PyMISP
falconpy
PyMISP | falconpy | |
---|---|---|
3 | 30 | |
422 | 306 | |
1.7% | 2.3% | |
9.2 | 9.5 | |
2 days ago | 13 days ago | |
Python | Python | |
GNU General Public License v3.0 or later | The Unlicense |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PyMISP
- FLaNK Stack Weekly for 13 November 2023
-
Get CrowdSec IOCs feed into MISP
You might consider misp feed https://github.com/MISP/PyMISP/tree/main/examples/feed-generator, basically it’s the best way to collect IOCs and import them into a MISP instance. These feeds help to correlate IOCs without manually launching the MISP module every time for each IOC, this also reduce the workload on your API servers as the list is cached locally on the MISP and updated every day.
-
Ingesting IOCs in to CS from MISP
If you're in Python, you can use PyMISP to login and get the new indicators, and then FalconPy to import them into your CrowdStrike tenant. (Basically the reverse of what the MISP-tools example is doing. You could start here and alter the logic.)
falconpy
-
Identity API for PSfalcon or FalconPY
And for falconpy: https://github.com/CrowdStrike/falconpy/wiki/Identity-Protection
-
APIs for Operational stuffs
https://github.com/CrowdStrike/falconpy/tree/main/samples https://github.com/CrowdStrike/psfalcon/tree/master/samples
-
API - Group by Remediation
We also have an example that does some sorting and basic aggregation that's a little similar (but does not focus on remediations). Similar to your suggestion, this sample also consumes all available matches at the outset using a pretty expansive query.
-
How do i search for all hosts with FQL/FalconPy?
Here's a sample that will paginate through all of your hosts. Depending on the API call you're using, you can request up to 5,000 hosts.
-
Find Host by CVE List
Howdy Yall, qq. Does anyone know if it is possible to search not just one CVE but a short list? from the github here https://github.com/CrowdStrike/falconpy/blob/main/samples/spotlight/find_hosts_by_cve.py
-
Host and MSSP Endpoint’s
Logging in with the parent credentials to the Hosts Service Class will show hosts from child CIDs when you make calls to QueryDevicesByFilter or QueryDevicesByFilterScroll. For an example on how to paginate through the results, you can check out the sample here: https://github.com/CrowdStrike/falconpy/blob/main/samples/hosts/sensor_versions_by_hostname_scrolling.py
-
Help with simple python script
start with samples work backward: https://github.com/CrowdStrike/falconpy/tree/main/samples/hosts
-
How to Resolve a 405 Error When Setting Up CrowdStrike Stream with Google Chronicle?
I would need to see more of your code to get an idea for why you're running into this error. You may find it easier to review an existing integration that populates Chronicle via the Event Streams API instead. This one leverages our Python SDK: https://github.com/CrowdStrike/falcon-integration-gateway.
-
Associate Put file ID with put file name in Falconpy
Can I see more of your code? Feels like we're missing something. Sample code (queued execute): https://github.com/CrowdStrike/falconpy/blob/main/samples/rtr/queued_execute.py
-
Error when attempting to update Device Control policy
I think you may be right. It looks like the payload handler for this operation is not looking for the id key. (I will track this fix using the GitHub issue you just created. )
What are some alternatives?
MISP-QRadar-Integration - The Project can be used to integrate QRadar with MISP Threat Sharing Platform
psfalcon - PowerShell for CrowdStrike's OAuth2 APIs
yeti - Your Everyday Threat Intelligence
MISP-tools - Import CrowdStrike Threat Intelligence into your instance of MISP
vimGPT - Browse the web with GPT-4V and Vimium
BulkStrike - BulkStrike enables the usage of CrowdStrike Real Time Response (RTR) to bulk execute commands on multiple machines.
clipea - 📎🟢 Like Clippy but for the CLI. A blazing fast AI helper for your command line
dotify - 🐍🎶 Yet another Spotify Web API Python library
gybe - A simple YAML transpiler for rendering Kubernetes manifests using python type-hints.
PaK-Stocks - Stocks
gofalcon - Golang-based SDK to CrowdStrike's APIs