falcon

package
v0.2.24 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 26, 2022 License: MIT Imports: 23 Imported by: 20

Documentation

Index

Constants

View Source
const (
	CloudAutoDiscover = iota
	CloudUs1
	CloudUs2
	CloudEu1
	CloudUsGov1
)

Variables

View Source
var (
	Version = semver.MustParse("0.2.24")
)

Functions

func AssertNoError added in v0.2.6

func AssertNoError(payloadErrors []*models.MsaAPIError) error

AssertNoError converts MsaAPIError to golang errors Falcon API oftentimes returns payload structure that may include application errors within MsaAPIError list. For the users of the API it is often times desirable to convert the application errors from CrowdStrike platform to golang native errors to inform application flow.

func ErrorExplain

func ErrorExplain(apiError error) string

ErrorExplain extracts as much information from the error object as possible and returns as human readable string. This is useful for developers as gofalcon/falcon/client library is swagger generated and various error classes do not adhere to a common interface.

func NewClient

NewClient return newly configured API Client based on configuration supplied by user. NewClient function is preferred entry-point to gofalcon SDK.

Types

type ApiConfig

type ApiConfig struct {
	// Client ID used for authentication with CrowdStrike Falcon platform. *required*
	ClientId string
	// Client Secret used for authentication with CrowdStrike Falcon platform. *required*
	ClientSecret string
	// Optional: CID selector for cases when the ClientID/ClientSecret has access to multiple CIDs
	MemberCID string
	// This Context object will be used only when authenticating with the OAuth interface.
	Context context.Context
	// Cloud allows us to select Falcon Cloud to connect
	Cloud CloudType
	// HostOverride allows to override default host (default: api.crowdstrike.com)
	HostOverride string
	// BasePathOverride allows to override default base path (default: /)
	BasePathOverride string
	// HttpTimeOutOverride allows users to override default HTTP Time-out (5 minutes). This timeout should rarely be hit. The time-out protects user-application should an unlikely event of CrowdStrike outage occur. Users that need to have more control over HTTP time-outs are advised to use context.Context argument to API calls instead of this variable.
	HttpTimeOutOverride *time.Duration

	// Debug forces print out of all http traffic going through the API Runtime
	Debug bool
}

ApiConfig object is used to initialise and configure API Client. Together with NewClient function, ApiConfig provides preferred way to initiate API communication.

func (*ApiConfig) BasePath

func (ac *ApiConfig) BasePath() string

Host returns base URL path to be used by this ApiConfig

func (*ApiConfig) Host

func (ac *ApiConfig) Host() string

Host returns FQDN of CrowdStrike API Gateway to be used by this ApiConfig

func (*ApiConfig) HttpTimeout added in v0.2.13

func (ac *ApiConfig) HttpTimeout() time.Duration

type CloudType

type CloudType int

CloudType represents type of CrowdStrike Falcon cloud region.

func Cloud

func Cloud(cloudString string) CloudType

Cloud parses clould string (example: us-1, us-2, eu-1, us-gov-1, etc). If a string is not recognised CloudUs1 is returned.

func CloudValidate

func CloudValidate(cloudString string) (CloudType, error)

CloudValidate parses cloud string (example: us-1, us-2, eu-1, us-gov-1, etc.). Error is returned when string cannot be recognised

func (*CloudType) Autodiscover added in v0.2.15

func (c *CloudType) Autodiscover(ctx context.Context, clientId, clientSecret string) error

func (CloudType) Host

func (c CloudType) Host() string

Host returns default hostname for given cloud.

func (CloudType) String added in v0.2.11

func (c CloudType) String() string

type CommonPayload

type CommonPayload interface {
	MarshalBinary() ([]byte, error)
}

CommonPayload is interface for *Payload structures in the gofalcon/falcon/client library.

func ErrorExtractPayload

func ErrorExtractPayload(apiError error) CommonPayload

ErrorExtractPayload pops out a .Payload member from the API Error (if included).

type RTR added in v0.2.22

type RTR struct {
	// contains filtered or unexported fields
}

func NewRTR added in v0.2.22

func NewRTR(apiCfg *ApiConfig) (*RTR, error)

func (*RTR) ActiveSessions added in v0.2.22

func (r *RTR) ActiveSessions(ctx context.Context) ([]RTRSession, error)

func (*RTR) NewSession added in v0.2.22

func (r *RTR) NewSession(ctx context.Context, deviceID string) (*RTRSession, error)

func (*RTR) PulseSession added in v0.2.22

func (r *RTR) PulseSession(ctx context.Context, request *models.DomainInitRequest) (*RTRSession, error)

type RTRSession added in v0.2.22

type RTRSession struct {
	// contains filtered or unexported fields
}

func (*RTRSession) Close added in v0.2.22

func (s *RTRSession) Close(ctx context.Context) error

func (RTRSession) Execute added in v0.2.22

func (s RTRSession) Execute(ctx context.Context, baseCommand, commandString string) (*models.DomainCommandExecuteResponse, error)

func (RTRSession) ExecuteAndWait added in v0.2.22

func (s RTRSession) ExecuteAndWait(ctx context.Context, baseCommand, commandString string) (*models.DomainStatusResponse, error)

func (*RTRSession) GetFile added in v0.2.22

func (s *RTRSession) GetFile(ctx context.Context, sha256, filePath string, output io.Writer) error

func (*RTRSession) ListFiles added in v0.2.22

func (s *RTRSession) ListFiles(ctx context.Context) ([]*models.DomainFileV2, error)

func (*RTRSession) WaitForExecution added in v0.2.22

func (s *RTRSession) WaitForExecution(ctx context.Context, cloudRequestId string) (*models.DomainStatusResponse, error)

type StreamingError

type StreamingError struct {
	Fatal bool
	Err   error
}

StreamingError structure that holds original error and indicates whether the Error is likely fatal or not

func (StreamingError) Error

func (e StreamingError) Error() string

type StreamingHandle

type StreamingHandle struct {
	Events chan *streaming_models.EventItem
	Errors chan StreamingError
	// contains filtered or unexported fields
}

StreamingHandle is higher order type that allows for easy use of CrowdStrike Falcon Streaming API

func NewStream

NewStream initializes new StreamingHandle and connects to the Streaming API. The streams need to be discovered first by event_streams.ListAvailableStreamsOAuth2() method. The appId must be an ID that is unique within your CrowdStrike account. Each running instance of your application must provide unique ID. The offset value can then be used to skip seen events, should the stream disconnect. Users are advised to use zero (0) value at start. Each event then contains its own offset.

func (*StreamingHandle) Close

func (sh *StreamingHandle) Close()

Close the StreamingHandle after use

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL