Public/indicators.ps1
|
function Edit-IOC { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/indicators/entities/iocs/v1:patch') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } function Get-IOC { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding(DefaultParameterSetName = '/indicators/queries/iocs/v1:get')] [OutputType()] param() DynamicParam { $Endpoints = @('/indicators/queries/iocs/v1:get', '/indicators/entities/iocs/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Entity = $Endpoints[1] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { 'All' { $Param['All'] = $true } 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } } } function Get-IOCHost { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/indicators/queries/devices/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { 'All' { $Param['All'] = $true } } Invoke-Request @Param } } } function Get-IOCProcess { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/indicators/queries/processes/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { 'All' { $Param['All'] = $true } } $Request = Invoke-Request @Param if ($Request -and $PSBoundParameters.Detailed) { & 'Get-FalconProcess' -Ids $Request } else { $Request } } } } function Get-IOCTotal { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/indicators/aggregates/devices-count/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } function New-IOC { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/indicators/entities/iocs/v1:post') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param.Body = @( $Param.Body ) Format-Body -Param $Param Invoke-Endpoint @Param } } } function Remove-IOC { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/indicators/entities/iocs/v1:delete') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } |