Version 1.4.1 - New Image Assessment Policies service collection, new operations and arguments

.github/wordlist.txt

@@ -1275,3 +1275,38 @@ ReadContainersByDateRangeCount
 ReadContainerCountByRegistry
 FindContainersCountAffectedByZeroDayVulnerabilities
 ReadVulnerableContainerImageCount
+QueryActivityByCaseID
+CAwsAccount
+GetD
+Enums
+shubham
+WorkflowUpdateHumanInputV
+WorkflowGetHumanInputV
+WorkflowDefinitionsCreate
+WorkflowDefinitionsUpdate
+WorkflowDefinitionsImport
+WorkflowDefinitionsExport
+WorkflowExecutionsCombined
+WorkflowDefinitionsCombined
+DeletePolicyGroup
+UpdatePolicyGroups
+CreatePolicyGroups
+ReadPolicyGroups
+UpdatePolicyExclusions
+ReadPolicyExclusions
+DeletePolicy
+ReadPolicies
+CGCPUserScriptsAttachment
+CGCPServiceAccountsExt
+CGCPAccount
+ConnectD
+DeleteD
+GetDiscoverCloudAzureUserScriptsAttachment
+GetCSPMGCPServiceAccountsExt
+ConnectCSPMGCPAccount
+UpdateCSPMGCPAccount
+DeleteCSPMGCPAccount
+CreateCSPMAzureManagementGroup
+GetCSPMAzureManagementGroup
+ReadContainerAlertsCountBySeverity
+PostAggregatesAlertsV

CHANGELOG.md

@@ -1,3 +1,129 @@
+# Version 1.4.1
+## Added features and functionality
++ Added: `include_hidden` argument added to the _PostAggregatesAlertsV2_, _PostEntitiesAlertsV2_, _PatchEntitiesAlertsV3_ and _GetQueriesAlertsV2_ operations.
+ - `_endpoint/_alerts.py`
+
++ Added: _ReadContainerAlertsCountBySeverity_ operation added to the __Container Alerts__ service collection.
+ - `_endpoint/_container_alerts.py`
+ - `container_alerts.py`
+ > Unit testing expanded to complete code coverage.
+ - `tests/test_container_alerts.py`
+
++ Added: `cspm_lite` argument added to the _GetCSPMAwsAccount_ and _GetCSPMAzureAccount_ operations within the __CSPM Registration__ service collection.
+ - `_endpoint/_cspm_registration.py`
+ - `cspm_registration.py`
+
++ Added: `azure_management_group` argument added to the _GetCSPMAzureUserScriptsAttachment_ operation within the __CSPM Registration__ service collection.
+ - `_endpoint/_cspm_registration.py`
+ - `cspm_registration.py`
+
++ Added: 9 new operations added to the __CSPM Registration__ service collection.
+ * _GetCSPMAzureManagementGroup_
+ * _CreateCSPMAzureManagementGroup_
+ * _GetCSPMCGPAccount_
+ * _CreateCSPMGCPAccount_
+ * _DeleteCSPMGCPAccount_
+ * _UpdateCSPMGCPAccount_
+ * _ConnectCSPMGCPAccount_
+ * _GetCSPMGCPServiceAccountsExt_
+ * _GetCSPMGCPUserScriptsAttachment_
+ - `_endpoint/_cspm_registration.py`
+ - `_payload/_cspm_registration.py`
+ - `cspm_registration.py`
+ > Unit testing expanded to complete code coverage.
+ - `tests/test_cspm_registration.py`
+
++ Added: `azure_management_group` argument added to the _GetDiscoverCloudAzureUserScriptsAttachment_ operation within the __D4C Registration__ service collection.
+ - `_endpoint/_d4c_registration.py`
+ - `d4c_registration.py`
+
++ Added: 4 new operations added to the __D4C Registration__ service collection.
+ * _DeleteD4CGCPAccount_
+ * _ConnectD4CGCPAccount_
+ * _GetD4CGCPServiceAccountsExt_
+ * _GetD4CGCPUserScriptsAttachment_
+ - `_endpoint/_d4c_registration.py`
+ - `_payload/_d4c_registration.py`
+ - `d4c_registration.py`
+ > Unit testing expanded to complete code coverage.
+ - `tests/test_d4c_registration.py`
+
++ Added: `execution_cid` argument added to the _WorkflowExecute_ operation within the __Workflows__ service collection.
+ - `_endpoint/_workflows.py`
+ - `workflows.py`
+
++ Added: New service collection __Image Assessment Policies__ containing 11 new operations.
+ * _ReadPolicies_
+ * _CreatePolicies_
+ * _UpdatePolicies_
+ * _DeletePolicy_
+ * _ReadPolicyExclusions_
+ * _UpdatePolicyExclusions_
+ * _ReadPolicyGroups_
+ * _CreatePolicyGroups_
+ * _UpdatePolicyGroups_
+ * _DeletePolicyGroup_
+ * _UpdatePolicyPrecedence_
+ - `_endpoint/__init__.py`
+ - `_endpoint/_image_assessment_policies.py`
+ > 3 new payload handlers are added.
+ - `_payload/__init__.py`
+ - `_payload/_container.py`
+ - `__init__.py`
+ - `image_assessment_policies.py`
+ > Unit testing expanded to complete code coverage.
+ - `tests/test_image_assessment_policies.py`
+
++ Added: 8 new operations added to the __Workflows__ service collection.
+ * _WorkflowDefinitionsCombined_
+ * _WorkflowExecutionsCombined_
+ * _WorkflowDefinitionsExport_
+ * _WorkflowDefinitionsImport_
+ * _WorkflowDefinitionsUpdate_
+ * _WorkflowDefinitionsCreate_
+ * _WorkflowGetHumanInputV1_
+ * _WorkflowUpdateHumanInputV1_
+ - `_endpoint/_workflows.py`
+ - `workflows.py`
+ > 2 new payload handlers are added.
+ - `_payload/__init__.py`
+ - `_payload/_workflows.py`
+ > Unit testing expanded to complete code coverage.
+ - `tests/test_workflows.py`
+
+## Issue resolved
++ Fixed: `member_cid` argument is not being passed to the authentication event when leveraging Environment Authentication. Closes #1105.
+ - `_auth_object/_falcon_interface.py`
+
++ Fixed: `rule_ids` is not included in body payloads when the list is empty for the _update_rule_groups_ operation within the __Firewall Management__ Service Class. Closes #1107.
+ - `_payload/_firewall.py`
+
++ Fixed: Added missing actions to _allowed_actions validator within `PerformActionV2` method of the __Hosts__ service collection. Closes #1108.
+ - `hosts.py`
+ - Thanks go out to @i-shubham01 for identifying and resolving this issue! 🙇
+
+## Other
++ Updated: Enums added to _GetCSPMAwsAccount_ and _GetCSPMAwsConsoleSetupURLs_ operations within the __CSPM Registration__ endpoint module.
+ - `_endpoint/_cspm_registration.py`
+
++ Updated: Several parameter descriptions within the __Custom IOA__ endpoint module updated.
+ - `_endpoint/_custom_ioa.py`
+ - `_endpoint/deprecated/_custom_ioa.py`
+
++ Updated: Enum updated within the _GetD4CAwsAccount_ operation of the __D4C Registration__ endpoint module.
+ - `_endpoint/_d4c_registration.py`
+
++ Updated: Parameter description for the _Submit_ operation within the __Falcon Intelligence Sandbox__ endpoint module updated.
+ - `_endpoint/_falconx_sandbox.py`
+
++ Updated: Multiple parameter descriptions within the __Kubernetes Protection__ endpoint module updated.
+ - `_endpoint/_kubernetes_protection_.py`
+
++ Updated: Enum updated within the _QueryActivityByCaseID_ operation of the __Message Center__ endpoint module.
+ - `_endpoint/_message_center.py`
+
+---
+
 # Version 1.4.0
 ## Other
 + Dropped: Python 3.6 support.

src/falconpy/__init__.py

@@ -118,6 +118,7 @@
 from .host_group import HostGroup
 from .hosts import Hosts
 from .identity_protection import IdentityProtection
+from .image_assessment_policies import ImageAssessmentPolicies
 from .incidents import Incidents
 from .installation_tokens import InstallationTokens
 from .intel import Intel
@@ -193,7 +194,8 @@
  "RealTimeResponseAudit", "Workflows", "DeprecatedClass", "DeprecatedOperation",
  "SDKDeprecationWarning", "ConfigurationAssessmentEvaluationLogic", "ConfigurationAssessment",
  "ContainerAlerts", "ContainerDetections", "ContainerImages", "ContainerPackages",
- "ContainerVulnerabilities", "DriftIndicators", "UnidentifiedContainers"
+ "ContainerVulnerabilities", "DriftIndicators", "UnidentifiedContainers",
+ "ImageAssessmentPolicies"
  ]
 """
 This is free and unencumbered software released into the public domain.

src/falconpy/_auth_object/_falcon_interface.py

@@ -163,6 +163,9 @@ def __init__(self,
  "client_id": api_id,
  "client_secret": api_sec
  }
+ # Provide member_cid for MSSP environment authentication scenarios. Issue #1105.
+ if member_cid:
+ self._creds["member_cid"] = member_cid
 
  # Log the creation of this object if debugging is enabled.
  # Starting with v1.3.0 minimal Python native logging is available. In order to reduce

src/falconpy/_endpoint/__init__.py

@@ -68,6 +68,7 @@
 from ._host_group import _host_group_endpoints
 from ._hosts import _hosts_endpoints
 from ._identity_protection import _identity_protection_endpoints
+from ._image_assessment_policies import _image_assessment_policies_endpoints
 from ._incidents import _incidents_endpoints
 from ._installation_tokens import _installation_tokens_endpoints
 from ._intel import _intel_endpoints
@@ -135,6 +136,7 @@
 api_endpoints.extend(_host_group_endpoints)
 api_endpoints.extend(_hosts_endpoints)
 api_endpoints.extend(_identity_protection_endpoints)
+api_endpoints.extend(_image_assessment_policies_endpoints)
 api_endpoints.extend(_incidents_endpoints)
 api_endpoints.extend(_installation_tokens_endpoints)
 api_endpoints.extend(_intel_endpoints)

src/falconpy/_endpoint/_alerts.py

@@ -59,6 +59,13 @@
  "retrieves aggregate values for Alerts across all CIDs",
  "alerts",
  [
+ {
+ "type": "boolean",
+ "default": True,
+ "description": "allows previously hidden alerts to be retrieved",
+ "name": "include_hidden",
+ "in": "query"
+ },
  {
  "description": "request body takes a list of aggregate-alert query requests",
  "name": "body",
@@ -114,6 +121,13 @@
  "retrieves all Alerts given their composite ids",
  "alerts",
  [
+ {
+ "type": "boolean",
+ "default": True,
+ "description": "allows previously hidden alerts to be retrieved",
+ "name": "include_hidden",
+ "in": "query"
+ },
  {
  "name": "body",
  "in": "body",
@@ -125,7 +139,7 @@
  "PatchEntitiesAlertsV2",
  "PATCH",
  "/alerts/entities/alerts/v2",
- "Perform actions on detections identified by detection ID(s) in request.\nEach action has a name and a "
+ "Perform actions on Alerts identified by composite ID(s) in request.\nEach action has a name and a "
  "description which describes what the action does.\nIf a request adds and removes tag in a single request, the "
  "order of processing would be to remove tags before adding new ones in.\n\n",
  "alerts",
@@ -142,11 +156,18 @@
  "PatchEntitiesAlertsV3",
  "PATCH",
  "/alerts/entities/alerts/v3",
- "Perform actions on detections identified by detection ID(s) in request.\nEach action has a name and a "
+ "Perform actions on Alerts identified by composite ID(s) in request.\nEach action has a name and a "
  "description which describes what the action does.\nIf a request adds and removes tag in a single request, the "
  "order of processing would be to remove tags before adding new ones in.\n\n",
  "alerts",
  [
+ {
+ "type": "boolean",
+ "default": True,
+ "description": "allows previously hidden alerts to be retrieved",
+ "name": "include_hidden",
+ "in": "query"
+ },
  {
  "description": "request body takes a list of action parameter request that is applied against all \"ids\" provided",
  "name": "body",
@@ -219,6 +240,13 @@
  "retrieves all Alerts ids that match a given query",
  "alerts",
  [
+ {
+ "type": "boolean",
+ "default": True,
+ "description": "allows previously hidden alerts to be retrieved",
+ "name": "include_hidden",
+ "in": "query"
+ },
  {
  "type": "integer",
  "description": "The first detection to return, where `0` is the latest detection. Use with the "

src/falconpy/_endpoint/_container_alerts.py

@@ -37,6 +37,22 @@
 """
 
 _container_alerts_endpoints = [
+ [
+ "ReadContainerAlertsCountBySeverity",
+ "GET",
+ "/container-security/aggregates/container-alerts/count-by-severity/v1",
+ "Get Container Alerts counts by severity",
+ "container_alerts",
+ [
+ {
+ "type": "string",
+ "description": "Search Container Alerts using a query in Falcon Query Language (FQL). Supported "
+ "filters: cid,container_id,last_seen",
+ "name": "filter",
+ "in": "query"
+ }
+ ]
+ ],
  [
  "ReadContainerAlertsCount",
  "GET",
@@ -47,7 +63,7 @@
  {
  "type": "string",
  "description": "Search Container Alerts using a query in Falcon Query Language (FQL). Supported "
- "filters: cid,last_seen",
+ "filters: cid,container_id,last_seen",
  "name": "filter",
  "in": "query"
  }