https://github.com/tyler-tee/crowdclient
CrowdClient is a Python library for interacting with CrowdStrike Falcon's REST API.
https://github.com/tyler-tee/crowdclient
crowdstrike information-security rest rest-client
Last synced: 10 months ago
JSON representation
CrowdClient is a Python library for interacting with CrowdStrike Falcon's REST API.
- Host: GitHub
- URL: https://github.com/tyler-tee/crowdclient
- Owner: tyler-tee
- License: mit
- Created: 2020-07-19T12:34:01.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2021-10-21T16:11:01.000Z (over 4 years ago)
- Last Synced: 2025-05-12T17:15:00.126Z (about 1 year ago)
- Topics: crowdstrike, information-security, rest, rest-client
- Language: Python
- Homepage:
- Size: 107 KB
- Stars: 6
- Watchers: 0
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# CrowdClient
CrowdClient is a Python library for interacting with CrowdStrike Falcon's REST API.
## Installation
```python
pip install crowdclient
```
## Usage
### General Use
```python
from CrowdClient.crowdclient import CrowdClient
# Instantiate your client
falcon_client = CrowdClient(, )
# Authenticate to retrieve and store an authentication token for subsequent requests
falcon_client.authenticate()
# Get current detections (defaults to new detections only of all severities sorted newest -> oldest)
# Returns a list of all ID's matching above criteria
detections = falcon_client.get_detections()
# Get the number of hosts in your environment exhibiting activity related to a specified indicator
host_count = falcon_client.indicator_host_count('8.8.8.8', 'ipv4')
```
### Real-Time Response
```python
from CrowdClient.crowdclient import RTRClient
# Instantiate your client and authenticate
rtr_client = RTRClient(, , verify_cert=False)
rtr_client.authenticate()
# Initiate a batch session for multiple hosts
batch_id = rtr_client.batch_init(['hostid1', 'hostid2', 'hostid3'])
# Issue an RTR Admin command using the established session - Exclude a host if you'd like
rtr_client.batch_admin_cmd(batch_id, command='ls', command_string='ls C:\Users\', optional_hosts=['hostid3'])
# View the script ID's available for the user to use with the 'runscript' command
script_ids = rtr_client.get_scripts()
# Get the details for said scripts
script_details = rtr_client.script_details(script_ids)
```
## License
[MIT](https://choosealicense.com/licenses/mit/)