Add example to fetch custom IOAs with filters.

CrowdStrike · Sep 4, 2023 · bfadff2 · bfadff2
1 parent 5542b20
commit bfadff2
Show file tree

Hide file tree

Showing 2 changed files with 107 additions and 1 deletion.
diff --git a/examples/README.md b/examples/README.md
@@ -100,5 +100,40 @@ Supported kernels example:
 
 ```bash
 FALCON_CLIENT_ID="abc" FALCON_CLIENT_SECRET="XYZ" FALCON_CLOUD="us-2" \
-     cargo run --example falcon_supported_kernels -- --distro=rhel9 --arch=aarch64 
+     cargo run --example falcon_supported_kernels -- --distro=rhel9 --arch=aarch64
+```
+
+## falcon_custom_ioas
+
+[falcon_custom_ioas.rs](falcon_custom_ioas.rs)
+
+This example shows listing of the custom IOAs.
+The cli allows to provide parameters to the call to sort or filter the results, more details can be found in the API documentation.
+
+```bash
+Options:
+  -f, --filter <FILTER>
+  -s, --sort <SORT>
+  -q, --query <QUERY>
+  -l, --limit <LIMIT>    [default: 100]
+```
+
+To run the example:
+
+```bash
+FALCON_CLIENT_ID="abc" FALCON_CLIENT_SECRET="XYZ" FALCON_CLOUD="us-2" \
+     cargo run --example falcon_custom_ioas
+```
+
+Sorted by `created_on`:
+
+```bash
+FALCON_CLIENT_ID="abc" FALCON_CLIENT_SECRET="XYZ" FALCON_CLOUD="us-2" \
+cargo run --example falcon_custom_ioas -- --sort created_on
+```
+
+Filtered by `enabled`:
+
+```bash
+cargo run --example falcon_custom_ioas -- --filter enabled:true
 ```
diff --git a/examples/falcon_custom_ioas.rs b/examples/falcon_custom_ioas.rs
@@ -0,0 +1,71 @@
+use clap::Parser;
+
+use rusty_falcon::{
+    apis::custom_ioa_api::{get_rule_groups_mixin0, query_rule_groups_mixin0},
+    easy::client::FalconHandle,
+};
+
+#[derive(Parser, Debug)]
+#[command(author, version, about, long_about = None)]
+struct Args {
+    #[arg(short, long)]
+    filter: Option<String>,
+
+    #[arg(short, long)]
+    sort: Option<String>,
+
+    #[arg(short, long)]
+    query: Option<String>,
+
+    #[arg(short, long, default_value_t = 100, value_parser = clap::value_parser!(u16).range(1..=500))]
+    limit: u16,
+}
+
+#[tokio::main]
+async fn main() {
+    let args = Args::parse();
+
+    let falcon = FalconHandle::from_env()
+        .await
+        .expect("Could not authenticate with CrowdStrike API");
+
+    let mut details = vec![];
+    let mut offset = 0;
+    loop {
+        let response = query_rule_groups_mixin0(
+            &falcon.cfg,
+            args.sort.as_deref(),
+            args.filter.as_deref(),
+            args.query.as_deref(),
+            Some(offset.to_string().as_str()),
+            Some(args.limit.into()),
+        )
+        .await
+        .expect("Could not fetch CCID");
+
+        if !response.errors.is_empty() {
+            eprintln!(
+                "Errors occurred while getting Falcon CCID: {:?}",
+                response.errors
+            );
+            std::process::exit(1);
+        }
+
+        if response.resources.is_empty() {
+            eprintln!("No CCID returned");
+            break;
+        }
+
+        let details_response = get_rule_groups_mixin0(&falcon.cfg, response.resources)
+            .await
+            .map(|detail| detail.resources.into_iter().collect::<Vec<_>>());
+        details.extend(details_response);
+
+        offset = match response.meta.pagination {
+            Some(pagination) if pagination.offset < pagination.total as i32 => pagination.offset,
+            _ => break,
+        };
+    }
+
+    println!("{}", serde_json::to_string_pretty(&details).unwrap());
+}