Public/real-time-response.ps1
function Confirm-AdminCommand { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/admin-command/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } begin { if (-not($Dynamic.SequenceId.Value)) { $Dynamic.SequenceId.Value = 0 } } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Dynamic = $Dynamic } if ($PSBoundParameters.All) { $Param['All'] = $true } Invoke-Request @Param } } } function Confirm-Command { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/command/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } begin { if (-not($Dynamic.SequenceId.Value)) { $Dynamic.SequenceId.Value = 0 } } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Dynamic = $Dynamic } if ($PSBoundParameters.All) { $Param['All'] = $true } Invoke-Request @Param } } } function Confirm-GetFile { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/file/v1:get')] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/file/v1:get', '/real-time-response/combined/batch-get-command/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $PSCmdlet.ParameterSetName Dynamic = $Dynamic } if ($PSBoundParameters.All) { $Param['All'] = $true } Invoke-Request @Param } } } function Confirm-ResponderCommand { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/active-responder-command/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } begin { if (-not($Dynamic.SequenceId.Value)) { $Dynamic.SequenceId.Value = 0 } } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Dynamic = $Dynamic } if ($PSBoundParameters.All) { $Param['All'] = $true } Invoke-Request @Param } } } function Edit-Script { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/scripts/v1:patch') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } elseif ($Dynamic.Path.Value -and -not(Test-Path $Dynamic.Path.Value)) { throw "Cannot find path '$($Dynamic.Path.Value)' because it does not exist." } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } function Get-PutFile { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding(DefaultParameterSetName = '/real-time-response/queries/put-files/v1:get')] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/queries/put-files/v1:get', '/real-time-response/entities/put-files/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Entity = $Endpoints[1] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { 'All' { $Param['All'] = $true } 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } } } function Get-Script { <# .SYNOPSIS Search for scripts that are available to use with the Real-time Response 'runscript' command .DESCRIPTION Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding(DefaultParameterSetName = '/real-time-response/queries/scripts/v1:get')] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/queries/scripts/v1:get', '/real-time-response/entities/scripts/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { # Evaluate input and make request $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Entity = $Endpoints[1] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { 'All' { $Param['All'] = $true } 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } } } function Get-Session { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding(DefaultParameterSetName = '/real-time-response/queries/sessions/v1:get')] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/queries/sessions/v1:get', '/real-time-response/entities/sessions/GET/v1:post', '/real-time-response/entities/queued-sessions/GET/v1:post') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Entity = $Endpoints[1] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { 'Queue' { $Param.Entity = $Endpoints[2] $Param['Modifier'] = 'Queue' } 'Detailed' { $Param['Detailed'] = $true } 'All' { $Param['All'] = $true } } Invoke-Request @Param } } } function Invoke-AdminCommand { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/admin-command/v1:post')] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/admin-command/v1:post', '/real-time-response/combined/batch-admin-command/v1:post') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { if ($Dynamic.Arguments.value) { $Dynamic.Arguments.value = $Dynamic.Command.value, $Dynamic.Arguments.value -join ' ' } else { $Dynamic.Arguments.value = $Dynamic.Command.value } Invoke-Request -Query $PSCmdlet.ParameterSetName -Dynamic $Dynamic } } } function Invoke-BatchGet { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/combined/batch-get-command/v1:post') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } function Invoke-Command { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/command/v1:post')] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/command/v1:post', '/real-time-response/combined/batch-command/v1:post') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { if ($Dynamic.Arguments.value) { $Dynamic.Arguments.value = $Dynamic.Command.value, $Dynamic.Arguments.value -join ' ' } else { $Dynamic.Arguments.value = $Dynamic.Command.value } Invoke-Request -Query $PSCmdlet.ParameterSetName -Dynamic $Dynamic } } } function Invoke-ResponderCommand { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/active-responder-command/v1:post')] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/active-responder-command/v1:post', '/real-time-response/combined/batch-active-responder-command/v1:post') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { if ($Dynamic.Arguments.value) { $Dynamic.Arguments.value = $Dynamic.Command.value, $Dynamic.Arguments.value -join ' ' } else { $Dynamic.Arguments.value = $Dynamic.Command.value } Invoke-Request -Query $PSCmdlet.ParameterSetName -Dynamic $Dynamic } } } function Receive-GetFile { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/extracted-file-contents/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } function Remove-Command { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/queued-sessions/command/v1:delete') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } function Remove-GetFile { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/file/v1:delete') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } function Remove-PutFile { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/put-files/v1:delete') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } function Remove-Script { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/scripts/v1:delete') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } function Remove-Session { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/sessions/v1:delete') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } function Send-PutFile { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/put-files/v1:post') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } begin { $Dynamic.Path.Value = $Falcon.GetAbsolutePath($Dynamic.Path.Value) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } elseif (-not(Test-Path $Dynamic.Path.Value)) { throw "Cannot find path '$($Dynamic.Path.Value)' because it does not exist." } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } function Send-Script { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding()] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/scripts/v1:post') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } begin { $Dynamic.Path.Value = $Falcon.GetAbsolutePath($Dynamic.Path.Value) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } elseif (-not(Test-Path $Dynamic.Path.Value)) { throw "Cannot find path '$($Dynamic.Path.Value)' because it does not exist." } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } function Start-Session { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/sessions/v1:post')] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/sessions/v1:post', '/real-time-response/combined/batch-init-session/v1:post') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { Invoke-Request -Query $PSCmdlet.ParameterSetName -Dynamic $Dynamic } } } function Update-Session { <# .SYNOPSIS Additional information is available with the -Help parameter .LINK https://github.com/crowdstrike/psfalcon #> [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/refresh-session/v1:post')] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/refresh-session/v1:post', '/real-time-response/combined/batch-refresh-session/v1:post') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name } else { Invoke-Request -Query $PSCmdlet.ParameterSetName -Dynamic $Dynamic } } } |