Documentation ¶
Index ¶
- Constants
- Variables
- func AssertNoError(payloadErrors []*models.MsaAPIError) error
- func ErrorExplain(apiError error) string
- func FalconContainerSensorImageURI(falconCloud CloudType, sensorType SensorType) string
- func FalconContainerUploadURI(falconCloud CloudType) string
- func NewClient(ac *ApiConfig) (*client.CrowdStrikeAPISpecification, error)
- type ApiConfig
- type CloudType
- type CommonPayload
- type RTR
- func (r *RTR) ActiveSessions(ctx context.Context) ([]RTRSession, error)
- func (r *RTR) BatchActiveResponderCmd(ctx context.Context, timeout *int64, timeoutDuration *time.Duration, ...) (map[string]models.DomainMultiStatusSensorResponse, error)
- func (r *RTR) BatchAdminCmd(ctx context.Context, timeout *int64, timeoutDuration *time.Duration, ...) (map[string]models.DomainMultiStatusSensorResponse, error)
- func (r *RTR) BatchCmd(ctx context.Context, timeout *int64, timeoutDuration *time.Duration, ...) (map[string]models.DomainMultiStatusSensorResponse, error)
- func (r *RTR) CreatePutFile(ctx context.Context, name *string, description string, auditLogComment *string, ...) error
- func (r *RTR) CreateScript(ctx context.Context, name *string, description, permissionType string, ...) error
- func (r *RTR) DeletePutFile(ctx context.Context, id string, opts ...real_time_response_admin.ClientOption) error
- func (r *RTR) DeleteScript(ctx context.Context, id string, opts ...real_time_response_admin.ClientOption) error
- func (r *RTR) GetPutFiles(ctx context.Context, ids []string, ...) ([]*models.EmpowerapiRemoteCommandPutFileV2, error)
- func (r *RTR) GetScripts(ctx context.Context, ids []string, ...) ([]*models.EmpowerapiRemoteCommandPutFileV2, error)
- func (r *RTR) ListPutFiles(ctx context.Context, filter *string, limit *int64, offset, sort *string, ...) (*models.BinservapiMsaPutFileResponse, error)
- func (r *RTR) ListScripts(ctx context.Context, filter *string, limit *int64, offset, sort *string, ...) (*models.BinservapiMsaPutFileResponse, error)
- func (r *RTR) NewBatchSession(ctx context.Context, timeout *int64, timeoutDuration *time.Duration, ...) (*models.DomainBatchInitSessionResponse, error)
- func (r *RTR) NewSession(ctx context.Context, deviceID string) (*RTRSession, error)
- func (r *RTR) PulseSession(ctx context.Context, request *models.DomainInitRequest) (*RTRSession, error)
- func (r *RTR) UpdateScript(ctx context.Context, id string, name, description, permissionType *string, ...) error
- type RTRSession
- func (s *RTRSession) ActiveResponderExecute(ctx context.Context, baseCommand, commandString string, ...) (*models.DomainCommandExecuteResponse, error)
- func (s *RTRSession) ActiveResponderExecuteAndWait(ctx context.Context, baseCommand, commandString string, ...) (*models.DomainStatusResponse, error)
- func (s *RTRSession) ActiveResponderWaitForExecution(ctx context.Context, cloudRequestId string, ...) (*models.DomainStatusResponse, error)
- func (s *RTRSession) AdminExecute(ctx context.Context, baseCommand, commandString string, ...) (*models.DomainCommandExecuteResponse, error)
- func (s *RTRSession) AdminExecuteAndWait(ctx context.Context, baseCommand, commandString string, ...) (*models.DomainStatusResponse, error)
- func (s *RTRSession) AdminWaitForExecution(ctx context.Context, cloudRequestId string, ...) (*models.DomainStatusResponse, error)
- func (s *RTRSession) Close(ctx context.Context) error
- func (s *RTRSession) Execute(ctx context.Context, baseCommand, commandString string, ...) (*models.DomainCommandExecuteResponse, error)
- func (s *RTRSession) ExecuteAndWait(ctx context.Context, baseCommand, commandString string, ...) (*models.DomainStatusResponse, error)
- func (s *RTRSession) GetFile(ctx context.Context, sha256, filePath string, output io.Writer) error
- func (s *RTRSession) ListFiles(ctx context.Context) ([]*models.DomainFileV2, error)
- func (s *RTRSession) WaitForExecution(ctx context.Context, cloudRequestId string, ...) (*models.DomainStatusResponse, error)
- type SensorType
- type StreamingError
- type StreamingHandle
- type TransportDecorator
Constants ¶
const ( CloudAutoDiscover = iota CloudUs1 CloudUs2 CloudEu1 CloudUsGov1 )
Variables ¶
var (
Version = semver.MustParse("0.6.0")
)
Functions ¶
func AssertNoError ¶ added in v0.2.6
func AssertNoError(payloadErrors []*models.MsaAPIError) error
AssertNoError converts MsaAPIError to golang errors Falcon API oftentimes returns payload structure that may include application errors within MsaAPIError list. For the users of the API it is often times desirable to convert the application errors from CrowdStrike platform to golang native errors to inform application flow.
func ErrorExplain ¶
ErrorExplain extracts as much information from the error object as possible and returns as human readable string. This is useful for developers as gofalcon/falcon/client library is swagger generated and various error classes do not adhere to a common interface.
func FalconContainerSensorImageURI ¶ added in v0.5.0
func FalconContainerSensorImageURI(falconCloud CloudType, sensorType SensorType) string
FalconContainerSensorImageURI returns a URI for downloading a container sensor image. Defaults to the falcon-sensor image.
func FalconContainerUploadURI ¶ added in v0.5.0
FalconContainerUploadURI parses cloud string (example: us-1, us-2, eu-1, us-gov-1, etc) and returns a URI for uploading a container image for ImageAssessment.
Types ¶
type ApiConfig ¶
type ApiConfig struct { // AccessToken is the access token used to access the CrowdStrike Falcon platform. // If used either Cloud or HostOverride must be provided. // *required* if ClientId and ClientSecret are empty. AccessToken string // Client ID used for authentication with CrowdStrike Falcon platform. // *required* if AccessToken is empty. ClientId string // Client Secret used for authentication with CrowdStrike Falcon platform. // *required* if AccessToken is empty. ClientSecret string // Optional: CID selector for cases when the ClientID/ClientSecret has access to multiple CIDs MemberCID string // This Context object will be used only when authenticating with the OAuth interface. Context context.Context // Cloud allows us to select Falcon Cloud to connect. Cloud CloudType // HostOverride allows to override host. Cloud will be ignored. HostOverride string // BasePathOverride allows to override default base path (default: /) BasePathOverride string // HttpTimeOutOverride allows users to override default HTTP Time-out (5 minutes). This timeout should rarely be hit. The time-out protects user-application should an unlikely event of CrowdStrike outage occur. Users that need to have more control over HTTP time-outs are advised to use context.Context argument to API calls instead of this variable. HttpTimeOutOverride *time.Duration // UserAgentOverride allows to override default User-Agent HTTP header when talking with CrowdStrike API (default: gofalcon/$VERSION) UserAgentOverride string // TransportDecorator allows users to decorate and customize default authenticated client http.RoundTripper behavior. TransportDecorator TransportDecorator // Debug forces print out of all http traffic going through the API Runtime Debug bool }
ApiConfig object is used to initialise and configure API Client. Together with NewClient function, ApiConfig provides preferred way to initiate API communication.
func (*ApiConfig) HttpTimeout ¶ added in v0.2.13
type CloudType ¶
type CloudType int
CloudType represents type of CrowdStrike Falcon cloud region.
func Cloud ¶
Cloud parses cloud string (example: us-1, us-2, eu-1, us-gov-1, etc). If a string is not recognized CloudUs1 is returned.
func CloudValidate ¶
CloudValidate parses cloud string (example: us-1, us-2, eu-1, us-gov-1, etc.). Error is returned when string cannot be recognized.
func (*CloudType) Autodiscover ¶ added in v0.2.15
type CommonPayload ¶
CommonPayload is interface for *Payload structures in the gofalcon/falcon/client library.
func ErrorExtractPayload ¶
func ErrorExtractPayload(apiError error) CommonPayload
ErrorExtractPayload pops out a .Payload member from the API Error (if included).
type RTR ¶ added in v0.2.22
type RTR struct {
// contains filtered or unexported fields
}
func (*RTR) ActiveSessions ¶ added in v0.2.22
func (r *RTR) ActiveSessions(ctx context.Context) ([]RTRSession, error)
func (*RTR) BatchActiveResponderCmd ¶ added in v0.2.35
func (r *RTR) BatchActiveResponderCmd(ctx context.Context, timeout *int64, timeoutDuration *time.Duration, hostTimeoutDuration time.Duration, baseCommand, batchID, commandString string, optionalHosts []string, opts ...real_time_response.ClientOption) (map[string]models.DomainMultiStatusSensorResponse, error)
BatchActiveResponderCmd executes an RTR Active Responder command against a batch of hosts. timeout and timeoutDuration are pointers because only one is required and they are mutually exclusive. timeoutDuration is preferred.
func (*RTR) BatchAdminCmd ¶ added in v0.2.35
func (r *RTR) BatchAdminCmd(ctx context.Context, timeout *int64, timeoutDuration *time.Duration, hostTimeoutDuration time.Duration, baseCommand, batchID, commandString string, optionalHosts []string, opts ...real_time_response_admin.ClientOption) (map[string]models.DomainMultiStatusSensorResponse, error)
BatchAdminCmd executes an RTR Admin command against a batch of hosts. timeout and timeoutDuration are pointers because only one is required and they are mutually exclusive. timeoutDuration is preferred.
func (*RTR) BatchCmd ¶ added in v0.2.35
func (r *RTR) BatchCmd(ctx context.Context, timeout *int64, timeoutDuration *time.Duration, hostTimeoutDuration time.Duration, baseCommand, batchID, commandString string, optionalHosts []string, opts ...real_time_response.ClientOption) (map[string]models.DomainMultiStatusSensorResponse, error)
BatchCmd executes an RTR Read Only Analyst command against a batch of hosts. timeout and timeoutDuration are pointers because only one is required and they are mutually exclusive. timeoutDuration is preferred.
func (*RTR) CreatePutFile ¶ added in v0.2.32
func (r *RTR) CreatePutFile(ctx context.Context, name *string, description string, auditLogComment *string, file runtime.NamedReadCloser, opts ...real_time_response_admin.ClientOption) error
func (*RTR) CreateScript ¶ added in v0.2.32
func (r *RTR) CreateScript(ctx context.Context, name *string, description, permissionType string, platform []string, auditLogComment, content *string, file runtime.NamedReadCloser, opts ...real_time_response_admin.ClientOption) error
func (*RTR) DeletePutFile ¶ added in v0.2.32
func (r *RTR) DeletePutFile(ctx context.Context, id string, opts ...real_time_response_admin.ClientOption) error
func (*RTR) DeleteScript ¶ added in v0.2.32
func (r *RTR) DeleteScript(ctx context.Context, id string, opts ...real_time_response_admin.ClientOption) error
func (*RTR) GetPutFiles ¶ added in v0.2.32
func (r *RTR) GetPutFiles(ctx context.Context, ids []string, opts ...real_time_response_admin.ClientOption) ([]*models.EmpowerapiRemoteCommandPutFileV2, error)
func (*RTR) GetScripts ¶ added in v0.2.32
func (r *RTR) GetScripts(ctx context.Context, ids []string, opts ...real_time_response_admin.ClientOption) ([]*models.EmpowerapiRemoteCommandPutFileV2, error)
func (*RTR) ListPutFiles ¶ added in v0.2.32
func (r *RTR) ListPutFiles(ctx context.Context, filter *string, limit *int64, offset, sort *string, opts ...real_time_response_admin.ClientOption) (*models.BinservapiMsaPutFileResponse, error)
func (*RTR) ListScripts ¶ added in v0.2.32
func (r *RTR) ListScripts(ctx context.Context, filter *string, limit *int64, offset, sort *string, opts ...real_time_response_admin.ClientOption) (*models.BinservapiMsaPutFileResponse, error)
func (*RTR) NewBatchSession ¶ added in v0.2.35
func (r *RTR) NewBatchSession(ctx context.Context, timeout *int64, timeoutDuration *time.Duration, hostTimeoutDuration time.Duration, hostIDs []string, existingBatchID *string, queueOffline bool, opts ...real_time_response.ClientOption) (*models.DomainBatchInitSessionResponse, error)
NewBatchSession initiates a batch session for the given hosts. Use the returned BatchID in subsequent call via the command methods in this type to then execute RTR commands on them. timeout and timeoutDuration are pointers because only one is required and they are mutually exclusive. timeoutDuration is preferred.
func (*RTR) NewSession ¶ added in v0.2.22
func (*RTR) PulseSession ¶ added in v0.2.22
func (r *RTR) PulseSession(ctx context.Context, request *models.DomainInitRequest) (*RTRSession, error)
func (*RTR) UpdateScript ¶ added in v0.2.32
func (r *RTR) UpdateScript(ctx context.Context, id string, name, description, permissionType *string, platform []string, auditLogComment, content *string, file runtime.NamedReadCloser, opts ...real_time_response_admin.ClientOption) error
type RTRSession ¶ added in v0.2.22
type RTRSession struct {
// contains filtered or unexported fields
}
func (*RTRSession) ActiveResponderExecute ¶ added in v0.2.32
func (s *RTRSession) ActiveResponderExecute(ctx context.Context, baseCommand, commandString string, opts ...real_time_response.ClientOption) (*models.DomainCommandExecuteResponse, error)
func (*RTRSession) ActiveResponderExecuteAndWait ¶ added in v0.2.32
func (s *RTRSession) ActiveResponderExecuteAndWait(ctx context.Context, baseCommand, commandString string, opts ...real_time_response.ClientOption) (*models.DomainStatusResponse, error)
func (*RTRSession) ActiveResponderWaitForExecution ¶ added in v0.2.32
func (s *RTRSession) ActiveResponderWaitForExecution(ctx context.Context, cloudRequestId string, opts ...real_time_response.ClientOption) (*models.DomainStatusResponse, error)
func (*RTRSession) AdminExecute ¶ added in v0.2.32
func (s *RTRSession) AdminExecute(ctx context.Context, baseCommand, commandString string, opts ...real_time_response_admin.ClientOption) (*models.DomainCommandExecuteResponse, error)
func (*RTRSession) AdminExecuteAndWait ¶ added in v0.2.32
func (s *RTRSession) AdminExecuteAndWait(ctx context.Context, baseCommand, commandString string, opts ...real_time_response_admin.ClientOption) (*models.DomainStatusResponse, error)
func (*RTRSession) AdminWaitForExecution ¶ added in v0.2.32
func (s *RTRSession) AdminWaitForExecution(ctx context.Context, cloudRequestId string, opts ...real_time_response_admin.ClientOption) (*models.DomainStatusResponse, error)
func (*RTRSession) Execute ¶ added in v0.2.22
func (s *RTRSession) Execute(ctx context.Context, baseCommand, commandString string, opts ...real_time_response.ClientOption) (*models.DomainCommandExecuteResponse, error)
func (*RTRSession) ExecuteAndWait ¶ added in v0.2.22
func (s *RTRSession) ExecuteAndWait(ctx context.Context, baseCommand, commandString string, opts ...real_time_response.ClientOption) (*models.DomainStatusResponse, error)
func (*RTRSession) ListFiles ¶ added in v0.2.22
func (s *RTRSession) ListFiles(ctx context.Context) ([]*models.DomainFileV2, error)
func (*RTRSession) WaitForExecution ¶ added in v0.2.22
func (s *RTRSession) WaitForExecution(ctx context.Context, cloudRequestId string, opts ...real_time_response.ClientOption) (*models.DomainStatusResponse, error)
type SensorType ¶ added in v0.5.0
type SensorType string
const ( SidecarSensor SensorType = "falcon-container" ImageSensor SensorType = "falcon-imageanalyzer" KacSensor SensorType = "falcon-kac" NodeSensor SensorType = "falcon-sensor" )
type StreamingError ¶
StreamingError structure that holds original error and indicates whether the Error is likely fatal or not
func (StreamingError) Error ¶
func (e StreamingError) Error() string
type StreamingHandle ¶
type StreamingHandle struct { Events chan *streaming_models.EventItem Errors chan StreamingError HTTPClient *http.Client // contains filtered or unexported fields }
StreamingHandle is higher order type that allows for easy use of CrowdStrike Falcon Streaming API
func NewStream ¶
func NewStream(ctx context.Context, client *client.CrowdStrikeAPISpecification, appId string, stream *models.MainAvailableStreamV2, offset uint64) (*StreamingHandle, error)
NewStream initializes new StreamingHandle and connects to the Streaming API. The streams need to be discovered first by event_streams.ListAvailableStreamsOAuth2() method. The appId must be an ID that is unique within your CrowdStrike account. Each running instance of your application must provide unique ID. The offset value can then be used to skip seen events, should the stream disconnect. Users are advised to use zero (0) value at start. Each event then contains its own offset.
func NewStreamWithClient ¶ added in v0.2.35
func NewStreamWithClient(ctx context.Context, client *client.CrowdStrikeAPISpecification, appId string, stream *models.MainAvailableStreamV2, offset uint64, httpClient *http.Client) (*StreamingHandle, error)
NewStreamWithClient initializes new StreamingHandle and connects to the Streaming API using the provided http.Client.
func (*StreamingHandle) Close ¶
func (sh *StreamingHandle) Close()
Close the StreamingHandle after use
type TransportDecorator ¶ added in v0.2.34
type TransportDecorator func(http.RoundTripper) http.RoundTripper
TransportDecorator accepts a RoundTripper and returns a RoundTripper. This can be used to wrap or decorate the authenticated client's built-in HTTP client operation behavior for all API requests.