Fetch Cloud Misconfigurations via SDK

[hazcod]

Hi there!

Is there a way to fetch Cloud Security misconfigurations via this SDK? I couldn't immediately find a method to do so. Thanks!

[ffalor]

@hazcod are you referring to IOM's, in cloud security posture management?

Does this get you want you need? client.CspmRegistration.GetConfigurationDetectionIDsV2(). Passing use_current_scan_id in the filter should return only the most recent and active IOMs IDs. This client.CspmRegistration.GetConfigurationDetectionEntities() can be used to get more information about each IOM.

The kubernetes protection service collection has IOMs also

[hazcod]

That's it, thank you!

[hazcod]

I was wondering @ffalor , this call just keeps loading:

So Im presuming i'm doing something wrong here, since it never completes.

[ffalor]

I can tell the filter is currently wrong, but even using a bad filter mine completed with an 400 status code.

Below is a working example

package main

import (
    "context"
    "fmt"
    "os"

    "github.com/crowdstrike/gofalcon/falcon"
    "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration"
    "github.com/crowdstrike/gofalcon/pkg/falcon_util"
)

func main() {
    falconClientId := os.Getenv("FALCON_CLIENT_ID")
    falconClientSecret := os.Getenv("FALCON_CLIENT_SECRET")
    clientCloud := os.Getenv("FALCON_CLOUD")

    client, err := falcon.NewClient(&falcon.ApiConfig{
        ClientId:     falconClientId,
        ClientSecret: falconClientSecret,
        Cloud:        falcon.Cloud(clientCloud),
        Context:      context.Background(),
    })
    if err != nil {
        panic(err)
    }

    filter := "use_current_scan_ids:true"
    limit := int64(10)

    res, err := client.CspmRegistration.GetConfigurationDetectionIDsV2(
        &cspm_registration.GetConfigurationDetectionIDsV2Params{
            Context: context.Background(),
            Filter:  &filter,
            Limit:   &limit,
        },
    )

    fmt.Printf("Response: %v\n", res)
    fmt.Printf("Error: %v\n", err)
}