Skip to content
/ falcon-prime-bulk-ip Public

Get bulk ip against crowstrike falcon prime. Iterate over dataframe. If anything is found append to dataframe. Was given 90%-95% of the code from crowdstrike engineer and their SDK.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

colleybrb/falcon-prime-bulk-ip

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
falconprime_ip_search.py
falconprime_ip_search.py
 
 

Repository files navigation

falcon-prime-bulk-ip search function

This is repurposed code from a crowdstrike engineer to do what I needed. I re-wrote 5-10% how I would want to use it with one function and append to a data frame.

Need: If you have crowstrike falcon prime and need to search for a csv of malicious ip's, and want to append the intel to your csv of ip's.

You need to get your base url, client secret and client id (remember not to hard code why I use getpass).

image

Operational overview

    1. Change the csv paths
    1. Install falconpy and other dependencies
    1. Run
    1. It will prompt you for the three things mentioned above

Notes

  • I was threat hunting over a huge area with little integration to crowd strikes tools. So, this saved me a ton of time gathering intel on malicous IP's that were fuzzing or attempting to exploit.

Contact

***If you have issues and need help reach out to [email protected]

MIT License

About

Get bulk ip against crowstrike falcon prime. Iterate over dataframe. If anything is found append to dataframe. Was given 90%-95% of the code from crowdstrike engineer and their SDK.

Topics

python pandas-dataframe threat-hunting bulk-search crowdstrike-falcon

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages