[ BUG ] No FalconPy API for "sca" and "system-tray" policies.

[59e5aaf4]

Describe the bug

Since recently ( less than one year ago ), two new policy categories are listed under the device_policies section of a host JSON depiction :

[
  "device_control",
  "firewall",
  "global_config",      <- was already there, not a problem
  "prevention",
  "remote_response",
  "sca",                <- here
  "sensor_update",      <- and here
  "system-tray"
]

FalconPy has no API to enumerate these.

To Reproduce

Get any host device details, you'll get these API references under the device_policies section mentioned above, we can't enumerate them to get their names & properties & associated values.

  "firewall": {
    "policy_type": "firewall",
    "policy_id": "7071e5781c944c7d95c87b6b00e0ed9b",
    "applied": true,
    "assigned_date": "2024-01-31T11:48:12.396870808Z",
    "applied_date": "2024-01-31T11:48:38.06815633Z",
    "rule_set_id": "7071e5781c944c7d95c87b6b00e0ed9b"
  },
  "system-tray": {
    "policy_type": "system-tray",
    "policy_id": "8bae166c24a8410dad5dbe8bc61b7cbd",
    "applied": true,
    "settings_hash": "d85de5cdab609fc07504cc24a67b61a3b23aea0c26dbcc0bb9e34dc8f79d716b",
    "assigned_date": "2023-12-06T19:12:31.543643721Z",
    "applied_date": "2023-12-06T19:17:46.151058269Z"
  },
  "sca": {
    "policy_type": "sca",
    "policy_id": "6df2f225bf784f05bc9d206a76cec6a8",
    "applied": true,
    "settings_hash": "932827db53fe715580803537d9dbad050fed35b85c383c5dad31f797620cf2b6",
    "assigned_date": "2024-01-11T15:52:52.126167697Z",
    "applied_date": "2024-01-11T15:54:13.280743443Z"
  }

Expected behavior

FalconPy would have an API to grab the details of the sca and system-tray policies. That would allow me to update the table of API function names for policies in my own code:

policy_types = {
    "prevention" : 'queryCombinedPreventionPolicies',       # Prevention Policies     https://falcon.eu-1.crowdstrike.com/configuration/prevention/policies
    "sensor_update": 'queryCombinedSensorUpdatePoliciesV2', # Sensor Update Policies  https://falcon.eu-1.crowdstrike.com/configuration/sensor-update/policies
    "device_control": 'queryCombinedDeviceControlPolicies', # USB device policies     https://falcon.eu-1.crowdstrike.com/policies/device-control
#   "global_config": None,                                  # (?) Exposed by the Host API but not browsable
    "remote_response": 'queryCombinedRTResponsePolicies',   # Response policies       https://falcon.eu-1.crowdstrike.com/policies/response/windows
    "firewall": 'queryCombinedFirewallPolicies',            # Firewall policies       https://falcon.eu-1.crowdstrike.com/policies/firewallv2
    # These two are new :
    "sca": '???',                                           # (?) On demand scans ???
    "system-tray": '???'                                    # Falcon icon policies    https://falcon.eu-1.crowdstrike.com/policies/system-tray/windows
}   

Also, side note, this whole Policy thing is getting a little bit out of hand right ? One year ago there were only two settings, and now you're adding new functions & API endpoints for each little settings you might want to have. Shouldn't there be some unified policy API at some point ? I'm no API designer expert though :D

The Web UI upstream API has this pretty much sorted out :

I wouldn't be against a generic "queryPolicy" with a policy type parameter.

Thanks !

Environment (please complete the following information):

• OS: Debian
• Python: 3.10.5
• FalconPy: 1.4.1

[jshcodes]

Functionality request. Moving over to Ideas discussion board.