Parsers for falconctl command outputs
This module provides the following parsers:
FalconctlBackend - command /opt/CrowdStrike/falconctl -g --backend
FalconctlRfm - command /opt/CrowdStrike/falconctl -g --rfm-state
FalconctlAid - command /opt/CrowdStrike/falconctl -g --aid
FalconctlVersion - command /opt/CrowdStrike/falconctl -g --version
- class insights.parsers.falconctl.FalconctlAid(context, extra_bad_lines=None)[source]
Bases:
CommandParserThis parser reads the output of
/opt/CrowdStrike/falconctl -g --aid, return the agent id as a string.Example output:
aid="44e3b7d20b434a2bb2815d9808fa3a8b".
Examples
>>> type(falconctlaid) <class 'insights.parsers.falconctl.FalconctlAid'> >>> falconctlaid.aid '44e3b7d20b434a2bb2815d9808fa3a8b'
- class insights.parsers.falconctl.FalconctlBackend(context, extra_bad_lines=None)[source]
Bases:
CommandParserThis parser reads the output of
/opt/CrowdStrike/falconctl -g --backend, return the back-end mode as a string.Example output:
backend is not set. or backend=auto.
Examples
>>> type(falconctlbackend) <class 'insights.parsers.falconctl.FalconctlBackend'> >>> falconctlbackend.backend 'auto'
- class insights.parsers.falconctl.FalconctlRfm(context, extra_bad_lines=None)[source]
Bases:
CommandParserThis parser reads the output of
/opt/CrowdStrike/falconctl -g --rfm-state, return the Reduced Functionality Mode as boolean.Example output:
rfm-state=false.
Examples
>>> type(falconctlrfm) <class 'insights.parsers.falconctl.FalconctlRfm'> >>> falconctlrfm.rfm False
- class insights.parsers.falconctl.FalconctlVersion(context, extra_bad_lines=None)[source]
Bases:
CommandParserThis parser reads the output of
/opt/CrowdStrike/falconctl -g --version, return the running falcon_sensor version.Example output:
version = 7.14.16703.0
Examples
>>> type(falconctlversion) <class 'insights.parsers.falconctl.FalconctlVersion'> >>> falconctlversion.version '7.14.16703.0'