How to pull last patch date, active patches, and pending patches using falconpy? #794
-
|
Hey everybody! I am trying to get the patching information on my servers in crowdstrike and I am unable to pull this information through falconpy. Normally this can be found through spotlight when in crowdstrike but I am not sure how to get this information through the api. I have tried using hosts.get_device_details() which returned all the details besides patching and the spotlight methods which haven't returned anything useful for me. If anyone knows how to pull the patching data through falconpy it would be very much appreciated. Thanks for the help! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
|
HI @Arup-Kar, Thanks for the question! At the moment this data is only available in the UI and doesn't currently have a corresponding API. Until that release we won't be able to gather it with FalconPy. This idea encompasses your request and seems to be on our roadmap for an API to deliver your requested features. At the moment, the highest supersedence patch that a host is missing is available via the "Remediations" data in the current Spotlight vulnerabilities API. While not a direct replacement this would at least give details on hosts that still need patching. |
Beta Was this translation helpful? Give feedback.
-
|
Appreciate the quick response. That is unfortunate that its not a feature yet. Do you have any idea if the feature has been done on other crowdstrike integrations such as PSFalcon or would they also be in the same spot? Thank you so much! |
Beta Was this translation helpful? Give feedback.
-
|
Sure thing! Until we have the new API up we won't be able to access the data points. As I noted though this is on the roadmap so once its out we'll be updating out package to support it 😄 |
Beta Was this translation helpful? Give feedback.
-
|
Hi, is the new API available yet? |
Beta Was this translation helpful? Give feedback.
-
|
Hi @ciaran-finnegan just checked with the engineering team and the capability has not been released as of yet. I did learn that the data does come directly from the sensor. In this sense it could be captured by using Falcon Data Replicatior. I will keep this thread up to date as I learn more. |
Beta Was this translation helpful? Give feedback.
HI @Arup-Kar, Thanks for the question!
At the moment this data is only available in the UI and doesn't currently have a corresponding API. Until that release we won't be able to gather it with FalconPy.
This idea encompasses your request and seems to be on our roadmap for an API to deliver your requested features.
At the moment, the highest supersedence patch that a host is missing is available via the "Remediations" data in the current Spotlight vulnerabilities API.
While not a direct replacement this would at least give details on hosts that still need patching.