ZentrixLabs.FalconSdk 1.1.5

dotnet add package ZentrixLabs.FalconSdk --version 1.1.5
                    
NuGet\Install-Package ZentrixLabs.FalconSdk -Version 1.1.5
                    
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="ZentrixLabs.FalconSdk" Version="1.1.5" />
                    
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="ZentrixLabs.FalconSdk" Version="1.1.5" />
                    
Directory.Packages.props
<PackageReference Include="ZentrixLabs.FalconSdk" />
                    
Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add ZentrixLabs.FalconSdk --version 1.1.5
                    
#r "nuget: ZentrixLabs.FalconSdk, 1.1.5"
                    
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package ZentrixLabs.FalconSdk@1.1.5
                    
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=ZentrixLabs.FalconSdk&version=1.1.5
                    
Install as a Cake Addin
#tool nuget:?package=ZentrixLabs.FalconSdk&version=1.1.5
                    
Install as a Cake Tool

ZentrixLabs.FalconSdk

NuGet NuGet Downloads


A lightweight, MIT-licensed .NET 9 SDK for querying CrowdStrike Falcon data using their OAuth2 API.

This SDK is designed to simplify local telemetry analysis, patch readiness, and device visibility by abstracting Falcon's token and device API interactions.


โœจ Features


โœ… Supports:

  • OAuth2 token generation from API keys

  • ๐Ÿ”Œ Supported API Endpoints

Purpose Falcon API Endpoint
Device search /devices/queries/devices/v1
Device details /devices/entities/devices/v2
Host groups /devices/entities/host-groups/v1
Vulnerabilities by filter /spotlight/queries/vulnerabilities/v1
Vulnerabilities by ID /spotlight/entities/vulnerabilities/v1
Vulnerability hosts /spotlight/combined/hosts/v1
Vulnerability remediations /spotlight/combined/remediations/v1
Vulnerability counts /spotlight/queries/vulnerabilities/v1
Vulnerability host counts /spotlight/queries/hosts/v1
Vulnerability remediation counts /spotlight/queries/remediations/v1
Vulnerability evaluation logic /spotlight/entities/evaluation-logic/v1
Alerts search (IDs) /alerts/queries/alerts/v1
Alert details /alerts/entities/alerts/v2

๐Ÿšง Not yet implemented:

  • Streaming detections or real-time event subscriptions
  • Threat Graph, incidents, or host group mutations
  • Retry logic or circuit breaker support
  • Built-in structured logging or telemetry

๐Ÿ›  Requirements


You need:

  • A CrowdStrike Falcon API key with the following permissions:
    • Hosts: Read
    • Host Groups: Read
    • Assets: Read
    • Vulnerabilities: Read
    • Alerts: Read

You can create an API key with these permissions in the Falcon console

๐Ÿ› ๏ธ Notes

  • Pagination: Some endpoints (e.g., devices/queries, spotlight, alerts) require handling of scroll tokens or next tokens for pagination.
  • The user creating the key must have the necessary permissions to grant these scopes (Vulnerability Manager, Device Control, etc.)

๐Ÿ”‘ Setting Up Your API Key

From the Falcon console:

  • Go to Support > API Clients and Keys
  • Create a new key and grant the above permissions

๐Ÿ” Example: Basic Usage


var options = new CrowdStrikeOptions
{
    ClientId = "your-client-id",
    ClientSecret = "your-client-secret"
};

var auth = new CrowdStrikeAuthService(options);
var token = await auth.GetTokenAsync();

var deviceService = new CrowdStrikeDeviceService(auth);
var deviceIds = await deviceService.GetDeviceIdsAsync();
var devices = await deviceService.GetDeviceDetailsAsync(deviceIds);

// Spotlight Example
var spotlightService = new CrowdStrikeSpotlightService(httpClient, auth, options, logger);
var vulnIds = await spotlightService.GetVulnerabilityIdsForHostAsync("host-aid");
var vulnDetails = await spotlightService.GetVulnerabilityDetailsAsync("host-aid", vulnIds.Data);

// Alerts Example
var alertService = new AlertService(httpClient, auth, options, logger);
var alertIds = await alertService.GetAlertIdsAsync();
var alertDetails = await alertService.GetAlertDetailsAsync(alertIds.Data);

๐Ÿ“ฆ Install from NuGet


dotnet add package ZentrixLabs.FalconSdk

View on NuGet.org


๐Ÿงช Test Coverage


This SDK is currently distributed without bundled unit tests.
Community contributions are encouraged โ€” feel free to fork and add coverage using xUnit.


๐Ÿ“ License


This project is licensed under the MIT License.
You are free to use, modify, and distribute it โ€” including in commercial products โ€” with attribution.


๐ŸŒ More from ZentrixLabs

Explore our tools, apps, and developer blog at zentrixlabs.net


Licensed under the MIT License by ZentrixLabs.

๐Ÿ™ Acknowledgments

  • This SDK would not have been possible without the work already done by the team behind the PSFalcon module and the Falcon SDK.

We extend our thanks to the CrowdStrike API community for their support and documentation.

Contributing

Pull requests are welcome!
Please fork the repository, make your changes, and submit a pull request.
Ensure changes are well-tested and match the project's security-first standards.

This Sdk will continue to evolve to encompass more features and services from the CrowdStrike Falcon API.

If you'd like to support this project:

Buy Me A Coffee

Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.1.5 81 6/20/2025
1.1.4 78 6/20/2025
1.1.0 77 5/31/2025
1.0.6 153 5/27/2025
1.0.4 100 5/23/2025
1.0.3 94 5/23/2025
1.0.0 101 5/23/2025