diff --git a/README.md b/README.md index 7626a4a..913e311 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ![CrowdStrike](https://raw.githubusercontent.com/CrowdStrike/falcon-integration-gateway/main/docs/assets/cs-logo.png) -# falcon-integration-gateway [![Python Lint](https://github.com/CrowdStrike/falcon-integration-gateway/actions/workflows/linting.yml/badge.svg)](https://github.com/CrowdStrike/falcon-integration-gateway/actions/workflows/linting.yml) [![Container Build on Quay](https://quay.io/repository/crowdstrike/falcon-integration-gateway/status "Docker Repository on Quay")](https://quay.io/repository/crowdstrike/falcon-integration-gateway) +# falcon-integration-gateway [![Python Lint](https://github.com/CrowdStrike/falcon-integration-gateway/actions/workflows/linting.yml/badge.svg)](https://github.com/CrowdStrike/falcon-integration-gateway/actions/workflows/linting.yml) [![Container Build on Quay](https://quay.io/repository/crowdstrike/falcon-integration-gateway/status "Docker Repository on Quay")](https://quay.io/repository/crowdstrike/falcon-integration-gateway) ![PyPI](https://img.shields.io/pypi/v/falcon-integration-gateway) Falcon Integration Gateway (FIG) forwards threat detection findings and audit events from the CrowdStrike Falcon platform to the [backend](fig/backends) of your choice. @@ -8,6 +8,26 @@ Detection findings and audit events generated by CrowdStrike Falcon platform inf This project facilitates the export of the individual detections and audit events from CrowdStrike Falcon to third-party security dashboards (so called backends). The export is useful in cases where security operation team workflows are tied to given third-party solution to get early real-time heads-up about malicious activities or unusual user activities detected by CrowdStrike Falcon platform. +## Table of Contents + +- [Python Compatibility](#python-compatibility) +- [API Scopes](#api-scopes) +- [Authentication](#authentication) + - [Direct Configuration](#direct-configuration) + - [Environment Variables](#environment-variables) + - [Credential Store](#credential-store) +- [Configuration](#configuration) +- [Deployment](#deployment) + - [Backends w/ Available Deployment Guide(s)](#backends-w-available-deployment-guides) + - [Alternative Deployment Options](#alternative-deployment-options) + - [Installation to Kubernetes using the helm chart](#installation-to-kubernetes-using-the-helm-chart) + - [With Docker/Podman](#with-dockerpodman) + - [From the Python Package Index (PyPI)](#from-the-python-package-index-pypi) + - [From Git Repository](#from-git-repository) +- [Developers Guide](#developers-guide) +- [Statement of Support](#statement-of-support) + + ## Python Compatibility > [!IMPORTANT] @@ -94,7 +114,9 @@ secrets_manager_client_secret_key = client_secret_key_name Please refer to the [config.ini](./config/config.ini) file for more details on the available options along with their respective environment variables. -## Backends w/ Available Deployment Guide(s) +## Deployment + +### Backends w/ Available Deployment Guide(s) | Backend | Description | Deployment Guide(s) | General Guide(s) | |:--------|:------------|:--------------------|:-------------------| @@ -106,15 +128,15 @@ Please refer to the [config.ini](./config/config.ini) file for more details on t | Workspace ONE | Pushes events to VMware Workspace ONE Intelligence | *Coming Soon* | [Workspace ONE backend](fig/backends/workspaceone) | | Generic | Displays events to STDOUT (useful for dev/debugging) | N/A | [Generic Backend](fig/backends/generic) | -## Alternative Deployment Options +### Alternative Deployment Options > :exclamation: Prior to any deployment, ensure you refer to the [configuration options](./config/config.ini) available to the application :exclamation: -### Installation to Kubernetes using the helm chart +#### Installation to Kubernetes using the helm chart Please refer to the [FIG helm chart documentation](https://github.com/CrowdStrike/falcon-helm/tree/main/helm-charts/falcon-integration-gateway) for detailed instructions on deploying the FIG via helm chart for your respective backend(s). -### With Docker/Podman +#### With Docker/Podman To install as a container: @@ -142,12 +164,14 @@ To install as a container: docker logs ``` -### From the Python Package Index (PyPI) +#### From the Python Package Index (PyPI) -> [!IMPORTANT] -> Falcon Integration Gateway (FIG) versions below 3.2.1 on PyPI are broken and will not install correctly. Please ensure you install version 3.2.1 or higher from PyPI. +Falcon Integration Gateway (FIG) is available on the [Python Package Index](https://pypi.org/project/falcon-integration-gateway/). + +> [!WARNING] +> Falcon Integration Gateway (FIG) versions below 3.2.2 on PyPI are broken and will not install correctly. Please ensure you install version 3.2.2 or higher from PyPI. -1. Install the package using pip: +1. Install the package: ```bash python3 -m pip install falcon-integration-gateway @@ -178,15 +202,15 @@ To install as a container: python3 -m fig ``` -#### Updating the FIG from PyPI +##### Updating the FIG from PyPI To update the FIG package from PyPI, run: ```bash -python3 -m pip install --upgrade falcon-integration-gateway +python3 -m pip install falcon-integration-gateway --upgrade ``` -### From Git Repository +#### From Git Repository > [!NOTE] > This method requires Python 3.7 or higher and a python package manager such as `pip` to be installed on your system. @@ -212,11 +236,11 @@ python3 -m pip install --upgrade falcon-integration-gateway python3 -m fig ``` -#### Updating the FIG from the Git Repository +##### Updating the FIG from the Git Repository Depending on which configuration method you are using, follow the steps below to update the FIG from the Git repository. -##### config.ini +###### config.ini If you have made any changes to the `config.ini` file, you can update the FIG by following these steps: @@ -242,7 +266,7 @@ python3 -m fig This method ensures that your configuration settings are preserved while updating the FIG to the latest version. -#### Environment Variables (only) +##### Environment Variables (only) If you are only using environment variables to configure the FIG, you can update the FIG by following these steps: diff --git a/docs/listings/gke/deployer/chart/falcon-integration-gateway/Chart.yaml b/docs/listings/gke/deployer/chart/falcon-integration-gateway/Chart.yaml index b579560..eed5087 100644 --- a/docs/listings/gke/deployer/chart/falcon-integration-gateway/Chart.yaml +++ b/docs/listings/gke/deployer/chart/falcon-integration-gateway/Chart.yaml @@ -21,4 +21,4 @@ version: 0.2.0 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 3.2.1 +appVersion: 3.2.2 diff --git a/docs/listings/gke/deployer/chart/falcon-integration-gateway/templates/application.yaml b/docs/listings/gke/deployer/chart/falcon-integration-gateway/templates/application.yaml index 4b8f5f2..1331f2b 100644 --- a/docs/listings/gke/deployer/chart/falcon-integration-gateway/templates/application.yaml +++ b/docs/listings/gke/deployer/chart/falcon-integration-gateway/templates/application.yaml @@ -23,7 +23,7 @@ spec: kind: Secret descriptor: type: falcon-integration-gateway - version: '3.2.1' + version: '3.2.2' description: |- Falcon Integration Gateway (FIG) forwards threat detection findings from CrowdStrike Falcon platform to the backend of your choice. This instance forwards detection findings to GCP diff --git a/docs/listings/gke/deployer/schema.yaml b/docs/listings/gke/deployer/schema.yaml index 5fe4e05..80ec1a8 100644 --- a/docs/listings/gke/deployer/schema.yaml +++ b/docs/listings/gke/deployer/schema.yaml @@ -3,7 +3,7 @@ x-google-marketplace: applicationApiVersion: v1beta1 - publishedVersion: "3.2.1" + publishedVersion: "3.2.2" publishedVersionMetadata: releaseNote: >- 3.1 @@ -14,13 +14,13 @@ x-google-marketplace: clusterConstraints: resources: - - replicas: 1 - requests: - cpu: 100m - memory: 300Mi + - replicas: 1 + requests: + cpu: 100m + memory: 300Mi images: - '': # Primary image has no name. + "": # Primary image has no name. properties: imageRepo: type: REPO_WITH_REGISTRY @@ -45,10 +45,10 @@ properties: type: STRING default: us-1 enum: - - 'us-1' - - 'us-2' - - 'eu-1' - - 'us-gov-1' + - "us-1" + - "us-2" + - "eu-1" + - "us-gov-1" falcon.client_id: title: "Falcon API OAuth2 Credentials: Client ID" description: "API keypair used to authenticate with Falcon Platform and to initiate streaming session. Only the following permissions are required: READ 'Event streams' and READ 'Hosts'" @@ -69,14 +69,14 @@ properties: type: MASKED_FIELD required: -- name -- namespace -- falcon.client_id -- falcon.client_secret -- falcon.cloud_region -- cloud.google.application_credentials + - name + - namespace + - falcon.client_id + - falcon.client_secret + - falcon.cloud_region + - cloud.google.application_credentials form: -- widget: help - description: |- - Deployment Guide + - widget: help + description: |- + Deployment Guide diff --git a/fig/__init__.py b/fig/__init__.py index b50da94..29e4a94 100644 --- a/fig/__init__.py +++ b/fig/__init__.py @@ -1 +1 @@ -__version__ = '3.2.1' +__version__ = '3.2.2'