Parsers for falconctl command outputs

This module provides the following parsers:

FalconctlBackend - command /opt/CrowdStrike/falconctl -g --backend

FalconctlRfm - command /opt/CrowdStrike/falconctl -g --rfm-state

class insights.parsers.falconctl.FalconctlBackend(context, extra_bad_lines=None)

Bases: CommandParser

This parser reads the output of /opt/CrowdStrike/falconctl -g --backend, return the back-end mode as a string.

Example output:

backend is not set.
or
backend=auto.

Examples

>>> type(falconctlbackend)
<class 'insights.parsers.falconctl.FalconctlBackend'>
>>> falconctlbackend.backend
'auto'

parse_content(content)

This method must be implemented by classes based on this class.

class insights.parsers.falconctl.FalconctlRfm(context, extra_bad_lines=None)

Bases: CommandParser

This parser reads the output of /opt/CrowdStrike/falconctl -g --rfm-state, return the Reduced Functionality Mode as boolean.

Example output:

rfm-state=false.

Examples

>>> type(falconctlrfm)
<class 'insights.parsers.falconctl.FalconctlRfm'>
>>> falconctlrfm.rfm
False

parse_content(content)

This method must be implemented by classes based on this class.