_installation_tokens.py                       1      0   100%
src/falconpy/_endpoint/_intel.py                                     1      0   100%
src/falconpy/_endpoint/_ioa_exclusions.py                            1      0   100%
src/falconpy/_endpoint/_ioc.py                                       1      0   100%
src/falconpy/_endpoint/_iocs.py                                      1      0   100%
</tr></table>

... (truncated)

Changelog

Sourced from crowdstrike-falconpy's changelog.

Version 1.2.0

Added features and functionality

  • Updated: Updated operation payload parameter datatype details.

    • _endpoint/_ioc.py
    • _endpoint/_recon.py
    • _endpoint/_sample_uploads.py

  • Updated: Updated operation payload parameter data location details.

    • _endpoint/_falconx_sandbox.py
    • _endpoint/_sample_uploads.py

  • Added: New host_timeout_duration parameter to BatchActiveResponderCmd, BatchCmd, BatchGetCmd and BatchInitSessions operations within the Real Time Response Service Collection.

    • _endpoint/_real_time_response.py

  • Added: New GetDeviceDetailsV2 and PostDeviceDetailsV2 operations to Hosts Service Collection.

    The operation GetDeviceDetails is now deprecated, and will eventually be removed from the CrowdStrike API. Due to backwards compatibility considerations, and the added functionality provided by the new endpoint, FalconPy will continue to support this operation ID by redirecting requests to PostDeviceDetailsV2. IDs that are provided in incorrect payload destinations due to the differences between a GET and POST operation are migrated to the appropriate dictionary before the request is made. This solution is implemented within the Hosts Service Class (GetDeviceDetails, get_device_details) and within the Uber Class. Developers must upgrade installations to FalconPy v1.2.0 to benefit from this new functionality. Administrators and end users are strongly urged to consider upgrading to v1.2.0 before this endpoint is removed.

    • _endpoint/_hosts.py
    • _uber_default_preference.py
    • api_complete.py
    • hosts.py
    • tests/test_get_device_details.py

  • Added: Falcon Container registry functionality to Falcon Container Service Class.

    This solution implements three "mock" operation IDs; GetImageAssessmentReport (get_assessment), DeleteImageDetails (delete_image_details), and ImageMatchesPolicy (image_matches_policy). All mocked operations are available from both the Service and Uber classes. The Falcon Container Registry base URL is calculated based upon the base URL used for authentication.

    • _endpoint/_falcon_container.py
    • __init__.py
    • _container_base_url.py
    • _uber_default_preference.py
    • _util.py
    • api_complete.py
    • falcon_container.py
    • tests/test_falcon_container.py

Issues resolved

  • Fixed: Default NoneType preference for body payloads sent to the RTR_ListFiles and RTR_ListFilesV2 operations. Closes #750.

    • _uber_default_preference.py

  • Removed: Unused header payload parameters from operation payloads.

    • _endpoint/_falconx_sandbox.py
    • _endpoint/_firewall_management.py
    • _endpoint/_recon.py
    • _endpoint/_report_executions.py
    • _endpoint/_sample_uploads.py

  • Removed: Duplicate parameter definition (after) from indicator_combined_v1 operation.

    • _endpoint/_ioc.py

Other

  • Updated: Comment updates.
    • _endpoint/_d4c_registration.py

... (truncated)

Commits
  • d7a930b Fix docstring typo. Closes #763.
  • a4e9c71 Bump version -> 1.2.0
  • b18c5fa Add new Falcon container registry methods
  • 2dc4842 Remove unused arguments
  • a378fca Add mocked operations
  • 5c6c2f7 Refactored to handle new operations, container reg
  • 1ea9bc3 Add container registry functionality
  • b309a6a Add PREFER_IDS_IN_BODY, MOCK_OPERATIONS constants
  • 3cddbf7 New operations, deprecate GetDeviceDetails
  • 97b33d0 Update comments
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)