Add new example, Discover API Hosts Details

CrowdStrike · Sep 5, 2023 · 551a2ba · 551a2ba
1 parent 3111f82
commit 551a2ba
Show file tree

Hide file tree

Showing 3 changed files with 92 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,13 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-## [0.4.0] - 2023-09-04
+## [0.3.3] - 2023-09-04
 
 ### Added
 
+- Example Discover API Host Details
 - Change log using Keep a Changelog format
 
-## [<= 0.3.x] - Historical
+## [<= 0.3.2] - Historical
 
 ### Added
 

diff --git a/examples/README.md b/examples/README.md
@@ -12,6 +12,7 @@ Some examples available here are rather similar to the [gofalcon (Golang-based S
 4. [Spotlight Vulnerabilities](#falcon_spotlight_vulnerabilities)
 5. [Intel Indicators](#intel_indicators)
 6. [Supported Kernels](#falcon_supported_kernels)
+7. [Discover API Hosts Details](#falcon_discover_hosts)
 
 ### simple
 
@@ -111,3 +112,14 @@ Supported kernels example:
 FALCON_CLIENT_ID="abc" FALCON_CLIENT_SECRET="XYZ" FALCON_CLOUD="us-2" \
      cargo run --example falcon_supported_kernels -- --distro=rhel9 --arch=aarch64
 ```
+
+### falcon_discover_hosts
+
+[falcon_discover_hosts.rs](falcon_discover_hosts.rs)
+
+This example prints out details for all the hosts on the tenant.
+
+```bash
+FALCON_CLIENT_ID="abc" FALCON_CLIENT_SECRET="XYZ" FALCON_CLOUD="us-2" \
+     cargo run --example falcon_discover_hosts -- --sort hostname
+```
diff --git a/examples/falcon_discover_hosts.rs b/examples/falcon_discover_hosts.rs
@@ -0,0 +1,77 @@
+use clap::Parser;
+
+use rusty_falcon::{
+    apis::discover_api::{get_hosts, query_hosts},
+    easy::client::FalconHandle,
+};
+
+// We set API limits to a constant value as the `get_hosts` takes max 100 elements.
+const LIMIT: i32 = 100;
+
+#[derive(Parser, Debug)]
+#[command(author, version, about, long_about = None)]
+struct Args {
+    #[arg(short, long)]
+    filter: Option<String>,
+
+    #[arg(short, long)]
+    sort: String,
+
+    #[arg(short, long)]
+    query: Option<String>,
+}
+
+#[tokio::main]
+async fn main() {
+    let args = Args::parse();
+
+    let falcon = FalconHandle::from_env()
+        .await
+        .expect("Could not authenticate with CrowdStrike API");
+
+    let mut details = vec![];
+    let mut offset = 0usize;
+
+    loop {
+        let response = query_hosts(
+            &falcon.cfg,
+            Some(offset as i32),
+            Some(LIMIT),
+            Some(args.sort.as_str()),
+            args.filter.as_deref(),
+        )
+        .await
+        .expect("Could not fetch CCID");
+
+        if response.errors.is_some() {
+            eprintln!(
+                "Errors occurred while getting Falcon CCID: {:?}",
+                response.errors
+            );
+            std::process::exit(1);
+        }
+
+        if response.resources.is_empty() {
+            eprintln!("No CCID returned");
+            break;
+        }
+
+        offset = offset + response.resources.len();
+
+        let batch_details = get_hosts(&falcon.cfg, response.resources)
+            .await
+            .map(|entities| entities.resources.into_iter().collect::<Vec<_>>())
+            .expect("Couldn't fetch hosts details.");
+        details.extend(batch_details);
+
+        match response.meta.pagination {
+            Some(pagination) if offset < pagination.total as usize => {}
+            _ => break,
+        };
+    }
+
+    println!(
+        "{}",
+        serde_json::to_string_pretty(&details).expect("Couldn't convert the data to json.")
+    );
+}