regenerate api spec (#361)

* regenerate endpoints for v0.4.0-rc1

* update returned types for rtr

* fix revoke params

* regenerate api spec 08/04/23

* update examples

.goreleaser.yml

@@ -167,9 +167,9 @@ builds:
  - amd64
  - arm
  - arm64
- - id: falcon_spotlight_vulnerabilities
- binary: falcon_spotlight_vulnerabilities
- main: ./examples/falcon_spotlight_vulnerabilities
+ - id: falcon_vulnerabilities
+ binary: falcon_vulnerabilities
+ main: ./examples/falcon_vulnerabilities
  env:
  - CGO_ENABLED=0
  goos:
@@ -297,8 +297,8 @@ nfpms:
  dst: /usr/share/doc/gofalcon/falcon_host_details
  - src: examples/falcon_registry_token
  dst: /usr/share/doc/gofalcon/falcon_registry_token
- - src: examples/falcon_spotlight_vulnerabilities
- dst: /usr/share/doc/gofalcon/falcon_spotlight_vulnerabilities
+ - src: examples/falcon_vulnerabilities
+ dst: /usr/share/doc/gofalcon/falcon_vulnerabilities
  - src: examples/falcon_supported_kernels
  dst: /usr/share/doc/gofalcon/falcon_supported_kernels
  - src: examples/falcon_zta
@@ -310,3 +310,6 @@ nfpms:
  license: MIT
  description: Golang-based SDK to CrowdStrike's APIs
  release: 1
+
+release:
+ prerelease: auto

README.md

@@ -26,7 +26,7 @@ Gofalcon documentation is available on [pkg.go.dev](https://pkg.go.dev/github.co
 | [falcon_registry_token](examples/falcon_registry_token) | helper to generate container registry logic information for `docker login` |
 | [falcon_rtr_read_only_command](examples/falcon_rtr_read_only_command) | stand-alone example to run basic read-only RTR (Real-Time Response) command against a specific agent |
 | [falcon_rtr_admin_create_and_run_script](examples/falcon_rtr_admin_create_and_run_script) | stand-alone example of running custom script on the specific agent using RTR (Real-Time Response) API |
-| [falcon_spotlight_vulnerabilities](examples/falcon_spotlight_vulnerabilities) | stand-alone tool that outputs inventory of vulnerabilities affecting your environment |
+| [falcon_vulnerabilities](examples/falcon_vulnerabilities) | stand-alone tool that outputs inventory of vulnerabilities affecting your environment |
 | [falcon_supported_kernels](examples/falcon_supported_kernels) | stand-alone tool that outputs short list recent Linux kernels supported by CrowdStrike Falcon for a given distribution |
 | [falcon_zta](examples/falcon_zta) | stand-alone tool that utilises Hosts and ZTA APIs and outputs ZTA findings for your environment |
 | [customize_transport](examples/customize_transport) | use a falcon.TransportDecorator to modify all outgoing HTTP requests to the Falcon API |

examples/README.md

@@ -19,7 +19,7 @@ Some of these examples ready to be used as stand-alone programs.
  * [falcon_rtr_read_only_command](falcon_rtr_read_only_command) - stand-alone example to run basic read-only RTR (Real-Time Response) command against a specific agent
  * [falcon_rtr_admin_create_and_run_script](falcon_rtr_admin_create_and_run_script) - stand-alone example of running custom script on the specific agent using RTR (Real-Time Response) API
  * [falcon_rtr_batch_read_only_command](falcon_rtr_batch_read_only_command) - stand-alone example to run basic read-only RTR (Real-Time Response) command against several agents at once.
- * [falcon_spotlight_vulnerabilities](falcon_spotlight_vulnerabilities) - stand-alone tool that outputs inventory of vulnerabilities affecting your environment
+ * [falcon_vulnerabilities](falcon_vulnerabilities) - stand-alone tool that outputs inventory of vulnerabilities affecting your environment
  * [falcon_supported_kernels](falcon_supported_kernels) - stand-alone tool that outputs short list recent Linux kernels supported by CrowdStrike Falcon for a given distribution
  * [falcon_zta](falcon_zta) - stand-alone tool that utilises Hosts and ZTA APIs and outputs ZTA findings for your environment
  * [stream_new_detections](stream_new_detections/) - small utility to poll for a new detections in CrowdStrike Console

examples/falcon_registry_token/main.go

@@ -48,17 +48,9 @@ Falcon Client Secret`)
  fmt.Fprintf(os.Stderr, "WARNING: %v (trace_id=%s)", err, traceId)
  }
  resources := payload.Resources
- resourcesList := resources.([]interface{})
- if len(resourcesList) != 1 {
- fmt.Fprintf(os.Stderr, "Expected to receive exactly one token, but got %d\n", len(resourcesList))
+ if len(resources) != 1 {
+ fmt.Fprintf(os.Stderr, "Expected to receive exactly one token, but got %d\n", len(resources))
  panic("Unexpected response")
  }
- resourceMap := resourcesList[0].(map[string]interface{})
- value, ok := resourceMap["token"]
- if !ok {
- fmt.Fprintf(os.Stderr, "Expected to receive map containing 'token' key, but got %s\n", resourceMap)
- panic("Unexpected response")
- }
- valueString := value.(string)
- fmt.Printf("%s", valueString)
+ fmt.Printf("%s\n", *resources[0].Token)
 }

examples/falcon_supported_kernels/main.go

@@ -103,7 +103,7 @@ func getValidDistroNames(client *client.CrowdStrikeAPISpecification) []string {
  return list
 }
 
-func query(client *client.CrowdStrikeAPISpecification, filter string) []*models.ResponsesSensorUpdateKernelV1 {
+func query(client *client.CrowdStrikeAPISpecification, filter string) []*models.SensorUpdateKernelRespV1 {
  limit := int64(100)
  response, err := client.SensorUpdatePolicies.QueryCombinedSensorUpdateKernels(&sensor_update_policies.QueryCombinedSensorUpdateKernelsParams{
  Filter: &filter,

examples/falcon_spotlight_vulnerabilities/README.md → examples/falcon_vulnerabilities/README.md

@@ -7,15 +7,15 @@ This page represents a stand-alone tool that uses Falcon Spotlight API to query
 ## Installation
 
 ```
-go get github.com/crowdstrike/gofalcon/examples/falcon_spotlight_vulnerabilities
+go get github.com/crowdstrike/gofalcon/examples/falcon_vulnerabilities
 ```
 
 ## Exemplary Usage
 
 Interactive Run:
 ```
 $ FALCON_CLIENT_ID="abc" FALCON_CLIENT_SECRET="XYZ" FALCON_CLOUD=us-1 \
- falcon_spotlight_vulnerabilities
+ falcon_vulnerabilities
 Missing --filter attribute. Please provide FQL (Falcon Query Language) expression for vulnerability search.
 Examples:
  created_timestamp:>'2019-11-25T22:36:12Z'
@@ -31,36 +31,36 @@ filter: status:!'closed'
 List critical severity vulnerabilities affecting your environment
 ```
 $ FALCON_CLIENT_ID="abc" FALCON_CLIENT_SECRET="XYZ" FALCON_CLOUD=us-1 \
- falcon_spotlight_vulnerabilities --filter="cve.severity:'CRITICAL'"
+ falcon_vulnerabilities --filter="cve.severity:'CRITICAL'"
 ....
 ```
 
 Count critical severity vulnerabilities affecting your environment
 ```
 $ FALCON_CLIENT_ID="abc" FALCON_CLIENT_SECRET="XYZ" FALCON_CLOUD=us-1 \
- falcon_spotlight_vulnerabilities --filter="cve.severity:'CRITICAL'" \
+ falcon_vulnerabilities --filter="cve.severity:'CRITICAL'" \
  | jq length
 34
 ```
 
 List all critical severity vulnerabilities alongside hostname of affected systems:
 ```
 $ FALCON_CLIENT_ID="abc" FALCON_CLIENT_SECRET="XYZ" FALCON_CLOUD=us-1 \
- falcon_spotlight_vulnerabilities --filter="cve.severity:'CRITICAL'" \
+ falcon_vulnerabilities --filter="cve.severity:'CRITICAL'" \
  | jq -r 'map( {"cve":.cve.id, "hostname": .host_info.hostname})'
 ```
 
 Index all critical severity vulnerabilities based on hostname of systems it affects:
 ```
 $ FALCON_CLIENT_ID="abc" FALCON_CLIENT_SECRET="XYZ" FALCON_CLOUD=us-1 \
- falcon_spotlight_vulnerabilities --filter="cve.severity:'CRITICAL'" \
+ falcon_vulnerabilities --filter="cve.severity:'CRITICAL'" \
  | jq -r 'map( {"cve":.cve.id, "hostname": .host_info.hostname} ) | group_by(.hostname)[] | {(.[0].hostname): [.[] | .cve]}'
 ```
 
 List vulnerabilities except those of low and medium severity, **sort** by the time last updated timestamp.
 ```
 $ FALCON_CLIENT_ID="abc" FALCON_CLIENT_SECRET="XYZ" FALCON_CLOUD=us-1 \
- falcon_spotlight_vulnerabilities --filter='cve.severity:!["LOW","MEDIUM"]' --sort="updated_timestamp.desc"
+ falcon_vulnerabilities --filter='cve.severity:!["LOW","MEDIUM"]' --sort="updated_timestamp.desc"
 ```
 
 Please Refer to [Falcon Spotlight API documentation](https://falcon.crowdstrike.com/documentation/98/spotlight-apis) to learn more about FQL filter and FQL sort parameters, about the meaning of the vulnerability entity properties, and best practices. Further, please refer to [jq tool manual](https://stedolan.github.io/jq/manual/) to learn how to effectively post-process JSON outputs in command-line.

examples/falcon_spotlight_vulnerabilities/main.go → examples/falcon_vulnerabilities/main.go

@@ -9,7 +9,7 @@ import (
 
  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client"
- "github.com/crowdstrike/gofalcon/falcon/client/spotlight_vulnerabilities"
+ "github.com/crowdstrike/gofalcon/falcon/client/vulnerabilities"
  "github.com/crowdstrike/gofalcon/falcon/models"
  "github.com/crowdstrike/gofalcon/pkg/falcon_util"
 )
@@ -88,8 +88,8 @@ func queryVulnerabilities(client *client.CrowdStrikeAPISpecification, filter str
  go func() {
  lastSeen := (*string)(nil)
  for {
- response, err := client.SpotlightVulnerabilities.CombinedQueryVulnerabilities(
- &spotlight_vulnerabilities.CombinedQueryVulnerabilitiesParams{
+ response, err := client.Vulnerabilities.CombinedQueryVulnerabilities(
+ &vulnerabilities.CombinedQueryVulnerabilitiesParams{
  Context: context.Background(),
  Facet: []string{"cve", "host_info", "remediation", "evaluation_logic"},
  Filter: filter,

examples/falcon_zta/main.go

@@ -53,7 +53,7 @@ Falcon Client Secret`)
  panic(err)
  }
  if *statistics {
- response, err := client.ZeroTrustAssessment.GetComplianceV1(&zero_trust_assessment.GetComplianceV1Params{
+ response, err := client.ZeroTrustAssessment.GetAssessmentV1(&zero_trust_assessment.GetAssessmentV1Params{
  Context: ctx,
  })
  if err != nil {