Public/incidents.ps1
|
function Get-Behavior { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding(DefaultParameterSetName = '/incidents/queries/behaviors/v1:get')] [OutputType()] param() DynamicParam { $Endpoints = @('/incidents/queries/behaviors/v1:get', '/incidents/entities/behaviors/GET/v1:post') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Entity = $Endpoints[1] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { 'All' { $Param['All'] = $true } 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } } } function Get-Incident { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding(DefaultParameterSetName = '/incidents/queries/incidents/v1:get')] [OutputType()] param() DynamicParam { $Endpoints = @('/incidents/queries/incidents/v1:get', '/incidents/entities/incidents/GET/v1:post') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Entity = $Endpoints[1] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { 'All' { $Param['All'] = $true } 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } } } function Get-Score { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/incidents/combined/crowdscores/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { 'All' { $Param['All'] = $true } } Invoke-Request @Param } } } function Invoke-IncidentAction { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/incidents/entities/incident-actions/v1:post') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { if ($Dynamic.'Name'.value -eq 'update_status') { if ($Dynamic.'Value'.value -match '(closed|in_progress|new|reopened)') { $Dynamic.'Value'.value = switch ($Dynamic.'Value'.value) { 'new' { '20' } 'reopened' { '25' } 'in_progress' { '30' } 'closed' { '40' } } } else { throw "Valid values for 'update_status': 'closed', 'in_progress', 'new', 'reopened'." } } Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } |