This Category Blocking Foundry app provides a comprehensive URL filtering solution that simplifies firewall rule management through custom categories and automated rule deployment. Built on CrowdStrike's Foundry platform, this application streamlines URL blocking workflows while providing valuable insights into blocking patterns.
The Category Blocking app allows you to:
- Create and manage custom categories of URLs for blocking
- Deploy firewall rules to block categories of URLs across host groups
- Import URL categories from CSV files
- Visualize relationships between categories, rule groups, and host groups
- Generate analytics on domain blocking patterns
- Python 3.13+ (needed if modifying the app's functions). See Python For Beginners for installation instructions.
- Node.js (needed for React JS development).
- npm 9+ or Yarn (needed for managing UI dependencies). See https://yarnpkg.com/getting-started for installation instructions.
- FalconPy SDK (for CrowdStrike API integration). Install with pip install crowdstrike-falconpy
Clone this repository to your local system:
git clone https://github.com/CrowdStrike/foundry-sample-url-filtering
cd foundry-sample-url-filteringAfter cloning the repository, follow these steps to deploy the application:
-
Login to Foundry CLI
foundry login
This will prompt you to enter your CrowdStrike API credentials.
-
Deploy the application
foundry apps deploy
This command packages and deploys your application to Foundry.
-
Install the application
- Navigate to the Falcon console
- Go to Foundry > App Library
- Find the Category Blocking app
- Click Install
-
Accept permissions
- Review the requested permissions
- Click Accept to grant the necessary permissions
- The application requires access to firewall management, host groups, and devices
-
Access the application
- Once installed, the application will be available in the Falcon console
- Navigate to the app from the main menu
This app requires the following API scopes:
- firewall-management:read
- firewall-management:write
- host-group:read
- host-group:write
- devices:read
- devices:write
This application demonstrates advanced usage of Functions, Collections and UI Experience in Falcon Foundry, implementing several key capabilities for URL filtering and firewall management:
-
Python functions with multiple handlers:
- urlblock: Fetches host groups information
- categories: Retrieves categories from collections
- create-rule: Creates firewall management blocking rules
- domain-analytics: Generates domain analytics information
- import-csv: Transforms category domain CSV into collections
- list-categories: Lists available categories
- search-categories: Searches for specific categories
- manage-categories: Creates or updates categories
- manage-relationship: Creates relationships between categories, rule groups, and hosts
- get-relationship: Retrieves relationship information
- update-rules: Updates existing rules with new URLs
-
Collections for data storage:
- domain: Stores URLs and category mappings
- relationship: Stores relationship information about host groups, rule groups, and categories
-
UI Pages with React components:
- Home: Main interface for creating firewall rules
- FirewallRules: Management of domain categories
- DomainAnalytics: Visualization of domain data
- Relationship: Visualization of relationships between categories, rule groups, and host groups
- collections: Schemas for domain and relationship collections
- ui/pages/urlblocking: React-based frontend application
- functions/urlblock: Python backend handlers
- Navigate to the FirewallRules page
- Click "Import Categories" to import from a CSV file, or manually add categories
- View and manage your categories from this interface
- Navigate to the Home page
- Enter a policy name and select a host group
- Select the categories you want to block
- Click "Preview URLs" to see what will be blocked
- Click "Create blocking rule" to deploy the rule
- Navigate to the DomainAnalytics page
- View charts and statistics about blocked domains
- Analyze patterns and effectiveness of your blocking rules
- Navigate to the Relationship page
- Explore the connections between categories, rule groups, and host groups
- Understand how your blocking rules are structured
