en-US/PSCrowdstrike-help.xml
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-CSDeviceDetails</command:name> <command:verb>Get</command:verb> <command:noun>CSDeviceDetails</command:noun> <maml:description> <maml:para>Function to retrieve host info from Crowdstrike via /devices/queries/devices/v1 and /devices/entities/devices/v1 endpoint.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This function provides a way to retrieve using common parameters required by PSCrowdstrike.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-CSDeviceDetails</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>HostName</maml:name> <maml:Description> <maml:para>The hostname you would like to query.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>HostName</maml:name> <maml:Description> <maml:para>The hostname you would like to query.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>None</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Get-CSDeviceDetails -Computername "DC1"</dev:code> <dev:remarks> <maml:para>Retrieves host information (OS, OU, Domain, etc) for DC1 from Crowdstrike API.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-CSDomainMachines</command:name> <command:verb>Get</command:verb> <command:noun>CSDomainMachines</command:noun> <maml:description> <maml:para>Function to retrieve host info from Crowdstrike via /devices/queries/devices/v1 and /devices/entities/devices/v1 endpoint.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This function provides a way to retrieve using common parameters required by PSCrowdstrike.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-CSDomainMachines</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Domain</maml:name> <maml:Description> <maml:para>The hostname you would like to query.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>Type</maml:name> <maml:Description> <maml:para>The computer type you would like to query, Server or Workstation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Domain</maml:name> <maml:Description> <maml:para>The hostname you would like to query.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>Type</maml:name> <maml:Description> <maml:para>The computer type you would like to query, Server or Workstation.</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>None</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Get-CSDomainMachines -Domain "domain.local"</dev:code> <dev:remarks> <maml:para>Retrieves all AgentID's in Crowdstrike for Servers in domain.local</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-CSRTRCommandStatus</command:name> <command:verb>Get</command:verb> <command:noun>CSRTRCommandStatus</command:noun> <maml:description> <maml:para>Function to retrieve status of CrowdStrike Real Time Response Commands (RTR) via /real-time-response/entities/admin-command/v1 endpoint.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This function provides a way to retrieve Real Time Response Commands from Crowdstrike.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-CSRTRCommandStatus</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>RequestID</maml:name> <maml:Description> <maml:para>The cloud_request_id of the previously executed command</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>RequestID</maml:name> <maml:Description> <maml:para>The cloud_request_id of the previously executed command</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>Use this function to retrieve RTR status information from Crowdstrike.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Get-CSRTRCommandStatus -RequestID</dev:code> <dev:remarks> <maml:para>Retrieves status of RTR Command for the supplied cloud_request_id.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-CSToken</command:name> <command:verb>Get</command:verb> <command:noun>CSToken</command:noun> <maml:description> <maml:para>Get token from Crowdstrike.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This function obtains and stores the token using PSFramework.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-CSToken</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>ClientID</maml:name> <maml:Description> <maml:para>ClientID from Crowdstrike</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>ClientSecret</maml:name> <maml:Description> <maml:para>Secret from Crowdstrike</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>ClientID</maml:name> <maml:Description> <maml:para>ClientID from Crowdstrike</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>ClientSecret</maml:name> <maml:Description> <maml:para>Secret from Crowdstrike</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>This function retreives the token from Crowdstrike and stores the token in PSFramework for later use, along with the ClientID and ClientSecret.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Get-CSToken -ClientID "12345" -ClientSecret "54321"</dev:code> <dev:remarks> <maml:para>This retreives a token using ClientID 12345 and ClientSecret 54321</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Start-CSRTRCommand</command:name> <command:verb>Start</command:verb> <command:noun>CSRTRCommand</command:noun> <maml:description> <maml:para>Function to execute a CrowdStrike Real Time Response Command via the "/real-time-response/entities/admin-command/v1 endpoint.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This function provides a way execute a Real Time Response commands using Crowdstrike.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Start-CSRTRCommand</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>RTRCommand</maml:name> <maml:Description> <maml:para>The base command you wish to run such as cd,mkdir, runscript, etc</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>RTRCommandString</maml:name> <maml:Description> <maml:para>The command string/argumnets for the command</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none"> <maml:name>RTRSessionID</maml:name> <maml:Description> <maml:para>The Real Time Response session ID</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>RTRCommand</maml:name> <maml:Description> <maml:para>The base command you wish to run such as cd,mkdir, runscript, etc</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="2" aliases="none"> <maml:name>RTRCommandString</maml:name> <maml:Description> <maml:para>The command string/argumnets for the command</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="3" aliases="none"> <maml:name>RTRSessionID</maml:name> <maml:Description> <maml:para>The Real Time Response session ID</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Response for RTR Commands containing the session_id and cloud_request_id</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>Use this function to start execute RTR Commands with Crowdstrike.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Start-CSRTRCommand -RTRCommand mkdir -RTRCommandString 'mkdir C:\RTR' -RTRSessionID 7cdecb55-ab26-5526-a1ac-dd29ad71b7c0</dev:code> <dev:remarks> <maml:para>Executes the Real Time Response Command and Command String specified using the RTRCommand and RTRCommandString parameters inside session indicated in the RTRSessionID. Must have previously established a session with the host using the Start-CSRTRSession function</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Start-CSRTRSession</command:name> <command:verb>Start</command:verb> <command:noun>CSRTRSession</command:noun> <maml:description> <maml:para>Function to start a CrowdStrike Real Time Response Session via the "/real-time-response/entities/sessions/v1 and /devices/queries/devices-scroll/v1 endpoints.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This function provides a way start a Real Time Response session using Crowdstrike.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Start-CSRTRSession</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>HostName</maml:name> <maml:Description> <maml:para>The HostName you wish you to establish a session with</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>HostName</maml:name> <maml:Description> <maml:para>The HostName you wish you to establish a session with</maml:para> </maml:Description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Response containing the Session ID used for further interactions</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>Use this function to start a RTR session with Crowdstrike.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Start-CSRTRSession -HostName "Desktop-XYZ"</dev:code> <dev:remarks> <maml:para>Starts a Real Time Response Session with the supplied HostName.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> </helpItems> |