From 5d05e1f13613a3deaf2eb54e9f6db9243764db10 Mon Sep 17 00:00:00 2001
From: jmeyer5 <jason_meyer@intuit.com>
Date: Fri, 5 Jan 2024 12:22:54 -0800
Subject: [PATCH 1/7] added online state consts

---
 crowdstrikeoauthapi_consts.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crowdstrikeoauthapi_consts.py b/crowdstrikeoauthapi_consts.py
index dbac3d4..f2fea5a 100644
--- a/crowdstrikeoauthapi_consts.py
+++ b/crowdstrikeoauthapi_consts.py
@@ -25,6 +25,7 @@
 CROWDSTRIKE_GET_PROCESS_DETAIL_FALCON_PROCESS_ID = "falcon_process_id"
 CROWDSTRIKE_GET_DEVICE_DETAIL_DEVICE_ID = "id"
 CROWDSTRIKE_JSON_ID = "id"
+CROWDSTRIKE_GET_ONLINE_STATE_DEVICE_ID = "id"
 CROWDSTRIKE_RESOLVE_DETECTION_TO_STATE = "state"
 PAYLOAD_SECURITY_API_KEY = 'api_key'  # pragma: allowlist secret
 CROWDSTRIKE_JSON_IOC = "ioc"
@@ -179,7 +180,7 @@
 CROWDSTRIKE_UPLOAD_FILE_ENDPOINT = "/samples/entities/samples/v2"
 CROWDSTRIKE_DETONATE_RESOURCE_ENDPOINT = "/falconx/entities/submissions/v1"
 CROWDSTRIKE_GET_ZERO_TRUST_ASSESSMENT_ENDPOINT = "/zero-trust-assessment/entities/assessments/v1"
-
+CROWDSTRIKE_GET_ONLINE_STATE_ENDPOINT = "/devices/entities/online-state/v1"
 CROWDSTRIKE_BASE_ENDPOINT = "/sensors/entities/datafeed/v2"
 CROWDSTRIKE_FALCONX_API_LIMIT = 5000
 CROWDSTRIKE_ENVIRONMENT_ID_DICT = {

From 3f59a85c85c1e6a1461bc5b8fe19e09d86f2494a Mon Sep 17 00:00:00 2001
From: jmeyer5 <jason_meyer@intuit.com>
Date: Fri, 5 Jan 2024 12:24:19 -0800
Subject: [PATCH 2/7] added online status function

---
 crowdstrikeoauthapi_connector.py | 34 ++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/crowdstrikeoauthapi_connector.py b/crowdstrikeoauthapi_connector.py
index 650486a..8e225be 100644
--- a/crowdstrikeoauthapi_connector.py
+++ b/crowdstrikeoauthapi_connector.py
@@ -718,6 +718,40 @@ def _handle_get_device_scroll(self, param):
         self.debug_print('Successfully fetched device scroll with response {0}'.format(response))
         return action_result.set_status(phantom.APP_SUCCESS, "Device scroll fetched successfully")
 
+    def _handle_get_online_state(self, param):
+
+        # Add an action result to the App Run
+        self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        fdid = param[CROWDSTRIKE_GET_ONLINE_STATE_DEVICE_ID]
+
+        api_data = {
+            "ids": fdid
+        }
+
+        ret_val, response = self._make_rest_call_helper_oauth2(action_result, CROWDSTRIKE_GET_ONLINE_STATE_ENDPOINT, params=api_data)
+
+        if phantom.is_fail(ret_val) and CROWDSTRIKE_STATUS_CODE_CHECK_MESSAGE in action_result.get_message():
+            return action_result.set_status(phantom.APP_SUCCESS, CROWDSTRIKE_NO_DATA_MESSAGE)
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        # successful request
+        try:
+            data = dict(response["resources"][0])
+        except Exception as ex:
+            return action_result.set_status(
+                phantom.APP_ERROR, "Error occurred while parsing response of 'get_online_state' action."
+                                   " Unknown response retrieved Error:{}".format(self._get_error_message_from_exception(ex)))
+
+        action_result.add_data(data)
+
+        summary = action_result.update_summary({})
+        self.debug_print('Successfully fetched device online state with response {0}'.format(response))
+        return action_result.set_status(phantom.APP_SUCCESS, "Device online state fetched successfully")
+
     def _handle_get_process_detail(self, param):
 
         # Add an action result to the App Run

From cfe341d2f342775cc6987232eb1dc9f7fb59e298 Mon Sep 17 00:00:00 2001
From: jmeyer5 <jason_meyer@intuit.com>
Date: Fri, 5 Jan 2024 12:56:10 -0800
Subject: [PATCH 3/7] add get online status html, update json

---
 crowdstrike_get_online_status.html | 187 +++++++++++++++++++++++++++++
 crowdstrikeoauthapi.json           |  37 ++++++
 2 files changed, 224 insertions(+)
 create mode 100644 crowdstrike_get_online_status.html

diff --git a/crowdstrike_get_online_status.html b/crowdstrike_get_online_status.html
new file mode 100644
index 0000000..75638c1
--- /dev/null
+++ b/crowdstrike_get_online_status.html
@@ -0,0 +1,187 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%; background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %} <!-- Main Start Block -->
+
+<!-- File: crowdstrike_get_online_state.html
+  Copyright (c) 2019-2023 Splunk Inc.
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software distributed under
+  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+  either express or implied. See the License for the specific language governing permissions
+  and limitations under the License.
+-->
+
+<style>
+
+
+    .crowdstrike a:hover {
+        text-decoration:underline;
+    }
+
+
+    .crowdstrike .wf-table-vertical {
+    width: initial;
+    font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-vertical td{
+    padding: 8px 10px;
+    border: 1px solid;
+    }
+
+    .crowdstrike .wf-table-vertical tr td:first-child {
+    font-weight: bold;
+    }
+
+    .crowdstrike .wf-table-horizontal {
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .crowdstrike .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .crowdstrike .wf-h3-style {
+        font-size : 20px
+    }
+
+    .crowdstrike .wf-h4-style {
+        font-size : 16px
+    }
+
+    .crowdstrike .collapse.in {
+        display: block !important;
+    }
+
+    .crowdstrike .panel-collapse {
+        overflow-x: auto;
+    }
+
+    .crowdstrike .glyphicon.glyphicon-dot:before {
+        content: "\25cf"; font-size: 10px;
+    }
+
+    .crowdstrike a.nowrap {
+        white-space:nowrap;
+    }
+
+    tbody {
+		counter-reset: serial-number;  /* Set the serial number counter to 0 */
+	}
+
+    #tb2:before {
+		counter-increment: serial-number;  /* Increment the serial number counter */
+		content: counter(serial-number);  /* Display the counter */
+	}
+    /*td { word-wrap:break-word }*/
+    table {
+        border-collapse: collapse;
+        table-layout: fixed;
+        width: 310px;
+   }
+    table td {
+    border: solid 1px #666;
+    width: 110px;
+    word-wrap: break-word;
+  }
+
+</style>
+<div class="crowdstrike" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px"> <!-- Main Div -->
+    {% for result in results %} <!-- loop for each result -->
+    <br>
+
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+    {% else %}
+        <h3 class="wf-h3-style">Online State Info</h3>
+        <div class="metadata_div">
+        <!--Default View-->
+        <div class="panel-group" id="server-information">
+            <div class="panel">
+                <div id="default-view-table" class="panel-collapse collapse in">
+                    <table class="wf-table-horizontal datatable">
+                        <thead>
+                            <tr>
+                                <th>State</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            {% for data in result.data %}
+                                <tr>
+                                    <td>
+                                      <a href="javascript:;"
+                                        onclick="context_menu(this, [{'contains': ['crowdstrike detection id'], 'value': '{{ data.detection_id }}' }], 0, {{ container.id }}, null, false);">{{data.detection_id}}
+                                            &nbsp;
+                                            <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                        </a>
+                                    </td>
+                                    <td>
+                                        <a href="javascript:;"
+                                        onclick="context_menu(this, [{'contains': ['crowdstrike device id'], 'value': '{{ data.device.device_id }}' }], 0, {{ container.id }}, null, false);">{{data.device.device_id}}
+                                            &nbsp;
+                                            <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                        </a>
+                                    </td>
+                                    <td>{{data.state}}</td>
+                                  </tr>
+                            {% endfor %}
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+    {% endif %}
+    <br>
+    {% endfor %} <!-- loop for each result end -->
+</div> <!-- Main Div -->
+<script>
+    function displayDataTable(){
+    $.extend(true, $.fn.dataTable.defaults, {
+      "searching": false,
+      "bLengthChange": false,
+      "language": {
+          "paginate": {
+              "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+              "next": "<i class='fa fa-angle-right fa-lg'></i>"
+          }
+      },
+      "dom": '<"top">rt<"bottom"p><"clear">',
+      drawCallback: function(settings) {
+          var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+          pagination.toggle(this.api().page.info().pages > 1);
+      }
+  });
+  $.fn.DataTable.ext.pager.numbers_length = 5;
+  $('.datatable').DataTable({
+    "iDisplayLength": 5
+  });
+  }
+  displayDataTable();
+</script>
+{% endblock %} <!-- Main Start Block -->
diff --git a/crowdstrikeoauthapi.json b/crowdstrikeoauthapi.json
index 976a75c..2e8238a 100644
--- a/crowdstrikeoauthapi.json
+++ b/crowdstrikeoauthapi.json
@@ -18,6 +18,9 @@
         },
         {
             "name": "Katie Tanner"
+        },
+        {
+            "name": "Jason Meyer"
         }
     ],
     "license": "Copyright (c) 2019-2023 Splunk Inc.",
@@ -3883,6 +3886,40 @@
                 "view": "crowdstrike_view.display_view"
             }
         },
+        {
+            "action": "get_online_state",
+            "description": "get online state of device(s)",
+            "type": "generic",
+            "identifier": "get_online_state",
+            "read_only": false,
+            "versions": "EQ(*)",
+            "parameters": {
+                "device_id": {
+                    "description": "Device IDs to query for online state, Comma-separated list allowed",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike device_id or aid"
+                    ],
+                    "primary": true,
+                    "required": true,
+                    "order": 0
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.state",
+                    "data_type": "string",
+                    "example_values": [
+                        "online",
+                        "offline",
+                        "unknown"
+                    ]
+                }
+            ],
+            "render": {
+                "type": "table"
+            }
+        },
         {
             "action": "update detections",
             "description": "Update detections in crowdstrike host",

From da8c6b1672f28d98912df2999ee636089c33b9e4 Mon Sep 17 00:00:00 2001
From: JMeyer0101 <jmeyer0101@gmail.com>
Date: Fri, 5 Jan 2024 13:09:11 -0800
Subject: [PATCH 4/7] Update manual_readme_content.md

---
 manual_readme_content.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manual_readme_content.md b/manual_readme_content.md
index 29d638f..6dce8fa 100644
--- a/manual_readme_content.md
+++ b/manual_readme_content.md
@@ -65,6 +65,7 @@
 | [check status](#action-check-status)                        | Sandbox(Falcon Intelligence)   | &check;              | &cross;              |
 | [get device scroll](#action-get-device-scroll)              | Hosts                          | &check;              | &cross;              |
 | [get zta data](#action-get-zta-data)                        | Zero Trust Assessment          | &check;              | &cross;              |
+| [get online state](#action-get-online-state)                | Hosts                          | &check;              | &cross;              |
 
 
 ## Preprocess Script

From 0059cc016dd685abf03261f25d798a37713d61e5 Mon Sep 17 00:00:00 2001
From: jmeyer5 <jason_meyer@intuit.com>
Date: Fri, 5 Jan 2024 13:13:07 -0800
Subject: [PATCH 5/7] add release notes

---
 release_notes/4.1.1.md | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 release_notes/4.1.1.md

diff --git a/release_notes/4.1.1.md b/release_notes/4.1.1.md
new file mode 100644
index 0000000..b566bf5
--- /dev/null
+++ b/release_notes/4.1.1.md
@@ -0,0 +1,2 @@
+* Added new action support
+    * get online state
\ No newline at end of file

From 59bb4ee4227525ef89c009b1c906d84076647fff Mon Sep 17 00:00:00 2001
From: jmeyer5 <jason_meyer@intuit.com>
Date: Fri, 5 Jan 2024 13:14:25 -0800
Subject: [PATCH 6/7] revert release md

---
 release_notes/4.1.1.md | 2 --
 1 file changed, 2 deletions(-)
 delete mode 100644 release_notes/4.1.1.md

diff --git a/release_notes/4.1.1.md b/release_notes/4.1.1.md
deleted file mode 100644
index b566bf5..0000000
--- a/release_notes/4.1.1.md
+++ /dev/null
@@ -1,2 +0,0 @@
-* Added new action support
-    * get online state
\ No newline at end of file

From d419a9781cd8f8441f459e497d3d11a75b2383b9 Mon Sep 17 00:00:00 2001
From: jmeyer5 <jason_meyer@intuit.com>
Date: Fri, 5 Jan 2024 13:45:39 -0800
Subject: [PATCH 7/7] add action mapping

---
 crowdstrikeoauthapi_connector.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crowdstrikeoauthapi_connector.py b/crowdstrikeoauthapi_connector.py
index 8e225be..877060b 100644
--- a/crowdstrikeoauthapi_connector.py
+++ b/crowdstrikeoauthapi_connector.py
@@ -3606,7 +3606,8 @@ def handle_action(self, param):
             'detonate_url': self._handle_detonate_url,
             'check_detonate_status': self._handle_check_detonate_status,
             'get_device_scroll': self._handle_get_device_scroll,
-            'get_zta_data': self._handle_get_zta_data
+            'get_zta_data': self._handle_get_zta_data,
+            'get_online_state': self._handle_get_online_state
         }
 
         action = self.get_action_identifier()