In [1]:
from dotenv import load_dotenv
import os

# Load environment variables from the .env file
load_dotenv()

# Access environment variables
CLIENT_ID = os.getenv('CLIENT_ID')
CLIENT_SECRET = os.getenv('CLIENT_SECRET')

import pandas as pd


In [None]:
# Import the Spotlight Vulnerabilities Service Class
from falconpy import SpotlightVulnerabilities, Hosts

# Instantiate the Service Class.
#spotlight = SpotlightVulnerabilities(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
falcon_devices = Hosts(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)

# Total number of records to retrieve per request to the QueryVulnerabilities operation. (1-400)
LIMIT = 100
# A simple filter for the query operation
FILTER = "last_seen_within:'45'"
# List to hold our retrieved IDs
id_list = []
# We set our total to one (1) so our initial loop step executes,
# this value is reset by the results of our API call.
total = 1
# We will store the returned pagination attribute 'after' here, and then
# pass it to the method on subsequent executions of the loop. We do 
# not pass a value for the after keyword on the first iteration.
position = None
# For this example our loop runs as long as our list holds less than the total results available
while True:
    # Query the Spotlight Vulnerabilities API using the FILTER constant defined above.
    # Set the limit to be the value of the LIMIT constant, and our positional after token to be
    # the value of the 'position' variable.
    #returned = spotlight.query_vulnerabilities(limit=LIMIT, filter=FILTER, after=position)
    returned = falcon_devices.query_devices_by_filter_combined(limit=LIMIT, offset=position)

    if returned["status_code"] == 200:
        # Retrieve pagination detail
        page = returned["body"]["meta"]["pagination"]
        # Total records returned for the filter used
        total = page["total"]
        # The 'position' variable holds our next positional token based
        # upon the values of limit and the current `after` keywords.
        #position = page["next"]
        # Extend our list by adding in the returned IDs for this iteration.
        id_list.extend(returned["body"]["resources"])

        # Display running progress
        print(f"Total: {total}\nPosition: {position}\nRetrieved so far: {len(id_list)}\n")
    else:
        # Set total to zero (0) to end the loop
        total = 0
        # Retrieve the errors branch
        errors = returned["body"]["errors"]
        # Display each error returned
        for err in errors:
            # Error code
            ecode = err["code"]
            # Error message
            emsg = err["message"]
            print(f"[{ecode}] {emsg}")

    # Jika tidak ada next page, hentikan loop
    if "next" not in page or not page["next"]:
        break
    position = page["next"]  
# Print our grand total
print(f"Total IDs retrieved: {total}")


In [None]:
df_list = pd.DataFrame(id_list)
df_list.to_csv('id_list.csv', index=False, header=True)

len(id_list)
df_list['hostname']


In [None]:
# Import the Spotlight Vulnerabilities Service Class
from falconpy import SpotlightVulnerabilities, Hosts, Discover

# Instantiate the Service Class.
#spotlight = SpotlightVulnerabilities(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
falcon_devices = Discover(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)

# Total number of records to retrieve per request to the QueryVulnerabilities operation. (1-400)
LIMIT = 1000
# A simple filter for the query operation
FILTER = "last_seen_within:'45'"
# List to hold our retrieved IDs
host_list = []
# We set our total to one (1) so our initial loop step executes,
# this value is reset by the results of our API call.
total = 1
# We will store the returned pagination attribute 'after' here, and then
# pass it to the method on subsequent executions of the loop. We do 
# not pass a value for the after keyword on the first iteration.
position = None
# For this example our loop runs as long as our list holds less than the total results available
while True:
    # Query the Spotlight Vulnerabilities API using the FILTER constant defined above.
    # Set the limit to be the value of the LIMIT constant, and our positional after token to be
    # the value of the 'position' variable.
    #returned = spotlight.query_vulnerabilities(limit=LIMIT, filter=FILTER, after=position)
    returned = falcon_devices.query_combined_hosts(limit=LIMIT, after=position)

    if returned["status_code"] == 200:
        # Retrieve pagination detail
        page = returned["body"]["meta"]["pagination"]
        # Total records returned for the filter used
        total = page["total"]
        # The 'position' variable holds our next positional token based
        # upon the values of limit and the current `after` keywords.
        #position = page["next"]
        # Extend our list by adding in the returned IDs for this iteration.
        host_list.extend(returned["body"]["resources"])

        # Display running progress
        print(f"Total: {total}\nPosition: {position}\nRetrieved so far: {len(host_list)}\n")
    else:
        # Set total to zero (0) to end the loop
        total = 0
        # Retrieve the errors branch
        errors = returned["body"]["errors"]
        # Display each error returned
        for err in errors:
            # Error code
            ecode = err["code"]
            # Error message
            emsg = err["message"]
            print(f"[{ecode}] {emsg}")

    # Jika tidak ada next page, hentikan loop
    if "after" not in page or not page["after"]:
        break
    position = page["after"]  
# Print our grand total
print(f"Total IDs retrieved: {total}")


In [None]:
df_host_list = pd.DataFrame(host_list)
df_host_list.to_csv('host_list.csv', index=False, header=True)


In [None]:
# Import the Spotlight Vulnerabilities Service Class
from falconpy import SpotlightVulnerabilities, Hosts, Discover

# Instantiate the Service Class.
#spotlight = SpotlightVulnerabilities(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
falcon_devices = Discover(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)

# Total number of records to retrieve per request to the QueryVulnerabilities operation. (1-400)
LIMIT = 1000
# A simple filter for the query operation
FILTER = "last_seen_within:'45'"
# List to hold our retrieved IDs
app_list = []
# We set our total to one (1) so our initial loop step executes,
# this value is reset by the results of our API call.
total = 1
# We will store the returned pagination attribute 'after' here, and then
# pass it to the method on subsequent executions of the loop. We do 
# not pass a value for the after keyword on the first iteration.
position = None
# For this example our loop runs as long as our list holds less than the total results available
while True:
    # Query the Spotlight Vulnerabilities API using the FILTER constant defined above.
    # Set the limit to be the value of the LIMIT constant, and our positional after token to be
    # the value of the 'position' variable.
    #returned = spotlight.query_vulnerabilities(limit=LIMIT, filter=FILTER, after=position)
    returned = falcon_devices.query_combined_hosts(limit=LIMIT, after=position)

    if returned["status_code"] == 200:
        # Retrieve pagination detail
        page = returned["body"]["meta"]["pagination"]
        # Total records returned for the filter used
        total = page["total"]
        # The 'position' variable holds our next positional token based
        # upon the values of limit and the current `after` keywords.
        #position = page["next"]
        # Extend our list by adding in the returned IDs for this iteration.
        host_list.extend(returned["body"]["resources"])

        # Display running progress
        print(f"Total: {total}\nPosition: {position}\nRetrieved so far: {len(host_list)}\n")
    else:
        # Set total to zero (0) to end the loop
        total = 0
        # Retrieve the errors branch
        errors = returned["body"]["errors"]
        # Display each error returned
        for err in errors:
            # Error code
            ecode = err["code"]
            # Error message
            emsg = err["message"]
            print(f"[{ecode}] {emsg}")

    # Jika tidak ada next page, hentikan loop
    if "after" not in page or not page["after"]:
        break
    position = page["after"]  
# Print our grand total
print(f"Total IDs retrieved: {total}")


In [None]:
import this