Samples updates - Fixes and new contributions

.github/wordlist.txt

@@ -1379,3 +1379,5 @@ WorkflowTriggersCombined
 Destom
 ValueError
 QueryCasesIdsByFilter
+SDKDEMO
+

AUTHORS.md

@@ -94,6 +94,9 @@ This has been a critical element in the development of the FalconPy project.
 + `@PeroSoy`
 + Shubham, `@i-shubham01`
 + Don "Swanson" I., `@Don-Swanson-Adobe`
++ Nick, `nickforsythbarr`
++ `nesies`
++ `David-M-Berry`
 
 
 ## Sponsors

samples/README.md

@@ -45,7 +45,7 @@ The following samples are categorized by CrowdStrike product, and further catego
 
 | Topic | Samples |
 | :-- | :-- |
-| [Hosts](#hosts-samples)<BR/>[Host Groups](#hosts-samples)<BR/> | List sensors by hostname<BR/>Manage duplicate sensors<BR/>CUSSED (Manage stale sensors)<BR/>Default Groups<BR/>Get Host Groups<BR/>Hosts Report<BR/>Host Search<BR/>Host Tagger<BR/>Policy Check<BR/>RFM Report<BR/>Serial Search<BR/>Match usernames to hosts<BR/>Offset vs. Token<BR/>Prune Hosts by Hostname or AID<BR/>Quarantine a host<BR/>Quarantine a host (updated version) |
+| [Hosts](#hosts-samples)<BR/>[Host Groups](#hosts-samples)<BR/> | List sensors by hostname<BR/>Manage duplicate sensors<BR/>CUSSED (Manage stale sensors)<BR/>Default Groups<BR/>Get Host Groups<BR/>Hosts Report<BR/>Host Search<BR/>Host Search Advanced<BR/>Host Tagger<BR/>Policy Check<BR/>RFM Report<BR/>Serial Search<BR/>Match usernames to hosts<BR/>Offset vs. Token<BR/>Prune Hosts by Hostname or AID<BR/>Quarantine a host<BR/>Quarantine a host (updated version) |
 | [Report Executions](#report-executions-samples) | Retrieve all report results |
 | [Sensor Download](#sensor-download-samples) | Download the CrowdStrike sensor |
 | [Sensor Update Policies](#sensor-update-policies-samples) | Clone Update Policy<BR/>Create Host Group and attach Update Policy<BR/>Policy Wonk |
@@ -196,6 +196,7 @@ The samples collected in this section demonstrate leveraging CrowdStrike's Hosts
 - [Get Host Groups](#get-host-group)
 - [Hosts Report](#hosts-report)
 - [Host Search](#host-search)
+- [Host Search Advanced](#host-search-advanced)
 - [Host Tagger](#host-tagger)
 - [Match usernames to hosts](#match-usernames-to-hosts)
 - [Offset vs. Token](#offset-vs-token)
@@ -332,6 +333,22 @@ This sample demonstrates the following CrowdStrike Hosts API operations:
 
 ---
 
+#### Hosts Search Advanced
+This [example](hosts#hosts-search-advanced) will demonstrate how to search for host details by hostname.
+
+[![Hosts](https://img.shields.io/badge/Service%20Class-Hosts_Search-silver?style=for-the-badge&labelColor=C30A16&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](hosts#hosts-search-advanced)
+[![Community Contribution](https://img.shields.io/badge/-Contribution-2C6B07?style=for-the-badge&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/blob/main/AUTHORS.md)
+
+##### Hosts API operations discussed
+This sample demonstrates the following CrowdStrike Hosts API operations:
+
+| Operation | Description |
+| :--- | :--- |
+| [GetDeviceDetails](https://falconpy.io/Service-Collections/Hosts.html#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the [QueryDevicesByFilter](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) operation, the Falcon console or the Streaming API. |
+| [QueryDevicesByFilter](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) | Search for hosts in your environment by platform, hostname, IP, and other criteria. |
+
+---
+
 #### Hosts Tagger
 This [example](hosts#hosts-tagger) will demonstrate how to tag or untag multiple hosts in batch.
 

samples/hosts/README.md

@@ -9,6 +9,7 @@ The examples in this folder focus on leveraging CrowdStrike's Hosts API to perfo
 - [Get Host Groups](#get-host-groups)
 - [Host Report](#host-report)
 - [Host Search](#host-search)
+- [Host Search Advanced](#host-search-advanced)
 - [List sensor versions by Hostname](#list-sensors-by-hostname)
 - [List (and optionally remove) duplicate sensors](#list-duplicate-sensors)
 - [List (and optionally remove) stale sensors](#list-stale-sensors)
@@ -362,7 +363,7 @@ The source code for these examples can be found [here](get_host_groups.py).
 
 ---
 
-## Hosts Report
+## Host Report
 This script replaces the manual daily export of hosts from the Falcon Console that was required to audit host compliance. It was developed to be run as a recurring job and will output a CSV with all hosts in the CID along with other required info that can then be imported into a compliance dashboard or tool.
 
 ### Running the program
@@ -545,6 +546,67 @@ Required arguments:
 
 ### Example source code
 The source code for these examples can be found [here](host_search.py).
+---
+## Host Search Advanced
+
+This script retains the original functionality of host_search.py above, but adds in functionality for partial matches of hostnames. This will help with endpoint discovery where the domain is known, or a pattern of host naming is known, but not all endpoints have been discovered. 
+
+This script will also ignore comments in a hostname file, thus keeping the output.csv cleaner.
+
+To read an input file of hostnames, the -f option (used in the original host_search.py) has been changed to -i. This made more sense considering the more "insensitive" nature of the search, and makes a visual identification of the full command easier if you use both the original host_search.py, and the host_search_advanced.py. A potential use case could be to discover hosts using the 'advanced' search, in order to reconcile with hostname files for use with the original host search.
+
+#### Command-line help
+Command-line help is available via the `-h` argument.
+
+```shell
+usage: host_search_advanced.py [-h] [-d] [-n HOSTNAME] [-i INPUT_FILE] [-o OUTPUT_PATH]
+                               [-k CLIENT_ID] [-s CLIENT_SECRET]
+
+ _______                        __ _______ __        __ __
+|   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
+|.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
+|.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
+|:  1   |                         |:  1   |
+|::.. . |                         |::.. . |           FalconPy
+`-------'                         `-------'
+
+  _   _           _     ____                      _      
+ | | | | ___  ___| |_  / ___|  ___  __ _ _ __ ___| |__   
+ | |_| |/ _ \/ __| __| \___ \ / _ \/ _` | '__/ __| '_ \  
+ |  _  | (_) \__ \ |_   ___) |  __/ (_| | | | (__| | | | 
+ |_| |_|\___/|___/\__| |____/ \___|\__,_|_|  \___|_| |_| 
+     _       _                               _           
+    / \   __| |_   ____ _ _ __   ___ ___  __| |          
+   / _ \ / _` \ \ / / _` | '_ \ / __/ _ \/ _` |          
+  / ___ \ (_| |\ V / (_| | | | | (_|  __/ (_| |          
+ /_/   \_\__,_| \_/ \__,_|_| |_|\___\___|\__,_|          
+
+
+This script will take a file listing of hostnames (one host per line) or
+a single hostname provided at runtime to produce a CSV containing the 
+details for hosts that are found. This solution can be used to compare a
+list of hostnames to the list of hosts in the Falcon Console to determine
+which hostnames are not currently reporting in to the console, or to discover hosts based on a partial match of the hostname. Comments in input files are also ommitted from lookup, thus keeping the output.csv clean, and allowing you to work with more useful host name files/inventory.
+
+Developed by @Don-Swanson-Adobe, additional functionality by @David-M-Berry
+
+options:
+  -h, --help            show this help message and exit
+  -d, --debug           Enable API debugging
+  -n HOSTNAME, --hostname HOSTNAME
+                        Hostname to search for
+  -i INPUT_FILE, --input_file INPUT_FILE
+                        Text file containing hostnames to search for
+  -o OUTPUT_PATH, --output_path OUTPUT_PATH
+                        Location to store CSV output
+
+Required arguments:
+  -k CLIENT_ID, --client_id CLIENT_ID
+                        CrowdStrike Falcon API key
+  -s CLIENT_SECRET, --client_secret CLIENT_SECRET
+                        CrowdStrike Falcon API secret
+```
+
 
 ---
 
@@ -746,6 +808,12 @@ This variation will retrieve a list of hosts that haven't checked in to CrowdStr
 python3 stale_sensors.py -k $FALCON_CLIENT_ID -s $FALCON_CLIENT_SECRET -d 30 -t testtag
 ```
 
+This variation leverages a regular expression to match the host "SDKDEMO3".
+
+```shell
+python3 stale_sensors.py -k $FALCON_CLIENT_ID -s $FALCON_CLIENT_SECRET -d 30 -p "^SDK.*3$"
+```
+
 You can reverse the list sort with the `-r` or `--reverse` argument.
 
 ```shell
@@ -762,7 +830,8 @@ Command-line help is available via the `-h` argument.
 
 ```shell
 % python3 stale_sensors.py -h
-usage: stale_sensors.py [-h] -k CLIENT_ID -s CLIENT_SECRET [-m MSSP] [-g] [-d DAYS] [-r] [-x] [-t TAG]
+usage: stale_sensors.py [-h] -k CLIENT_ID -s CLIENT_SECRET [-m MSSP] [-g] [-d DAYS] [-r] [-x] [-t TAG] [-c] [-o OUTPUT_FILE] [-q]
+                        [-f {windows,mac,linux,k8s}] [-p HOSTFILTER]
 
 CrowdStrike Unattended Stale Sensor Environment Detector.
 
@@ -786,6 +855,10 @@ results for the US-GOV-1 region, pass the '-g' argument.
 - ray.heffer@crowdstrike.com; 03.29.22 - Added new argument for Grouping Tags (--grouping, -g)
 - @morcef, jshcodes@CrowdStrike; 06.05.22 - More reasonable date calcs, Linting, Easier arg parsing
                                             Easier base_url handling, renamed grouping_tag to tag
+- jshcodes@Crowdstrike; 11.02.22 - Added CSV output options and cleaner date outputs.
+- nmills@forbarr; 22.05.24 - Fixed deprecation warning on date function,
+                                            Added new arg to accept hostname pattern
+                                            Batch the call to hide_hosts to avoid API error
 
 optional arguments:
   -h, --help            show this help message and exit
@@ -799,6 +872,14 @@ optional arguments:
   -r, --reverse         Reverse sort (defaults to ASC)
   -x, --remove          Remove hosts identified as stale
   -t TAG, --tag TAG     Falcon Grouping Tag name for the hosts
+  -c, --csv             Export results to CSV
+  -o OUTPUT_FILE, --output_file OUTPUT_FILE
+                        File to output CSV results to. Ignored when "-c" is not specified.
+  -q, --quotes          Quote non-numeric fields in CSV output.
+  -f {windows,mac,linux,k8s}, --filter-by-os {windows,mac,linux,k8s}
+                        OS filter (windows, macos, linux)
+  -p HOSTFILTER, --host-pattern HOSTFILTER
+                        filter hostnames by regex
 ```
 
 ### Example source code
@@ -1307,4 +1388,4 @@ Required arguments:
 ### Example source code
 The source code for these examples can be found [here](serial_search.py).
 
----
+---

samples/hosts/host_search.py

@@ -22,6 +22,7 @@
 which hostnames are not currently reporting in to the console.
 
 Developed by @Don-Swanson-Adobe
+Modification: 05.28.24 - David M. Berry - Updated get_hostnames function to ignore comments.
 """
 import os
 import logging
@@ -66,16 +67,20 @@ def consume_arguments() -> Namespace:
 
 
 def get_hostnames(target_file: str):
-    """Open CSV and import serials."""
+    """Open file and import hostnames, ignoring comments."""
     try:
-        with open(target_file, newline='') as host_file:
+        with open(target_file, 'r') as host_file:
             print("Opening hostname file")
-            return host_file.read().splitlines()
-
+            hostnames = []
+            for line in host_file:
+                line = line.split('#')[0].strip()  # Remove comments and strip whitespace
+                if line:  # Ignore empty lines
+                    hostnames.append(line)
+            return hostnames
     except FileNotFoundError:
         raise SystemExit(
             "You must provide a valid hostname file with the '-f' argument, "
-            "or a host with the '-h' argument in order to run this program."
+            "or a host with the '-n' argument in order to run this program."
             )