grahamgilbert
commented
3 years ago I don’t have any way to test this, nor any ability to support it long term. I’m going to need convincing to merge this.
Closed dsbaha closed 2 years ago
grahamgilbert
commented
3 years ago I don’t have any way to test this, nor any ability to support it long term. I’m going to need convincing to merge this.
erikng
commented
3 years ago /Applications/Falcon.app/Contents/Resources/falconctl stats --plist returns a simple plist of data. The path should be pretty static since they implemented the application in 5.x sensors
We should be able to support this so long as we are using crowdstrike and have access to the builds.
grahamgilbert
commented
3 years ago This is honestly the kind of table that you would put into your own extension that imports the tables you need from this project. For example, we have tables for Santa that we haven’t included (although that is an open source project that we would continue to have access to even if we stopped using the tool).
dsbaha
commented
3 years ago Sorry, I had to quickly remove my unit tests because I was leveraging my workstation data to perform them. I'll write up fake data and pop it back in.
dsbaha
commented
2 years ago Closed it by accident. Implemented unit tests, requesting PR review.
grahamgilbert
commented
2 years ago Sorry I’m going to stop you here. I’m not going to merge this. I object on a philosophical level to EDR tools like these and I don’t want to promote their usage. If you want to use this table, I suggest you import the tables from this extension into your own.
dsbaha
commented
2 years ago Thanks, I guess we will re-group and discuss a path forward for this now that your position is clear.
This will allow the extension to gather crowdstrike falcon agent stats.