crowdstrike: remove arbitrary filter and limit #1008
Conversation
|
Any comment on this one? |
There was a problem hiding this comment.
Hi! Sorry for the lateness on reviews and thanks for your PR.
I don't know much about Crowdstrike, but do you think that this filter string should be passable as a param from the cartography CLI?
cc: @ryan-lane who knows more here.
|
it's possible to add a cli param but usually you would want to get all assets. imho, more a edge case |
There was a problem hiding this comment.
@juju4 - sorry for the extremely delayed review, I'm finally able to catch up a bit.
From my brief read, it seems like endpoints.py is written specifically to load in CrowdstrikeHosts assuming that they are not on AWS EC2. If we remove the filter, then will the rest of the code still work? Will it fail if there are CrowdstrikeHosts that are not on AWS EC2?
Again, I'm not familiar with Crowdstrike, just doing a read and seeing that the filter may have been put there for a reason.
|
Example filter from falconpy docs empty filter is valid meaning no filter. It is working, used in production. |
|
is there something that I can help to move this forward? |
chandanchowdhury
force-pushed
the
devel-crowdstrike
branch
2 times, most recently
from
6512c92 to
df79710
Compare
Minor change to remove hardcoded settings that likely don't fit many environments Co-authored-by: i_virus <[email protected]>
Minor change to remove hardcoded settings that likely don't fit many environments Co-authored-by: i_virus <[email protected]> Signed-off-by: chandanchowdhury <[email protected]>
Minor change to remove hardcoded settings that likely don't fit many environments