Merge pull request #104 from mikemadden42/add-falcon_supported_kernels

Initial falcon_supported_kernels example

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rusty_falcon"
-version = "0.2.8"
+version = "0.2.9"
 authors = ["CrowdStrike Inc"]
 description = "Rust bindings for CrowdStrike Falcon API"
 homepage = "https://github.com/CrowdStrike/rusty-falcon"

examples/README.md

@@ -89,3 +89,16 @@ Get indicators example:
 FALCON_CLIENT_ID="abc" FALCON_CLIENT_SECRET="XYZ" FALCON_CLOUD="us-2" \
      cargo run --example intel_indicators -- --sort published_date.asc --filter deleted:false -q abc | jq
 ```
+
+## falcon_supported_kernels
+
+[falcon_supported_kernels.rs](falcon_supported_kernels.rs)
+
+This example shows listing of the supported Linux kernels. The tool outputs short list of recently supported kernels by CrowdStrike Falcon Sensor for Linux on a given distribution.
+
+Supported kernels example:
+
+```bash
+FALCON_CLIENT_ID="abc" FALCON_CLIENT_SECRET="XYZ" FALCON_CLOUD="us-2" \
+     cargo run --example falcon_supported_kernels -- --distro=rhel9 --arch=aarch64 
+```

examples/falcon_host_details.rs

@@ -50,7 +50,7 @@ async fn get_device_details(
     )
     .await?;
 
-    if !response.errors.is_none() {
+    if response.errors.is_some() {
         return Err(ApiError(format!(
             "while getting Falcon Host IDs: '{:?}'",
             response.errors

examples/falcon_supported_kernels.rs

@@ -0,0 +1,56 @@
+use clap::Parser;
+use rusty_falcon::apis::sensor_update_policies_api;
+use rusty_falcon::easy::client::FalconHandle;
+
+#[derive(Parser, Debug)]
+#[command(author, version, about, long_about = None)]
+struct Args {
+    #[arg(short, long)]
+    distro: String,
+
+    #[arg(short, long)]
+    arch: String,
+}
+
+#[tokio::main]
+async fn main() {
+    let args = Args::parse();
+
+    let falcon = FalconHandle::from_env()
+        .await
+        .expect("Could not authenticate with CrowdStrike API");
+
+    let filter = format!("distro:'{}'+architecture:'{}'", args.distro, args.arch);
+    let offset = 0;
+    let limit = 100;
+    let response = sensor_update_policies_api::query_combined_sensor_update_kernels(
+        &falcon.cfg,
+        Some(filter.as_str()),
+        Some(offset),
+        Some(limit),
+    )
+    .await
+    .expect("Could not fetch sensor update policy.");
+
+    if !response.errors.is_empty() {
+        eprintln!(
+            "Errors occurred while getting Falcon CCID: {:?}",
+            response.errors
+        );
+    }
+
+    if response.resources.is_none() {
+        eprintln!("No CCID returned");
+        return;
+    }
+
+    let releases = response
+        .resources
+        .expect("Could not find the releases.")
+        .into_iter()
+        .map(|obj| obj.release)
+        .collect::<Vec<String>>();
+
+    let json = serde_json::to_string_pretty(&releases).unwrap();
+    println!("{json}");
+}

src/models/sensor_update_period_kernel_resp_v1.rs

@@ -13,7 +13,7 @@ pub struct SensorUpdatePeriodKernelRespV1 {
     #[serde(rename = "architecture")]
     pub architecture: String,
     #[serde(rename = "base_package_supported_sensor_versions")]
-    pub base_package_supported_sensor_versions: Vec<String>,
+    pub base_package_supported_sensor_versions: Option<Vec<String>>,
     #[serde(rename = "created_timestamp")]
     pub created_timestamp: String,
     #[serde(rename = "distro")]
@@ -33,15 +33,15 @@ pub struct SensorUpdatePeriodKernelRespV1 {
     #[serde(rename = "version")]
     pub version: String,
     #[serde(rename = "ztl_module_supported_sensor_versions")]
-    pub ztl_module_supported_sensor_versions: Vec<String>,
+    pub ztl_module_supported_sensor_versions: Option<Vec<String>>,
     #[serde(rename = "ztl_supported_sensor_versions")]
-    pub ztl_supported_sensor_versions: Vec<String>,
+    pub ztl_supported_sensor_versions: Option<Vec<String>>,
 }
 
 impl SensorUpdatePeriodKernelRespV1 {
     pub fn new(
         architecture: String,
-        base_package_supported_sensor_versions: Vec<String>,
+        base_package_supported_sensor_versions: Option<Vec<String>>,
         created_timestamp: String,
         distro: String,
         distro_version: String,
@@ -51,8 +51,8 @@ impl SensorUpdatePeriodKernelRespV1 {
         release: String,
         vendor: String,
         version: String,
-        ztl_module_supported_sensor_versions: Vec<String>,
-        ztl_supported_sensor_versions: Vec<String>,
+        ztl_module_supported_sensor_versions: Option<Vec<String>>,
+        ztl_supported_sensor_versions: Option<Vec<String>>,
     ) -> SensorUpdatePeriodKernelRespV1 {
         SensorUpdatePeriodKernelRespV1 {
             architecture,

src/models/sensor_update_period_kernels_resp_v1.rs

@@ -16,14 +16,14 @@ pub struct SensorUpdatePeriodKernelsRespV1 {
     #[serde(rename = "meta")]
     pub meta: Box<crate::models::MsaspecPeriodMetaInfo>,
     #[serde(rename = "resources")]
-    pub resources: Vec<crate::models::SensorUpdatePeriodKernelRespV1>,
+    pub resources: Option<Vec<crate::models::SensorUpdatePeriodKernelRespV1>>,
 }
 
 impl SensorUpdatePeriodKernelsRespV1 {
     pub fn new(
         errors: Vec<crate::models::MsaspecPeriodError>,
         meta: crate::models::MsaspecPeriodMetaInfo,
-        resources: Vec<crate::models::SensorUpdatePeriodKernelRespV1>,
+        resources: Option<Vec<crate::models::SensorUpdatePeriodKernelRespV1>>,
     ) -> SensorUpdatePeriodKernelsRespV1 {
         SensorUpdatePeriodKernelsRespV1 {
             errors,