Add Cloud Security Compliance service collection

jshcodes · jshcodes · commit 5c7f81c6bde2 · 2025-09-11T20:05:40.000-04:00
diff --git a/src/falconpy/__init__.py b/src/falconpy/__init__.py
@@ -115,6 +115,7 @@
 from .cloud_azure_registration import CloudAzureRegistration
 from .cloud_oci_registration import CloudOCIRegistration
 from .cloud_security_assets import CloudSecurityAssets
+from .cloud_security_compliance import CloudSecurityCompliance
 from .cloud_snapshots import CloudSnapshots
 from .container_image_compliance import ContainerImageCompliance, ComplianceAssessments
 from .configuration_assessment_evaluation_logic import ConfigurationAssessmentEvaluationLogic
@@ -249,7 +250,8 @@
     "ContainerImageCompliance", "FaaSExecution", "HEC", "IngestBaseURL", "IngestFormat",
     "IngestPayload", "HTTPEventCollector", "IngestConfig", "SessionManager", "TimeUnit",
     "Color", "Indicator", "random_string", "KubernetesContainerCompliance", "find_operation",
-    "InvalidRoute", "InvalidServiceCollection", "InvalidOperationSearch", "ITAutomation", "F4IT"
+    "InvalidRoute", "InvalidServiceCollection", "InvalidOperationSearch", "ITAutomation", "F4IT",
+    "CloudSecurityCompliance"
     ]
 """
 This is free and unencumbered software released into the public domain.
diff --git a/src/falconpy/_endpoint/__init__.py b/src/falconpy/_endpoint/__init__.py
@@ -24,6 +24,7 @@
 from .deprecated import _cloud_azure_registration_deprecated
 from .deprecated import _cloud_oci_registration_deprecated
 from .deprecated import _cloud_security_assets_deprecated
+from .deprecated import _cloud_security_compliance_deprecated
 from .deprecated import _correlation_rules_deprecated
 from .deprecated import _custom_ioa_deprecated
 from .deprecated import _d4c_registration_deprecated
@@ -56,6 +57,7 @@
 from ._cloud_azure_registration import _cloud_azure_registration_endpoints
 from ._cloud_oci_registration import _cloud_oci_registration_endpoints
 from ._cloud_security_assets import _cloud_security_assets_endpoints
+from ._cloud_security_compliance import _cloud_security_compliance_endpoints
 from ._cloud_connect_aws import _cloud_connect_aws_endpoints
 from ._cloud_snapshots import _cloud_snapshots_endpoints
 from ._container_image_compliance import _container_image_compliance_endpoints
@@ -152,6 +154,7 @@
 api_endpoints.extend(_cloud_azure_registration_endpoints)
 api_endpoints.extend(_cloud_oci_registration_endpoints)
 api_endpoints.extend(_cloud_security_assets_endpoints)
+api_endpoints.extend(_cloud_security_compliance_endpoints)
 api_endpoints.extend(_cloud_snapshots_endpoints)
 api_endpoints.extend(_container_image_compliance_endpoints)
 api_endpoints.extend(_configuration_assessment_evaluation_logic_endpoints)
@@ -242,6 +245,7 @@
 deprecated_endpoints.extend(_cloud_azure_registration_deprecated)
 deprecated_endpoints.extend(_cloud_oci_registration_deprecated)
 deprecated_endpoints.extend(_cloud_security_assets_deprecated)
+deprecated_endpoints.extend(_cloud_security_compliance_deprecated)
 deprecated_endpoints.extend(_correlation_rules_deprecated)
 deprecated_endpoints.extend(_certificate_based_exclusions_deprecated)
 deprecated_endpoints.extend(_custom_ioa_deprecated)
diff --git a/src/falconpy/_endpoint/_cloud_security_compliance.py b/src/falconpy/_endpoint/_cloud_security_compliance.py
@@ -0,0 +1,82 @@
+"""Internal API endpoint constant library.
+
+ _______                        __ _______ __        __ __
+|   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
+|.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
+|.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
+|:  1   |                         |:  1   |
+|::.. . |   CROWDSTRIKE FALCON    |::.. . |    FalconPy
+`-------'                         `-------'
+
+OAuth2 API - Customer SDK
+
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org>
+"""
+
+_cloud_security_compliance_endpoints = [
+  [
+    "cloud_compliance_framework_posture_summaries",
+    "GET",
+    "/cloud-security-compliance/entities/framework-posture-summaries/v1",
+    "Get sections and requirements with scores for benchmarks.",
+    "cloud_security_compliance",
+    [
+      {
+        "maxItems": 20,
+        "type": "array",
+        "items": {
+          "type": "string"
+        },
+        "collectionFormat": "csv",
+        "description": "The uuids of compliance frameworks to retrieve (maximum 20 IDs allowed).",
+        "name": "ids",
+        "in": "query",
+        "required": True
+      }
+    ]
+  ],
+  [
+    "cloud_compliance_rule_posture_summaries",
+    "GET",
+    "/cloud-security-compliance/entities/rule-posture-summaries/v1",
+    "Get compliance score and counts for rules.",
+    "cloud_security_compliance",
+    [
+      {
+        "maxItems": 300,
+        "type": "array",
+        "items": {
+          "type": "string"
+        },
+        "collectionFormat": "csv",
+        "description": "The uuids of compliance rules to retrieve (maximum 300 IDs allowed).",
+        "name": "ids",
+        "in": "query",
+        "required": True
+      }
+    ]
+  ]
+]
diff --git a/src/falconpy/_endpoint/deprecated/__init__.py b/src/falconpy/_endpoint/deprecated/__init__.py
@@ -35,6 +35,7 @@
 from ._cloud_azure_registration import _cloud_azure_registration_endpoints
 from ._cloud_oci_registration import _cloud_oci_registration_endpoints
 from ._cloud_security_assets import _cloud_security_assets_endpoints
+from ._cloud_security_compliance import _cloud_security_compliance_endpoints
 from ._custom_ioa import _custom_ioa_endpoints
 from ._correlation_rules import _correlation_rules_endpoints
 from ._d4c_registration import _d4c_registration_endpoints
@@ -62,6 +63,7 @@
 _cloud_azure_registration_deprecated = _cloud_azure_registration_endpoints
 _cloud_oci_registration_deprecated = _cloud_oci_registration_endpoints
 _cloud_security_assets_deprecated = _cloud_security_assets_endpoints
+_cloud_security_compliance_deprecated = _cloud_security_compliance_endpoints
 _correlation_rules_deprecated = _correlation_rules_endpoints
 _custom_ioa_deprecated = _custom_ioa_endpoints
 _d4c_registration_deprecated = _d4c_registration_endpoints
diff --git a/src/falconpy/_endpoint/deprecated/_cloud_security_compliance.py b/src/falconpy/_endpoint/deprecated/_cloud_security_compliance.py
@@ -0,0 +1,82 @@
+"""Internal API endpoint constant library (deprecated operations).
+
+ _______                        __ _______ __        __ __
+|   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
+|.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
+|.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
+|:  1   |                         |:  1   |
+|::.. . |   CROWDSTRIKE FALCON    |::.. . |    FalconPy
+`-------'                         `-------'
+
+OAuth2 API - Customer SDK
+
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org>
+"""
+
+_cloud_security_compliance_endpoints = [
+  [
+    "cloud-compliance-framework-posture-summaries",
+    "GET",
+    "/cloud-security-compliance/entities/framework-posture-summaries/v1",
+    "Get sections and requirements with scores for benchmarks.",
+    "cloud_security_compliance",
+    [
+      {
+        "maxItems": 20,
+        "type": "array",
+        "items": {
+          "type": "string"
+        },
+        "collectionFormat": "csv",
+        "description": "The uuids of compliance frameworks to retrieve (maximum 20 IDs allowed).",
+        "name": "ids",
+        "in": "query",
+        "required": True
+      }
+    ]
+  ],
+  [
+    "cloud-compliance-rule-posture-summaries",
+    "GET",
+    "/cloud-security-compliance/entities/rule-posture-summaries/v1",
+    "Get compliance score and counts for rules.",
+    "cloud_security_compliance",
+    [
+      {
+        "maxItems": 300,
+        "type": "array",
+        "items": {
+          "type": "string"
+        },
+        "collectionFormat": "csv",
+        "description": "The uuids of compliance rules to retrieve (maximum 300 IDs allowed).",
+        "name": "ids",
+        "in": "query",
+        "required": True
+      }
+    ]
+  ]
+]
diff --git a/src/falconpy/cloud_security_compliance.py b/src/falconpy/cloud_security_compliance.py
@@ -0,0 +1,121 @@
+"""CrowdStrike Falcon CloudSecurityCompliance API interface class.
+
+ _______                        __ _______ __        __ __
+|   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
+|.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
+|.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
+|:  1   |                         |:  1   |
+|::.. . |   CROWDSTRIKE FALCON    |::.. . |    FalconPy
+`-------'                         `-------'
+
+OAuth2 API - Customer SDK
+
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org>
+"""
+from typing import Dict, Union
+from ._util import force_default, process_service_request, handle_single_argument
+from ._result import Result
+from ._service_class import ServiceClass
+from ._endpoint._cloud_security_compliance import _cloud_security_compliance_endpoints as Endpoints
+
+
+class CloudSecurityCompliance(ServiceClass):
+    """The only requirement to instantiate an instance of this class is one of the following.
+
+    - a valid client_id and client_secret provided as keywords.
+    - a credential dictionary with client_id and client_secret containing valid API credentials
+      {
+          "client_id": "CLIENT_ID_HERE",
+          "client_secret": "CLIENT_SECRET_HERE"
+      }
+    - a previously-authenticated instance of the authentication service class (oauth2.py)
+    - a valid token provided by the authentication service class (oauth2.py)
+    """
+
+    @force_default(defaults=["parameters"], default_types=["dict"])
+    def framework_posture_summaries(self: object,
+                                    *args,
+                                    parameters: dict = None,
+                                    **kwargs
+                                    ) -> Union[Dict[str, Union[int, dict]], Result]:
+        """Get sections and requirements with scores for benchmarks.
+
+        Keyword arguments:
+        ids -- The UUIDs of compliance frameworks to retrieve (maximum 20 IDs allowed). String or list of strings.
+        parameters -- Full parameters payload dictionary. Not required if using other keywords.
+
+        Arguments: When not specified, the first argument to this method is assumed to be 'ids'.
+                   All others are ignored.
+
+        Returns: dict object containing API response.
+
+        HTTP Method: GET
+
+        Swagger URL
+        https://assets.falcon.crowdstrike.com/support/api/swagger.html#
+            /cloud-security-compliance/cloud-compliance-framework-posture-summaries
+        """
+        return process_service_request(
+            calling_object=self,
+            endpoints=Endpoints,
+            operation_id="cloud_compliance_framework_posture_summaries",
+            keywords=kwargs,
+            params=handle_single_argument(args, parameters, "ids")
+            )
+
+    @force_default(defaults=["parameters"], default_types=["dict"])
+    def rule_posture_summaries(self: object,
+                               *args,
+                               parameters: dict = None,
+                               **kwargs
+                               ) -> Union[Dict[str, Union[int, dict]], Result]:
+        """Get compliance score and counts for rules.
+
+        Keyword arguments:
+        ids -- The uuids of compliance rules to retrieve (maximum 300 IDs allowed).
+        parameters -- Full parameters payload dictionary. Not required if using other keywords.
+
+        Arguments: When not specified, the first argument to this method is assumed to be 'ids'.
+                   All others are ignored.
+
+        Returns: dict object containing API response.
+
+        HTTP Method: GET
+
+        Swagger URL
+        https://assets.falcon.crowdstrike.com/support/api/swagger.html#
+            /cloud-security-compliance/cloud-compliance-rule-posture-summaries
+        """
+        return process_service_request(
+            calling_object=self,
+            endpoints=Endpoints,
+            operation_id="cloud_compliance_rule_posture_summaries",
+            keywords=kwargs,
+            params=handle_single_argument(args, parameters, "ids")
+            )
+
+    cloud_compliance_framework_posture_summaries = framework_posture_summaries
+    cloud_compliance_rule_posture_summaries = rule_posture_summaries
diff --git a/tests/test_cloud_security_compliance.py b/tests/test_cloud_security_compliance.py
@@ -0,0 +1,34 @@
+# test_cloud_security_compliance.py
+# This class tests the cloud_security_compliance service class
+
+# import json
+import os
+import sys
+
+# Authentication via the test_authorization.py
+from tests import test_authorization as Authorization
+
+# Import our sibling src folder into the path
+sys.path.append(os.path.abspath('src'))
+# Classes to test - manually imported from sibling folder
+from falconpy import CloudSecurityCompliance
+
+auth = Authorization.TestAuthorization()
+config = auth.getConfigObject()
+falcon = CloudSecurityCompliance(auth_object=config)
+AllowedResponses = [200, 201, 207, 400, 403, 404, 429]
+
+
+class TestCloudSecurityCompliance:
+    def test_all_code_paths(self):
+        error_checks = True
+        tests = {
+            "cloud_compliance_framework_posture_summaries": falcon.framework_posture_summaries("1ab2c345-67d8-90e1-2345-6789f0a12bc3"),
+            "cloud_compliance_rule_posture_summaries": falcon.rule_posture_summaries(ids="1ab2c345-67d8-90e1-2345-6789f0a12bc3"),
+        }
+        for key in tests:
+            if tests[key]["status_code"] not in AllowedResponses:
+                error_checks = False
+                # print(key)
+                # print(tests[key])
+        assert error_checks
