Real-time Response API Script for CrowdStrike Falcon Platform using Python and FalconPy Library on Host Group #961
NSH531
started this conversation in
Show and Tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi everyone,
I wanted to share a Python script I created using the FalconPy library for the CrowdStrike Falcon Platform. The script allows you to run an executable file on multiple hosts in a host group.
Here's how it works:
First, the script retrieves a list of host groups from the Falcon platform using the Hosts class in the falconpy.hosts module. It then extracts the host group IDs from the list.
Next, the script retrieves a list of hosts in the specified host group using the query_hosts_by_group_id method of the HostGroup class in the falconpy.hosts module. It then extracts the host IDs from the list.
The script then encodes the contents of the executable file as a base64 string using the base64 module in Python.
It then builds the command to run the executable file using the cmd command in Windows. The command includes the decoded base64 string of the executable file and the path where the file will be saved on the remote host.
Finally, the script creates a new instance of the RealTimeResponse class in the falconpy.real_time_response module and executes the command on the remote hosts in the specified host group using the execute_command method.
Note that you'll need to update the creds dictionary with your own CrowdStrike API client ID and secret.
Here's the script:
thanks,
nate
Beta Was this translation helpful? Give feedback.
All reactions