PSFalcon
2.0.7
PowerShell for CrowdStrike's OAuth2 APIs
Minimum PowerShell version
5.1
Installation Options
Owners
Copyright
(c) CrowdStrike. All rights reserved.
Package Details
Author(s)
- Brendan Kremian
Tags
CrowdStrike Falcon OAuth2 REST API Windows Linux MacOS
Functions
Confirm-DiscoverAwsAccess Edit-DiscoverAwsAccount Get-DiscoverAwsAccount Get-DiscoverAwsSettings New-DiscoverAwsAccount Remove-DiscoverAwsAccount Update-DiscoverAwsSettings Get-DiscoverAzureAccount Get-DiscoverAzureScript New-DiscoverAzureAccount Update-DiscoverAzureAccount Get-HorizonAwsAccount Get-HorizonAwsLink New-HorizonAwsAccount Receive-HorizonAwsScript Remove-HorizonAwsAccount Edit-HorizonAzureAccount Get-HorizonAzureAccount New-HorizonAzureAccount Receive-HorizonAzureScript Remove-HorizonAzureAccount Get-DiscoverGcpAccount New-DiscoverGcpAccount Receive-DiscoverGcpScript Export-Config Import-Config Edit-Detection Get-Detection Add-HostTag Edit-HostGroup Get-Host Get-HostGroup Get-HostGroupMember Invoke-HostAction Invoke-HostGroupAction New-HostGroup Remove-HostGroup Remove-HostTag Get-Report Get-Submission Get-SubmissionQuota New-Submission Receive-Artifact Remove-Report Edit-FirewallGroup Edit-FirewallSetting Get-FirewallEvent Get-FirewallField Get-FirewallGroup Get-FirewallPlatform Get-FirewallRule Get-FirewallSetting New-FirewallGroup Remove-FirewallGroup Get-Behavior Get-Incident Get-Score Invoke-IncidentAction Edit-IOC Get-IOC Get-IOCHost Get-IOCProcess Get-IOCTotal New-IOC Remove-IOC Edit-InstallToken Get-InstallToken Get-InstallTokenEvent Get-InstallTokenSettings New-InstallToken Remove-InstallToken Get-Actor Get-Indicator Get-Intel Get-Rule Receive-Intel Receive-Rule Edit-IOAGroup Edit-IOARule Get-IOAGroup Get-IOAPlatform Get-IOARule Get-IOASeverity Get-IOAType New-IOAGroup New-IOARule Remove-IOAGroup Remove-IOARule Test-IOARule Get-MalQuery Get-MalQueryQuota Get-MalQuerySample Group-MalQuerySample Invoke-MalQuery Receive-MalQuerySample Add-CIDGroupMember Add-GroupRole Add-UserGroupMember Edit-CIDGroup Edit-UserGroup Get-CIDGroup Get-CIDGroupMember Get-GroupRole Get-MemberCID Get-UserGroup Get-UserGroupMember New-CIDGroup New-UserGroup Remove-CIDGroup Remove-CIDGroupMember Remove-GroupRole Remove-UserGroup Remove-UserGroupMember Request-Token Revoke-Token Edit-DeviceControlPolicy Edit-FirewallPolicy Edit-IOAExclusion Edit-MLExclusion Edit-PreventionPolicy Edit-ResponsePolicy Edit-SensorUpdatePolicy Edit-SVExclusion Get-Build Get-DeviceControlPolicy Get-DeviceControlPolicyMember Get-FirewallPolicy Get-FirewallPolicyMember Get-IOAExclusion Get-MLExclusion Get-PreventionPolicy Get-PreventionPolicyMember Get-ResponsePolicy Get-ResponsePolicyMember Get-SensorUpdatePolicy Get-SensorUpdatePolicyMember Get-SVExclusion Get-UninstallToken Invoke-DeviceControlPolicyAction Invoke-FirewallPolicyAction Invoke-PreventionPolicyAction Invoke-ResponsePolicyAction Invoke-SensorUpdatePolicyAction New-DeviceControlPolicy New-FirewallPolicy New-MLExclusion New-PreventionPolicy New-ResponsePolicy New-SensorUpdatePolicy New-SVExclusion Remove-DeviceControlPolicy Remove-FirewallPolicy Remove-IOAExclusion Remove-MLExclusion Remove-PreventionPolicy Remove-ResponsePolicy Remove-SensorUpdatePolicy Remove-SVExclusion Set-DeviceControlPrecedence Set-FirewallPrecedence Set-PreventionPrecedence Set-ResponsePrecedence Set-SensorUpdatePrecedence Get-Process Confirm-AdminCommand Confirm-Command Confirm-GetFile Confirm-ResponderCommand Edit-Script Get-PutFile Get-Script Get-Session Invoke-AdminCommand Invoke-BatchGet Invoke-Command Invoke-ResponderCommand Receive-GetFile Remove-Command Remove-GetFile Remove-PutFile Remove-Script Remove-Session Send-PutFile Send-Script Start-Session Update-Session Get-Sample Receive-Sample Remove-Sample Send-Sample Get-QuickScan New-QuickScan Export-Report Find-Duplicate Get-Queue Invoke-Deploy Invoke-RTR Open-Stream Search-MalQueryHash Show-Map Show-Module Test-Token Get-CCID Get-Installer Get-Stream Receive-Installer Update-Stream Edit-HorizonPolicy Edit-HorizonSchedule Get-HorizonPolicy Get-HorizonSchedule Get-Remediation Get-Vulnerability Add-Role Get-Role Remove-Role Edit-User Get-User New-User Remove-User
PSEditions
Dependencies
This module has no dependencies.
Release Notes
v2.0.7:
General Changes
* Added additional 'tags' to module manifest to help with PowerShell Gallery organization.
* Added 'LicenseUri' to module manifest.
* Added code to close file access methods when uploading files using 'Send' commands. Previously, if an
upload failed and another attempt was made you would receive a notification that the file was
already being accessed.
* Added check during initial module load to enforce TLS 1.2 for connecting to CrowdStrike APIs.
* Moved [System.Net.Http] check for PowerShell 5.1 from Invoke-Endpoint to base module load.
* Updated base functions in an effort to improve error handling.
* Added URI validation check to Invoke-Endpoint to improve error handling.
Command and Parameter Changes
* Re-wrote 'Get-FalconQueue' in an effort to increase performance when dealing with large numbers of
results.
* Fixed typo in 'Get-FalconIOARule' that was corrupting parameters and '-Help' output of the command.
* Changed various 'verbose' outputs to 'debug' to reduce overall output when running with '-Verbose'. Some
of the fields were not useful in a 'more information' context, but were for 'debugging'.
* Updated the internal function 'Invoke-Loop' to automatically provide the '-Limit' parameter (at the
maximum available value) when '-All' is specified with a command and '-Limit' was not included.
* Added 'add-rule-group' and 'remove-rule-group' actions to 'Invoke-FalconPreventionPolicyAction' for
assigning and removing Custom IOA Rule Groups from Prevention policies.
* Removed 'Name' as a required parameter when using the 'Edit' policy commands as it should not be
mandatory.
* Updated 'Limit' for 'Get-FalconIOC' to 500 to match API.
* Fixed 'Invoke-FalconHostGroupAction' to enable adding/removing multiple hosts at one time.
* Added a 'pattern' value for 'Get-FalconUninstallToken' to make it clear that a device_id or the value
'MAINTENANCE' can be supplied to retrieve an individual uninstall token or the more widely accepted
maintenance token.
* Added 'Array' parameter (used by 'Import-FalconConfig') to enable creation and modification of multiple
items using a single request to the following commands:
Edit-FalconDeviceControlPolicy
Edit-FalconFirewallPolicy
Edit-FalconHostGroup
Edit-FalconPreventionPolicy
Edit-FalconResponsePolicy
Edit-FalconSensorUpdatePolicy
New-FalconDeviceControlPolicy
New-FalconFirewallPolicy
New-FalconHostGroup
New-FalconPreventionPolicy
New-FalconResponsePolicy
New-FalconSensorUpdatePolicy
* Changed 'Settings' parameters for 'New-FalconDeviceControlPolicy', 'New-FalconResponsePolicy',
'New-FalconSensorUpdatePolicy' and their matching 'Edit' commands to take a hashtable instead of an
array to correct bug where policy creation/updates would fail.
New Commands
* Added 'Export-FalconConfig' and 'Import-FalconConfig' commands to export and import exclusions, policies
and groups using an archive of Json files.
* Added MSSP/Falcon Flight Control commands for new API endpoints:
Add-FalconCIDGroupMember
Add-FalconGroupRole
Add-FalconUserGroupMember
Edit-FalconCIDGroup
Edit-FalconUserGroup
Get-FalconCID
Get-FalconCIDGroup
Get-FalconCIDGroupMember
Get-FalconGroupRole
Get-FalconUserGroup
Get-FalconUserGroupMember
New-FalconCIDGroup
New-FalconUserGroup
Remove-FalconCIDGroup
Remove-FalconCIDGroupMember
Remove-FalconGroupRole
Remove-FalconUserGroup
Remove-FalconUserGroupMember
GitHub Issues
* Issue #13: Creating/modifying multiple objects in one request handled with new 'Array' parameter
for commands used with 'Import-FalconConfig'.
* Issue #31: Added code to the 'Get-Body' function to .Normalize() text grabbed with 'Get-Content' and
prevent errors when the content is converted to Json for API submission.
* Issue #33: Changed default permission level for 'runscript' command to Admin when using
'Invoke-FalconRTR' to compensate for '-Raw' parameter not working with Active Responder permissions.
* Issue #34: Added 'Test-FalconToken' command to display token status and additional client information
including 'ClientId', 'Hostname' and 'MemberCid'. Also made various changes to improve general error
message production.
* Issue #36: Set 'Limit' maximum to 500 for 'Get-FalconIOAExclusion', 'Get-FalconMLExclusion', and
'Get-FalconSVExclusion'.
* Issue #43: Updated 'ids' and 'value' parameters to correct bugs related to 'Invoke-FalconIncidentAction'.
FileList
- PSFalcon.nuspec
- LICENSE
- PSFalcon.psd1
- PSFalcon.psm1
- README.md
- Class\Class.ps1
- Data\ItemTypes.psd1
- Data\Parameters.psd1
- Data\Patterns.psd1
- Data\Schema.psd1
- Data\Endpoints\cloud-connect-aws.psd1
- Data\Endpoints\cloud-connect-azure.psd1
- Data\Endpoints\cloud-connect-cspm-aws.psd1
- Data\Endpoints\cloud-connect-cspm-azure.psd1
- Data\Endpoints\cloud-connect-gcp.psd1
- Data\Endpoints\config.psd1
- Data\Endpoints\detects.psd1
- Data\Endpoints\devices.psd1
- Data\Endpoints\falconx.psd1
- Data\Endpoints\fwmgr.psd1
- Data\Endpoints\incidents.psd1
- Data\Endpoints\indicators.psd1
- Data\Endpoints\installation-tokens.psd1
- Data\Endpoints\intel.psd1
- Data\Endpoints\ioarules.psd1
- Data\Endpoints\malquery.psd1
- Data\Endpoints\mssp.psd1
- Data\Endpoints\oauth2.psd1
- Data\Endpoints\policy.psd1
- Data\Endpoints\processes.psd1
- Data\Endpoints\real-time-response.psd1
- Data\Endpoints\samples.psd1
- Data\Endpoints\scanner.psd1
- Data\Endpoints\scripts.psd1
- Data\Endpoints\sensors.psd1
- Data\Endpoints\settings.psd1
- Data\Endpoints\spotlight.psd1
- Data\Endpoints\user-roles.psd1
- Data\Endpoints\users.psd1
- Private\Private.ps1
- Public\cloud-connect-aws.ps1
- Public\cloud-connect-azure.ps1
- Public\cloud-connect-cspm-aws.ps1
- Public\cloud-connect-cspm-azure.ps1
- Public\cloud-connect-gcp.ps1
- Public\config.ps1
- Public\detects.ps1
- Public\devices.ps1
- Public\falconx.ps1
- Public\fwmgr.ps1
- Public\incidents.ps1
- Public\indicators.ps1
- Public\installation-tokens.ps1
- Public\intel.ps1
- Public\ioarules.ps1
- Public\malquery.ps1
- Public\mssp.ps1
- Public\oauth2.ps1
- Public\policy.ps1
- Public\processes.ps1
- Public\real-time-response.ps1
- Public\samples.ps1
- Public\scanner.ps1
- Public\scripts.ps1
- Public\sensors.ps1
- Public\settings.ps1
- Public\spotlight.ps1
- Public\user-roles.ps1
- Public\users.ps1