How to pull last patch date, active patches, and pending patches using falconpy?

[Arup-Kar]

Hey everybody!

I am trying to get the patching information on my servers in crowdstrike and I am unable to pull this information through falconpy. Normally this can be found through spotlight when in crowdstrike but I am not sure how to get this information through the api. I have tried using hosts.get_device_details() which returned all the details besides patching and the spotlight methods which haven't returned anything useful for me. If anyone knows how to pull the patching data through falconpy it would be very much appreciated.

Thanks for the help!

[crowdstrikedcs]

HI @Arup-Kar, Thanks for the question!

At the moment this data is only available in the UI and doesn't currently have a corresponding API. Until that release we won't be able to gather it with FalconPy.

This idea encompasses your request and seems to be on our roadmap for an API to deliver your requested features.

At the moment, the highest supersedence patch that a host is missing is available via the "Remediations" data in the current Spotlight vulnerabilities API.

While not a direct replacement this would at least give details on hosts that still need patching.

[crowdstrikedcs]

Sure thing! Until we have the new API up we won't be able to access the data points. As I noted though this is on the roadmap so once its out we'll be updating out package to support it 😄

[ciaran-finnegan]

Hi, is the new API available yet?

[crowdstrikedcs]

Hi @ciaran-finnegan just checked with the engineering team and the capability has not been released as of yet. I did learn that the data does come directly from the sensor. In this sense it could be captured by using Falcon Data Replicatior. I will keep this thread up to date as I learn more.

[securedbeans]

Hello! Is there any update on if this functionality has been added?

[jphoke]

This has been on the 'roadmap' for 3 years - is there anything that we can use yet?