-
Notifications
You must be signed in to change notification settings - Fork 0
Logging
To assist with development and troubleshooting, FalconPy supports debug logging of all:
- API endpoints used, including:
- Operation ID
- Route
- HTTP method
- Headers and Payloads sent
- API responses and status codes received
FalconPy introduced debug logging functionality in version
1.3.0
.
This feature must be explicitely turned on using the debug
keyword when creating an instance of a Service Class or the Uber Class.
By default, debug logging is disabled
, meaning debug log entries are not generated regardless of the current application debug level.
Logging enablement status is a property of the FalconInterface
class, so it is shared by default among Service Classes that are sharing an auth_object
via Object Authentication. This feature can be enabled or disabled per Service Class by providing the debug
keyword when creating an instance of the desired Service Class.
The following values are redacted from debug logs by default:
- CrowdStrike API Client IDs
- CrowdStrike API Client Secrets
- Bearer tokens
- Child tenant IDs
Debug log sanitization can be disabled by setting the sanitize_log
keyword to False
.
⚠️ WARNING⚠️ Disabling log sanitization will result in the values mentioned above being shown to the console or in the created log file. This setting should be used in production environments with extreme caution and not be left enabled when it is not required.
The following examples demonstrate leveraging debug logging while querying the Hosts service collection.
⚠️ WARNING⚠️
client_id
,client_secret
andmember_cid
are keyword arguments that contain your CrowdStrike API credentials and the customer ID of a child tenant. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does NOT recommend hard coding API credentials or customer identifiers within source code.
import logging
from falconpy import Hosts
# Configure our log level.
logging.basicConfig(level=logging.DEBUG)
# Create an instance of the Hosts Service Class, activating debugging when doing so.
hosts = Hosts(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET,
debug=True
)
# Use the Hosts Service Class to call the QueryDevicesByFilterScroll and GetDeviceDetails
# operations to retrieve details for one of the endpoints within our CrowdStrike tenant.
host = hosts.get_device_details(hosts.query_devices_by_filter_scroll(limit=1)["body"]["resources"])
import logging
from falconpy import Hosts
# Configure our log level, message format and debug filename.
logging.basicConfig(format="%(asctime)s %(levelname)s %(message)s",
filename="debug.log",
level=logging.DEBUG
)
# Create an instance of the Hosts Service Class, activating debugging when doing so.
hosts = Hosts(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET,
debug=True
)
# Use the Hosts Service Class to call the QueryDevicesByFilterScroll and GetDeviceDetails
# operations to retrieve details for one of the endpoints within our CrowdStrike tenant.
hosts.get_device_details(hosts.query_devices_by_filter_scroll(limit=1)["body"]["resources"])
import logging
from falconpy import Hosts
# Configure our log level.
logging.basicConfig(level=logging.DEBUG)
# Create an instance of the Hosts Service Class, activating
# debugging and disabling log sanitization when doing so.
hosts = Hosts(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET,
debug=True,
sanitize_log=False
)
# Use the Hosts Service Class to call the QueryDevicesByFilterScroll and GetDeviceDetails
# operations to retrieve details for one of the endpoints within our CrowdStrike tenant.
host = hosts.get_device_details(hosts.query_devices_by_filter_scroll(limit=1)["body"]["resources"])
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- Detects
- Device Control Policies
- Discover
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust