You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to create a script to connect to our CS API and run a RTR script on either all servers listed in a host group id or list on specific host id's. but I am stuck and not able to get it working correctly. Has anyone tried doing this before? Below is the script, hopefully someone can point me in the right direction.
def execute_rtr_script(host_id: str, script_name: str):
"""
Initializes FalconPy, connects to the API, and executes a specified RTR script on a given host.
"""
try:
print("Initializing FalconPy API Harness...")
# Initialize APIHarness with your credentials and base URL
api = APIHarness(client_id=CLIENT_ID, client_secret=CLIENT_SECRET, base_url=BASE_URL)
print("FalconPy API initialized successfully. ✅")
print(f"Attempting to execute RTR script '{script_name}' on host ID: {host_id}...")
# The correct method for executing RTR scripts is 'command_execute'
# The command parameter specifies the RTR script to run.
# The hosts parameter takes a list of host IDs.
response = api.command_execute(
body={
"commands": [
{
"command": script_name,
"parameters": [] # Add any parameters for your script here
}
],
"hosts": [host_id]
}
)
if response and response.get('status_code', 0) == 200:
print(f"RTR script '{script_name}' execution initiated successfully for host {host_id}.")
print("Command execution details:")
print(json.dumps(response.get('body', {}), indent=2))
else:
print(f"Failed to initiate RTR script execution for host {host_id}.")
print(f"Response: {response}")
except ImportError:
print("Error: FalconPy library not found. Please install it using 'pip install falconpy'.")
except Exception as e:
print(f"An unexpected error occurred: {e}")
if name == "main":
if CLIENT_ID == "YOUR_CLIENT_ID" or CLIENT_SECRET == "YOUR_CLIENT_SECRET":
print("Error: Please replace 'YOUR_CLIENT_ID' and 'YOUR_CLIENT_SECRET' with your actual CrowdStrike API credentials.")
else:
execute_rtr_script(TARGET_HOST_ID, RTR_SCRIPT_NAME)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I am trying to create a script to connect to our CS API and run a RTR script on either all servers listed in a host group id or list on specific host id's. but I am stuck and not able to get it working correctly. Has anyone tried doing this before? Below is the script, hopefully someone can point me in the right direction.
from falconpy import APIHarness
import json
CLIENT_ID = ""
CLIENT_SECRET = ""
BASE_URL = "https://api.us-2.crowdstrike.com"
TARGET_HOST_ID = ""
RTR_SCRIPT_NAME = ""
def execute_rtr_script(host_id: str, script_name: str):
"""
Initializes FalconPy, connects to the API, and executes a specified RTR script on a given host.
"""
try:
print("Initializing FalconPy API Harness...")
# Initialize APIHarness with your credentials and base URL
api = APIHarness(client_id=CLIENT_ID, client_secret=CLIENT_SECRET, base_url=BASE_URL)
print("FalconPy API initialized successfully. ✅")
if name == "main":
if CLIENT_ID == "YOUR_CLIENT_ID" or CLIENT_SECRET == "YOUR_CLIENT_SECRET":
print("Error: Please replace 'YOUR_CLIENT_ID' and 'YOUR_CLIENT_SECRET' with your actual CrowdStrike API credentials.")
else:
execute_rtr_script(TARGET_HOST_ID, RTR_SCRIPT_NAME)
Beta Was this translation helpful? Give feedback.
All reactions