falcon_host_details

command
v0.2.35 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 3, 2023 License: MIT Imports: 9 Imported by: 0

README

Falcon Host Details

Stand-alone tool that uses Host devices scroll API to query all the host details and output JSON to the stdout. This tool can be used together with JSON parsing tools like jq in order to build reports of your liking.

Installation

go get github.com/crowdstrike/gofalcon/examples/falcon_host_details

Exemplary Usage

Get full details of all the hosts

$ FALCON_CLIENT_ID="abc" FALCON_CLIENT_SECRET="XYZ" FALCON_CLOUD=us-1 \
      falcon_host_details

Get total number of hosts

falcon_host_details | jq length

List hostnames of all hosts

falcon_host_details  | jq 'map(.hostname)'

List hosts and agent versions as key-value dictionary

falcon_host_details  | jq -r ' map( { (.hostname) : .agent_version } ) | add'

List hosts of particular operating system (using FQL (Falcon Query Language))

falcon_host_details --filter="platform_name:'Windows'"

List Kubernetes pods (protected by CrowdStrike Falcon Container) that have been running during past 7 days, show only pod names, agent versions and cloud information.

week_ago=$(date -d "7 days ago" '+%Y-%m-%d' 2>/dev/null || date -v-1w +%F)
falcon_host_details --filter="product_type_desc:'Pod'+last_seen:>='${week_ago}'" \
    | jq -r 'map({(.device_id): {"agent_version": .agent_version, "cloud": .service_provider, "pod_name": .pod_name}}) | add'

Please refer to Falcon Hosts API documentation to learn more about FQL filter parameter, about the meaning of the entity properties, and best practices. Further, please refer to jq tool manual to learn how to effectively post-process JSON outputs in command-line.

Documentation

The Go Gopher

There is no documentation for this package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL