From 92633b18c1146830762cba3bc2cf0b61714e4119 Mon Sep 17 00:00:00 2001 From: okewoma Date: Fri, 28 Jun 2024 09:42:34 -0700 Subject: [PATCH 1/2] Add debug functionality --- samples/spotlight/spotlight_quick_report.py | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/samples/spotlight/spotlight_quick_report.py b/samples/spotlight/spotlight_quick_report.py index dfead5bcd..68c4bd7dc 100644 --- a/samples/spotlight/spotlight_quick_report.py +++ b/samples/spotlight/spotlight_quick_report.py @@ -19,10 +19,11 @@ \___\_\_,_/_/\__/_/\_\ /_/|_|\__/ .__/\___/_/ \__/ /_/ -This example requires crowdstrike-falconpy v1.2.2 or greater. +This example requires crowdstrike-falconpy v1.3.0 or greater. Easy Object Authentication is also demonstrated in this sample. """ +import logging import json import time from datetime import datetime @@ -64,6 +65,11 @@ def consume_arguments() -> Namespace: help="CrowdStrike Falcon API Client Secret.", required=True ) + parser.add_argument("--debug", + help="Enable API debugging", + action="store_true", + default=False + ) parser.add_argument("-d", "--days", help="Include days from X days backwards (3-45).", default=0 @@ -83,8 +89,14 @@ def consume_arguments() -> Namespace: default=False, action="store_true" ) + + + parsed = parser.parse_args() + if parsed.debug: + logging.basicConfig(level=logging.DEBUG) + - return parser.parse_args() + return parsed def query_spotlight(key: str, secret: str, days: str, aft: str = None): @@ -274,7 +286,7 @@ def process_results(output_file: str, matches: dict, total_matched: int): # pyl start_time = datetime.now().timestamp() args = consume_arguments() if args.file: - HOST_AUTH = Hosts(client_id=args.client_id, client_secret=args.client_secret) + HOST_AUTH = Hosts(client_id=args.client_id, client_secret=args.client_secret, debug=args.debug) process_results(args.output, *process_matches(args)) total_run_time = datetime.now().timestamp() - start_time print(f"\nReport generated in {total_run_time:,.2f} seconds.") From e61709bdded821f32e22b17e3bbd9ee8087d762b Mon Sep 17 00:00:00 2001 From: okewoma <78776399+okewoma@users.noreply.github.com> Date: Fri, 28 Jun 2024 12:22:38 -0700 Subject: [PATCH 2/2] Update README.md in spotlight_quick_report to show debugging functionality --- samples/spotlight/README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/samples/spotlight/README.md b/samples/spotlight/README.md index 4873e69d5..9441a29f5 100644 --- a/samples/spotlight/README.md +++ b/samples/spotlight/README.md @@ -227,6 +227,12 @@ If you wish to allow duplicate matches to be present within your report, pass th ```shell python3 spotlight_quick_report.py -k $FALCON_CLIENT_ID -s $FALCON_CLIENT_SECRET -a ``` +#### Debugging +If you want to debug code and quickly find errors within code `--debug` argument. + +```shell +python3 spotlight_quick_report.py -k $FALCON_CLIENT_ID -s $FALCON_CLIENT_SECRET --debug +``` #### Command-line help Command-line help is available via the `-h` argument. @@ -275,6 +281,7 @@ required arguments: CrowdStrike Falcon API Client ID. -s CLIENT_SECRET, --client_secret CLIENT_SECRET CrowdStrike Falcon API Client Secret. + --debug Enables code debugging ``` ### Example source code