CrowdStrike · jshcodes · Jun 5, 2024 · May 16, 2024 · May 16, 2024 · May 16, 2024
@@ -1365,3 +1365,17 @@ instantiation
 UpdateCSPMGCPServiceAccountsExt
 UpdateD
 RoemIko
+GetCombinedPluginConfigs
+CAWSAccountScriptsAttachment
+getActionsMixin
+startActions
+getContents
+signalChangesExternal
+queryActionsMixin
+RequestDeviceEnrollmentV
+ThreatGraph
+WorkflowActivitiesCombined
+WorkflowTriggersCombined
+Destom
+ValueError
+QueryCasesIdsByFilter
@@ -387,8 +387,8 @@ preferred-modules=
 [EXCEPTIONS]
 
 # Exceptions that will emit a warning when caught.
-overgeneral-exceptions=BaseException,
-                       Exception
+overgeneral-exceptions=builtins.BaseException,
+                       builtins.Exception
 
 
 [REFACTORING]

@@ -1,3 +1,156 @@
+# Version 1.4.4
+## Added features and functionality
++ Added: Added new __API Integrations__ service collection with two new operations, __GetCombinedPluginConfigs__ and __ExecuteCommand__.
+    - `__init__.py`
+    - `_endpoint/__init__.py`
+    - `_endpoint/_api_integrations.py`
+    - `_payload/__init__.py`
+    - `_payload/_api_integrations.py`
+    - `api_integrations.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_api_integrations.py`
+    - `tests/test_uber.py`
+
++ Added: Added new allowed parameters for the _GetCSPMAwsAccountScriptsAttachment_ operation within the __CSPM Registration__ service collection.
+    - `_endpoint/_cspm_registration.py`
+    - `cspm_registration.py`
+
++ Added: Added one new operation (_update_rules_v2_) to the __Custom IOA__ service collection.
+    - `_endpoint/_custom_ioa.py`
+    - `_endpoint/deprecated/_custom_ioa.py`
+    - `custom_ioa.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_custom_ioa.py`
+
++ Added: Added new allowed parameters for the _GetD4CAWSAccountScriptsAttachment_ operation within the __D4C Registration__ service collection.
+    - `_endpoint/_d4c_registration.py`
+    - `d4c_registration.py`
+
++ Added: Added new __Exposure Management__ service collection with 6 new operations.
+    - _aggregate_external_assets_
+    - _blob_download_external_assets_
+    - _blob_preview_external_assets_
+    - _get_external_assets_
+    - _patch_external_assets_
+    - _query_external_assets_
+    - `_endpoint/__init__.py`
+    - `_endpoint/_exposure_management.py`
+    - `_endpoint/deprecated/__init__.py`
+    - `_endpoint/deprecated/_exposure_management.py`
+    - `_payload/__init__.py`
+    - `_payload/_exposure_management.py`
+    - `__init__.py`
+    - `exposure_management.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_exposure_management.py`
+
++ Added: Added five new operations to the __FileVantage__ service collection.
+    - _getActionsMixin0_
+    - _startActions_
+    - _getContents_
+    - _signalChangesExternal_
+    - _queryActionsMixin0_
+    - `_constant/__init__.py`
+    - `_endpoint/_filevantage.py`
+    - `_payload/__init__.py`
+    - `_payload/_filevantage.py`
+    - `filevantage.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_filevantage.py`
+
++ Added: Added `cql-master`, `cql-update`, and `cql-changelog` as allowed options for the `type` keyword within the _GetLatestIntelRuleFile_ and _QueryIntelRuleIds_ operations (__Intel__ service collection).
+    - `_endpoint/_intel.py`
+    - `intel.py`
+
++ Added: Added one new operation (_RequestDeviceEnrollmentV4_) to the __Mobile Enrollment__ service collection.
+    - `_endpoint/_mobile_enrollment.py`
+    - `_payload/__init__.py`
+    - `_payload/_mobile_enrollment.py`
+    - `mobile_enrollment.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_mobile_enrollment.py`
+
++ Added: Added new __ThreatGraph__ service collection with 5 new operations.
+    - `__init__.py`
+    - `_endpoint/__init__.py`
+    - `_endpoint/_threatgraph.py`
+    - `_util/_functions.py`
+    - `_util/uber.py`
+    - `threatgraph.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_threatgraph.py`
+
++ Added: Added two new operations (_WorkflowActivitiesCombined_ and _WorkflowTriggersCombined_) to the __Workflows__ service collection.
+    - `_endpoint/_workflows.py`
+    - `workflows.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_workflows.py`
+
+## Issues resolved
++ Fixed: Resolved parameter abstraction issue when leveraging form data payloads with certain API operations. Closes #1160.
+    - `_util/__init__.py`
+    - `_util/_functions.py`
+    - `falconx_sandbox.py`
+    - `foundry_logscale.py`
+    - `message_center.py`
+    - `sample_uploads.py`
+    - `workflows.py`
+    > Unit testing expanding to complete code coverage.
+    - `test_falconx_sandbox.py`
+    - `test_message_center.py`
+    - `test_sample_uploads.py`
+    - `test_workflows.py`
+    - Thanks go out to @Destom for reporting this issue! 🙇
+
++ Fixed: Resolved collision with the `action` keyword argument within the Uber Class and API operations using this string as a key. Closes #1161.
+    - `_util/_uber.py`
+    - `api_complete/_advanced.py`
+    - Thanks go out to @Don-Swanson-Adobe for identifying and reporting this issue! 🙇
+
++ Fixed: Resolved potential ValueError when providing invalid values to version comparison method.
+    - `_version.py`
+    > Unit testing expanded to complete code coverage.
+    - `test_timeout.py`
+
+## Other
++ Adjusted: Unit testing adjusted to allow 204 responses from _DeletePolicy_ operation testing.
+    - `test_image_assessment_policies.py`
+
++ Expanded: Unit testing expanded to test context authentication when `base_url` is not specified.
+    - `test_zero_trust_assessment.py`
+
++ Updated: Updated enumerator for the `sort` parameter definition for the _QueryCasesIdsByFilter_ operation (__Message Center__ service collection).
+    - `_endpoint/_message_center.py`
+
++ Updated: Updated `filter` parameter description for the _query_iot_hosts_ operation within the __Discover__ service collection.
+    - `_endpoint/_discover.py`
+    - `_endpoint/deprecated/_discover.py`
+
++ Removed: Removed one operation from the __Drift Indicators__ service collection.
+    - _ReadDriftIndicatorEntities_
+    - `_endpoint/_drift_indicators.py`
+    - `drift_indicators.py`
+    > Unit testing revised to complete code coverage.
+    - `tests/test_drift_indicators.py`
+
++ Updated: Updated `sort` parameter description for the _query_rulesMixin0_ operation within the __Custom IOA__ service collection.
+    - `_endpoint/_custom_ioa.py`
+    - `_endpoint/deprecated/_custom_ioa.py`
+
++ Removed: Removed three operations from the __Kubernetes Protection__ service collection.
+    - _ReadContainerEnrichment_
+    - _ReadDeploymentEnrichment_
+    - _ReadPodEnrichment_
+    - `_endpoint/_kubernetes_protection.py`
+    - `kubernetes_protection.py`
+    > Unit testing revised to complete code coverage.
+    - `tests/test_kubernetes_protection.py`
+
++ Updated: Updated `filter` parameter description for the _ReadRunningContainerImages_ operation within the __Kubernetes Protection__ service collection.
+    - `_endpoint/_kubernetes_protection.py`
+
+---
+
 # Version 1.4.3
 ## Added features and functionality
 + Added: Context Authentication (supports Foundry execution environments).

@@ -88,6 +88,7 @@
     RequestValidator
     )
 from .alerts import Alerts
+from .api_integrations import APIIntegrations
 from .api_complete import APIHarness, APIHarnessV2
 from .cloud_snapshots import CloudSnapshots
 from .configuration_assessment_evaluation_logic import ConfigurationAssessmentEvaluationLogic
@@ -107,6 +108,7 @@
 from .discover import Discover
 from .drift_indicators import DriftIndicators
 from .event_streams import EventStreams
+from .exposure_management import ExposureManagement
 from .falcon_complete_dashboard import CompleteDashboard
 from .falcon_container import FalconContainer
 from .falconx_sandbox import FalconXSandbox
@@ -151,6 +153,7 @@
 from .spotlight_vulnerabilities import SpotlightVulnerabilities
 from .spotlight_evaluation_logic import SpotlightEvaluationLogic
 from .tailored_intelligence import TailoredIntelligence
+from .threatgraph import ThreatGraph
 from .unidentified_containers import UnidentifiedContainers
 from .user_management import UserManagement
 from .workflows import Workflows
@@ -195,7 +198,7 @@
     "SDKDeprecationWarning", "ConfigurationAssessmentEvaluationLogic", "ConfigurationAssessment",
     "ContainerAlerts", "ContainerDetections", "ContainerImages", "ContainerPackages",
     "ContainerVulnerabilities", "DriftIndicators", "UnidentifiedContainers",
-    "ImageAssessmentPolicies"
+    "ImageAssessmentPolicies", "APIIntegrations", "ThreatGraph", "ExposureManagement"
     ]
 """
 This is free and unencumbered software released into the public domain.

@@ -46,7 +46,7 @@
     "GetDeviceDetails", "PostDeviceDetailsV2", "GetVulnerabilities", "GetIntelIndicatorEntities",
     "getChildrenV2", "cancel-scans", "GetDetectSummaries", "UpdateQuarantinedDetectsByIds",
     "GetQuarantineFiles", "PostEntitiesAlertsV1", "CreateSavedSearchesDeployV1",
-    "WorkflowExecutionsAction"
+    "WorkflowExecutionsAction", "signalChangesExternal"
 ]
 MOCK_OPERATIONS: List[str] = [
     "GetImageAssessmentReport", "DeleteImageDetails", "ImageMatchesPolicy"

@@ -40,6 +40,7 @@
 from .deprecated import _deprecated_class_mapping
 
 from ._alerts import _alerts_endpoints
+from ._api_integrations import _api_integrations_endpoints
 from ._cloud_connect_aws import _cloud_connect_aws_endpoints
 from ._cloud_snapshots import _cloud_snapshots_endpoints
 from ._configuration_assessment_evaluation_logic import _configuration_assessment_evaluation_logic_endpoints
@@ -58,6 +59,7 @@
 from ._discover import _discover_endpoints
 from ._drift_indicators import _drift_indicators_endpoints
 from ._event_streams import _event_streams_endpoints
+from ._exposure_management import _exposure_management_endpoints
 from ._falcon_complete_dashboard import _falcon_complete_dashboard_endpoints
 from ._falcon_container import _falcon_container_endpoints
 from ._falconx_sandbox import _falconx_sandbox_endpoints
@@ -101,13 +103,15 @@
 from ._spotlight_evaluation_logic import _spotlight_evaluation_logic_endpoints
 from ._spotlight_vulnerabilities import _spotlight_vulnerabilities_endpoints
 from ._tailored_intelligence import _tailored_intelligence_endpoints
+from ._threatgraph import _threatgraph_endpoints
 from ._unidentified_containers import _unidentified_containers_endpoints
 from ._user_management import _user_management_endpoints
 from ._workflows import _workflows_endpoints
 from ._zero_trust_assessment import _zero_trust_assessment_endpoints
 
 api_endpoints: List[Any] = []
 api_endpoints.extend(_alerts_endpoints)
+api_endpoints.extend(_api_integrations_endpoints)
 api_endpoints.extend(_cloud_connect_aws_endpoints)
 api_endpoints.extend(_cloud_snapshots_endpoints)
 api_endpoints.extend(_configuration_assessment_evaluation_logic_endpoints)
@@ -126,6 +130,7 @@
 api_endpoints.extend(_discover_endpoints)
 api_endpoints.extend(_drift_indicators_endpoints)
 api_endpoints.extend(_event_streams_endpoints)
+api_endpoints.extend(_exposure_management_endpoints)
 api_endpoints.extend(_falcon_complete_dashboard_endpoints)
 api_endpoints.extend(_falcon_container_endpoints)
 api_endpoints.extend(_falconx_sandbox_endpoints)
@@ -169,6 +174,7 @@
 api_endpoints.extend(_spotlight_evaluation_logic_endpoints)
 api_endpoints.extend(_spotlight_vulnerabilities_endpoints)
 api_endpoints.extend(_tailored_intelligence_endpoints)
+api_endpoints.extend(_threatgraph_endpoints)
 api_endpoints.extend(_unidentified_containers_endpoints)
 api_endpoints.extend(_user_management_endpoints)
 api_endpoints.extend(_workflows_endpoints)

@@ -0,0 +1,90 @@
+"""Internal API endpoint constant library.
+
+ _______                        __ _______ __        __ __
+|   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
+|.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
+|.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
+|:  1   |                         |:  1   |
+|::.. . |   CROWDSTRIKE FALCON    |::.. . |    FalconPy
+`-------'                         `-------'
+
+OAuth2 API - Customer SDK
+
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org>
+"""
+
+_api_integrations_endpoints = [
+  [
+    "GetCombinedPluginConfigs",
+    "GET",
+    "/plugins/combined/configs/v1",
+    "Queries for config resources and returns details",
+    "api_integrations",
+    [
+      {
+        "type": "string",
+        "description": "Filter items using a query in Falcon Query Language (FQL).",
+        "name": "filter",
+        "in": "query"
+      },
+      {
+        "type": "integer",
+        "default": 100,
+        "description": "The number of items to return in this response (default: 100, max: 500). Use with the "
+        "offset parameter to manage pagination of results.",
+        "name": "limit",
+        "in": "query"
+      },
+      {
+        "type": "integer",
+        "description": "The first item to return, where 0 is the latest item. Use with the limit parameter to "
+        "manage pagination of results.",
+        "name": "offset",
+        "in": "query"
+      },
+      {
+        "type": "string",
+        "description": "Sort items using their properties.",
+        "name": "sort",
+        "in": "query"
+      }
+    ]
+  ],
+  [
+    "ExecuteCommand",
+    "POST",
+    "/plugins/entities/execute/v1",
+    "Execute a command.",
+    "api_integrations",
+    [
+      {
+        "name": "body",
+        "in": "body",
+        "required": True
+      }
+    ]
+  ]
+]