From 35070e04a73b97c1107ce0451cbf9d7c990ecaf0 Mon Sep 17 00:00:00 2001 From: Joshua Hiller Date: Wed, 11 Dec 2024 07:17:51 -0500 Subject: [PATCH] Update payload handler to support new values. Closes #1231. --- src/falconpy/_payload/_filevantage.py | 17 ++++++++++-- src/falconpy/filevantage.py | 40 ++++++++++++++++++++------- 2 files changed, 45 insertions(+), 12 deletions(-) diff --git a/src/falconpy/_payload/_filevantage.py b/src/falconpy/_payload/_filevantage.py index b361b23a2..255d22700 100644 --- a/src/falconpy/_payload/_filevantage.py +++ b/src/falconpy/_payload/_filevantage.py @@ -110,18 +110,31 @@ def filevantage_scheduled_exclusion_payload(passed_keywords: dict) -> dict: { "description": "string", - "id": "string", "name": "string", "policy_id": "string", "processes": "string", + "repeated": { + "all_day": boolean, + "end_time": "string", + "frequency": "string", + "monthly_days": [ + integer + ], + "occurrence": "string", + "start_time": "string", + "weekly_days": [ + "string" + ] + }, "schedule_end": "string", "schedule_start": "string", + "timezone": "string", "users": "string" } """ returned = {} keys = ["description", "id", "name", "policy_id", "processes", - "schedule_end", "schedule_start", "users" + "schedule_end", "schedule_start", "users", "timezone", "repeated" ] for key in keys: if passed_keywords.get(key, None): diff --git a/src/falconpy/filevantage.py b/src/falconpy/filevantage.py index 041627f4b..ffb701b6e 100644 --- a/src/falconpy/filevantage.py +++ b/src/falconpy/filevantage.py @@ -461,13 +461,27 @@ def create_scheduled_exclusions(self: object, body: dict = None, **kwargs) -> Di Keyword arguments: body - full body payload in JSON format, not required if using other keywords. { - "description": "string", - "name": "string", - "policy_id": "string", - "processes": "string", - "schedule_end": "string", - "schedule_start": "string", - "users": "string" + "description": "string", + "name": "string", + "policy_id": "string", + "processes": "string", + "repeated": { + "all_day": boolean, + "end_time": "string", + "frequency": "string", + "monthly_days": [ + integer + ], + "occurrence": "string", + "start_time": "string", + "weekly_days": [ + "string" + ] + }, + "schedule_end": "string", + "schedule_start": "string", + "timezone": "string", + "users": "string" } description -- The scheduled exclusion description. (String, 0-500 characters.) name -- Name of the scheduled exclusion. (String, 1-100 characters.) @@ -475,11 +489,17 @@ def create_scheduled_exclusions(self: object, body: dict = None, **kwargs) -> Di users -- Comma delimited list of users to NOT monitor changes. (String, 1-500 characters) `admin*` excludes changes made by all usernames that begin with admin. Falcon GLOB syntax is supported. - processes - Comma delimited list of processes to NOT monitor changes. (String, 1-500 characters) + processes -- Comma delimited list of processes to NOT monitor changes. (String, 1-500 characters) `**\RunMe.exe` or `**/RunMe.sh` excludes changes made by RunMe.exe or RunMe.sh in any location. - schedule_start - Indicates the start of the schedule. (String, RFC3339 format, Required) - schedule_end - Indicates the end of the schedule. (String, RFC3339 format) + repeated -- Optionally provide to indicate the exclusion is applied repeatedly within the + scheduled_start and scheduled_end time. (Dictionary) + schedule_start -- Indicates the start of the schedule. (String, RFC3339 format, Required) + schedule_end -- Indicates the end of the schedule. (String, RFC3339 format) + timezone -- Must be provided to indicate the TimeZone name set for the provided scheduled_start and + scheduled_end values. (String) + See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for values. + This method only supports keywords for providing arguments.