Grab these and save them somewhere secure. Crowdstrike will present a Client ID and a Client Secret number … once. Sorry, but your org is going to have to pay for this 😉 You need to be a Crowdstrike customer first. Have credentials -> Get bearer token -> Do operations -> Revoke token.
The syntax is just different enough to be awkward but the principle is the same. Tl dr Performing API calls for Crowdstrike in zsh is very much like doing it for Jamf Pro. This got me thinking, and then experimenting since I don’t supply or even have a need for python in my own environment. Mac Admin’s slack user shared some python code he’d written that was a wrapper around the Crowdstrike falconpy project. (Organisations that are not updating regularly don’t have this issue … they have other issues instead.) That gets tedious after a while, and it also potentially can cause issues if you miss a couple. This comes with the catch that I must also update our management system every time there’s a new version. I am a Crowdstrike customer, and have been taking advantage of it’s ability to self update reliably. The fact it’s come in very useful is a happy by-product. I did this purely for my own education and the fact I really don’t use Python. Crowdstrike has the falconpy project where their entire API has been made available. Before we start, I should point out that there is an easier way of dealing with this if you’re familiar with Python.
0 kommentar(er)
