falcon

package
v0.2.28 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 18, 2022 License: MIT Imports: 23 Imported by: 20

Documentation

Index

Constants

View Source 
const (
	CloudAutoDiscover = iota
	CloudUs1
	CloudUs2
	CloudEu1
	CloudUsGov1
)

Variables

View Source 
var (
	Version = semver.MustParse("0.2.28")
)

Functions

func AssertNoError added in v0.2.6 

func AssertNoError(payloadErrors []*models.MsaAPIError) error

AssertNoError converts MsaAPIError to golang errors Falcon API oftentimes returns payload structure that may include application errors within MsaAPIError list. For the users of the API it is often times desirable to convert the application errors from CrowdStrike platform to golang native errors to inform application flow.

func ErrorExplain 

func ErrorExplain(apiError error) string

ErrorExplain extracts as much information from the error object as possible and returns as human readable string. This is useful for developers as gofalcon/falcon/client library is swagger generated and various error classes do not adhere to a common interface.

func NewClient 

func NewClient(ac *ApiConfig) (*client.CrowdStrikeAPISpecification, error)

NewClient return newly configured API Client based on configuration supplied by user. NewClient function is preferred entry-point to gofalcon SDK.

Types

type ApiConfig 

type ApiConfig struct {
	// Client ID used for authentication with CrowdStrike Falcon platform. *required*
	ClientId string
	// Client Secret used for authentication with CrowdStrike Falcon platform. *required*
	ClientSecret string
	// Optional: CID selector for cases when the ClientID/ClientSecret has access to multiple CIDs
	MemberCID string
	// This Context object will be used only when authenticating with the OAuth interface.
	Context context.Context
	// Cloud allows us to select Falcon Cloud to connect
	Cloud CloudType
	// HostOverride allows to override default host (default: api.crowdstrike.com)
	HostOverride string
	// BasePathOverride allows to override default base path (default: /)
	BasePathOverride string
	// HttpTimeOutOverride allows users to override default HTTP Time-out (5 minutes). This timeout should rarely be hit. The time-out protects user-application should an unlikely event of CrowdStrike outage occur. Users that need to have more control over HTTP time-outs are advised to use context.Context argument to API calls instead of this variable.
	HttpTimeOutOverride *time.Duration

	// Debug forces print out of all http traffic going through the API Runtime
	Debug bool
}

ApiConfig object is used to initialise and configure API Client. Together with NewClient function, ApiConfig provides preferred way to initiate API communication.

func (*ApiConfig) BasePath 

func (ac *ApiConfig) BasePath() string

Host returns base URL path to be used by this ApiConfig

func (*ApiConfig) Host 

func (ac *ApiConfig) Host() string

Host returns FQDN of CrowdStrike API Gateway to be used by this ApiConfig

func (*ApiConfig) HttpTimeout added in v0.2.13 

func (ac *ApiConfig) HttpTimeout() time.Duration

type CloudType 

type CloudType int

CloudType represents type of CrowdStrike Falcon cloud region.

func Cloud 

func Cloud(cloudString string) CloudType

Cloud parses clould string (example: us-1, us-2, eu-1, us-gov-1, etc). If a string is not recognised CloudUs1 is returned.

func CloudValidate 

func CloudValidate(cloudString string) (CloudType, error)

CloudValidate parses cloud string (example: us-1, us-2, eu-1, us-gov-1, etc.). Error is returned when string cannot be recognised

func (*CloudType) Autodiscover added in v0.2.15 

func (c *CloudType) Autodiscover(ctx context.Context, clientId, clientSecret string) error

func (CloudType) Host 

func (c CloudType) Host() string

Host returns default hostname for given cloud.

func (CloudType) String added in v0.2.11 

func (c CloudType) String() string

type CommonPayload 

type CommonPayload interface {
	MarshalBinary() ([]byte, error)
}

CommonPayload is interface for *Payload structures in the gofalcon/falcon/client library.

func ErrorExtractPayload 

func ErrorExtractPayload(apiError error) CommonPayload

ErrorExtractPayload pops out a .Payload member from the API Error (if included).

type RTR added in v0.2.22 

type RTR struct {
	// contains filtered or unexported fields
}

func NewRTR added in v0.2.22 

func NewRTR(apiCfg *ApiConfig) (*RTR, error)

func (*RTR) ActiveSessions added in v0.2.22 

func (r *RTR) ActiveSessions(ctx context.Context) ([]RTRSession, error)

func (*RTR) NewSession added in v0.2.22 

func (r *RTR) NewSession(ctx context.Context, deviceID string) (*RTRSession, error)

func (*RTR) PulseSession added in v0.2.22 

func (r *RTR) PulseSession(ctx context.Context, request *models.DomainInitRequest) (*RTRSession, error)

type RTRSession added in v0.2.22 

type RTRSession struct {
	// contains filtered or unexported fields
}

func (*RTRSession) Close added in v0.2.22 

func (s *RTRSession) Close(ctx context.Context) error

func (RTRSession) Execute added in v0.2.22 

func (s RTRSession) Execute(ctx context.Context, baseCommand, commandString string) (*models.DomainCommandExecuteResponse, error)

func (RTRSession) ExecuteAndWait added in v0.2.22 

func (s RTRSession) ExecuteAndWait(ctx context.Context, baseCommand, commandString string) (*models.DomainStatusResponse, error)

func (*RTRSession) GetFile added in v0.2.22 

func (s *RTRSession) GetFile(ctx context.Context, sha256, filePath string, output io.Writer) error

func (*RTRSession) ListFiles added in v0.2.22 

func (s *RTRSession) ListFiles(ctx context.Context) ([]*models.DomainFileV2, error)

func (*RTRSession) WaitForExecution added in v0.2.22 

func (s *RTRSession) WaitForExecution(ctx context.Context, cloudRequestId string) (*models.DomainStatusResponse, error)

type StreamingError 

type StreamingError struct {
	Fatal bool
	Err   error
}

StreamingError structure that holds original error and indicates whether the Error is likely fatal or not

func (StreamingError) Error 

func (e StreamingError) Error() string

type StreamingHandle 

type StreamingHandle struct {
	Events chan *streaming_models.EventItem
	Errors chan StreamingError
	// contains filtered or unexported fields
}

StreamingHandle is higher order type that allows for easy use of CrowdStrike Falcon Streaming API

func NewStream 

func NewStream(ctx context.Context, client *client.CrowdStrikeAPISpecification, appId string, stream *models.MainAvailableStreamV2, offset uint64) (*StreamingHandle, error)

NewStream initializes new StreamingHandle and connects to the Streaming API. The streams need to be discovered first by event_streams.ListAvailableStreamsOAuth2() method. The appId must be an ID that is unique within your CrowdStrike account. Each running instance of your application must provide unique ID. The offset value can then be used to skip seen events, should the stream disconnect. Users are advised to use zero (0) value at start. Each event then contains its own offset.

func (*StreamingHandle) Close 

func (sh *StreamingHandle) Close()

Close the StreamingHandle after use

Source Files

View all Source files

Directories

Path Synopsis
alerts
cloud_connect_aws
cspm_registration
custom_ioa
d4c_registration
detects
device_control_policies
discover
event_streams
falcon_complete_dashboard
falcon_container
falconx_sandbox
filevantage
firewall_management
firewall_policies
host_group
hosts
identity_protection
incidents
installation_tokens
intel
ioa_exclusions
ioc
iocs
kubernetes_protection
malquery
message_center
ml_exclusions
mobile_enrollment
mssp
oauth2
overwatch_dashboard
prevention_policies
quarantine
quick_scan
real_time_response
real_time_response_admin
recon
report_executions
response_policies
sample_uploads
scheduled_reports
sensor_download
sensor_update_policies
sensor_visibility_exclusions
spotlight_evaluation_logic
spotlight_vulnerabilities
tailored_intelligence
user_management
zero_trust_assessment
streaming_models

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.