Add update_rules_v2 operation

CrowdStrike · Jun 4, 2024 · ad3f4b0 · ad3f4b0
1 parent 385e7fc
commit ad3f4b0
Show file tree

Hide file tree

Showing 4 changed files with 130 additions and 0 deletions.
diff --git a/src/falconpy/_endpoint/_custom_ioa.py b/src/falconpy/_endpoint/_custom_ioa.py
@@ -268,6 +268,23 @@
       }
     ]
   ],
+  [
+    "update_rules_v2",
+    "PATCH",
+    "/ioarules/entities/rules/v2",
+    "Update name, description, enabled or field_values for individual rules within a rule group. The v1 flavor "
+    " of this call requires the caller to specify the complete state for all the rules in the rule group, instead "
+    "the v2 flavor will accept the subset of rules in the rule group and apply the attribute updates to the subset "
+    "of rules in the rule group.Return the updated rules.",
+    "custom_ioa",
+    [
+      {
+        "name": "body",
+        "in": "body",
+        "required": True
+      }
+    ]
+  ],
   [
     "validate",
     "POST",

diff --git a/src/falconpy/_endpoint/deprecated/_custom_ioa.py b/src/falconpy/_endpoint/deprecated/_custom_ioa.py
@@ -268,6 +268,23 @@
       }
     ]
   ],
+  [
+    "update-rules-v2",
+    "PATCH",
+    "/ioarules/entities/rules/v2",
+    "Update name, description, enabled or field_values for individual rules within a rule group. The v1 flavor "
+    " of this call requires the caller to specify the complete state for all the rules in the rule group, instead "
+    "the v2 flavor will accept the subset of rules in the rule group and apply the attribute updates to the subset "
+    "of rules in the rule group.Return the updated rules.",
+    "custom_ioa",
+    [
+      {
+        "name": "body",
+        "in": "body",
+        "required": True
+      }
+    ]
+  ],
   [
     "query-patterns",
     "GET",

diff --git a/src/falconpy/custom_ioa.py b/src/falconpy/custom_ioa.py
@@ -526,6 +526,96 @@ def update_rules(self: object,
             body=body
             )
 
+    @force_default(defaults=["body"], default_types=["dict"])
+    def update_rules_v2(self: object,
+                        body: dict = None,
+                        **kwargs
+                        ) -> Dict[str, Union[int, dict]]:
+        """Update rules within a rule group. Return the updated rules.
+
+        Keyword arguments:
+        body -- full body payload in JSON format, not required if using other keywords.
+                {
+                    "comment": "string",
+                    "rule_updates": [
+                        {
+                            "description": "string",
+                            "disposition_id": 0,
+                            "enabled": true,
+                            "field_values": [
+                                {
+                                    "final_value": "string",
+                                    "label": "string",
+                                    "name": "string",
+                                    "type": "string",
+                                    "value": "string",
+                                    "values": [
+                                        {
+                                            "label": "string",
+                                            "value": "string"
+                                        }
+                                    ]
+                                }
+                            ],
+                            "instance_id": "string",
+                            "name": "string",
+                            "pattern_severity": "string",
+                            "rulegroup_version": 0
+                        }
+                    ],
+                    "rulegroup_id": "string",
+                    "rulegroup_version": 0
+                }
+        comment -- Comment related to this update. String.
+        rulegroup_id -- ID of the rule group. String.
+        rule_updates -- JSON dictionary representing the rule updates to
+                        be performed. Only one rule update can be done
+                        in this manner. Dictionary.
+                        {
+                            "description": "string",
+                            "disposition_id": 0,
+                            "enabled": true,
+                            "field_values": [
+                                {
+                                    "final_value": "string",
+                                    "label": "string",
+                                    "name": "string",
+                                    "type": "string",
+                                    "value": "string",
+                                    "values": [
+                                        {
+                                            "label": "string",
+                                            "value": "string"
+                                        }
+                                    ]
+                                }
+                            ],
+                            "instance_id": "string",
+                            "name": "string",
+                            "pattern_severity": "string",
+                            "rulegroup_version": 0
+                        }
+        rulegroup_version -- Version of the rule group. Integer.
+
+        This method only supports keywords for providing arguments.
+
+        Returns: dict object containing API response.
+
+        HTTP Method: PATCH
+
+        Swagger URL
+        https://assets.falcon.crowdstrike.com/support/api/swagger.html#/custom-ioa/update-rules-v2
+        """
+        if not body:
+            body = ioa_custom_payload(passed_keywords=kwargs)
+
+        return process_service_request(
+            calling_object=self,
+            endpoints=Endpoints,
+            operation_id="update_rules_v2",
+            body=body
+            )
+
     @force_default(defaults=["body"], default_types=["dict"])
     def validate(self: object, body: dict = None, **kwargs) -> Dict[str, Union[int, dict]]:
         """Validate field values and check for matches if a test string is provided.

diff --git a/tests/test_custom_ioa.py b/tests/test_custom_ioa.py
@@ -49,6 +49,12 @@ def ioa_generate_errors():
                                                 disposition_id=1,
                                                 ruletype_id="12345678"
                                                 ),
+            "update_rules_v2": falcon.update_rules_v2(enabled=True,
+                                                      rulegroup_version=1,
+                                                      rule_updates={"something": "something-darkside"},
+                                                      disposition_id=1,
+                                                      ruletype_id="12345678"
+                                                      ),    
             "validate": falcon.validate(),
             "query_patterns": falcon.query_patterns(),
             "query_platforms": falcon.query_platformsMixin0(),