Data/Endpoints/scripts.psd1

@{
    script = @{
        CreateGroupArray = @{
            description = "Create multiple groups in a single request"
            parameters = @{
                array = @{
                    type = "array"
                    description = "An array of groups to create"
                    required = $true
                }
            }
        }
        EditGroupArray = @{
            description = "Modify multiple groups in a single request"
            parameters = @{
                array = @{
                    type = "array"
                    description = "An array of groups to modify"
                    required = $true
                }
            }
        }
        CreatePolicyArray = @{
            description = "Create multiple policies in a single request"
            parameters = @{
                array = @{
                    type = "array"
                    description = "An array of policies to create"
                    required = $true
                }
            }
        }
        EditPolicyArray = @{
            description = "Modify multiple policies in a single request"
            parameters = @{
                array = @{
                    type = "array"
                    description = "An array of policies to modify"
                    required = $true
                }
            }
        }
        ExportReport = @{
            description = "Format a response object and output to CSV"
            parameters = @{
                path = @{
                    type = "string"
                    description = "Output path and file name"
                    position = 1
                    required = $true
                    pattern = "\.csv$"
                }
                object = @{
                    type = "object"
                    description = "A result object to format (can be passed via pipeline)"
                    position = 2
                    required = $true
                    pipeline = $true
                }
            }
        }
        FindDuplicate = @{
            description = "Lists potential duplicates from detailed 'Host' results"
            parameters = @{
                hosts = @{
                    type = "array"
                    description = "Array of detailed 'Host' results"
                    position = 1
                    required = $true
                }
            }
        }
        GetQueue = @{
            description = "Create a report of with status of queued Real-time Response sessions"
            security = "real-time-response:read, real-time-response:write, real-time-response-admin:write"
            parameters = @{
                days = @{
                    type = "int"
                    description = "Number of days worth of results to retrieve [default: 7]"
                    position = 1
                }
            }
        }
        InvokeDeploy = @{
            description = "Deploy and run an executable using Real-time Response"
            security = "real-time-response:read, real-time-response-admin:write"
            parameters = @{
                host_ids = @{
                    position = 1
                }
                path = @{
                    type = "string"
                    required = $true
                    description = "Path to local file"
                    position = 2
                }
                arguments = @{
                    description = "Arguments to include when running the executable"
                    position = 3
                }
                timeout = @{
                    position = 4
                }
                queue_offline = @{}
            }
        }
        InvokeRTR = @{
            security = "real-time-response:read, real-time-response:write"
            description = "Start a session execute a Real-time Response command and output results"
            parameters = @{
                base_command = @{
                    enum = @("cat","cd","clear","cp","csrutil","encrypt","env","eventlog","filehash","get",
                        "getsid","history","ifconfig","ipconfig","kill","ls","map","memdump","mkdir","mount",
                        "mv","netstat","ps","put","reg query","reg set","reg delete","reg load","reg unload",
                        "restart","rm","run","runscript","shutdown","umount","update list","update history",
                        "update install","update query","unmap","users","xmemdump","zip")
                }
                arguments = @{}
                host_ids = @{
                    position = 3
                }
                timeout = @{
                    position = 4
                }
                queue_offline = @{}
            }
        }
        MalQueryHash = @{
            description = "Perform a simple MalQuery YARA search for a specific hash"
            security = "malquery:write"
            parameters = @{
                sha256 = @{
                    description = "SHA256 hash value"
                    type = "string"
                    pattern = "\w{64}"
                    required = $true
                    position = 1
                }
            }
        }
        OpenStream = @{
            description = "Export recent Event Stream data to a Json file in your current directory"
            security = "streaming:read"
        }
        ShowMap = @{
            path = "/intelligence/graph?indicators="
            method = "post"
            description = "Use your default browser to show indicators on the Indicator Map"
            parameters = @{
                indicators = @{
                    description = "Indicators to graph"
                    type = "array"
                    in = "query"
                    required = $true
                    pattern = "(sha256|md5|domain|ipv4|ipv6):.*"
                }
            }
        }
        ShowModule = @{
            description = "Output PSFalcon diagnostic information"
        }
        SubmissionQuota = @{
            path = "/falconx/queries/submissions/v1"
            method = "get"
            description = "Display your Falcon X submission quota information"
        }
        TestToken = @{
            description = "Display OAuth2 client and access token information"
        }
    }
}