PSFalcon

2.0.8

PowerShell for CrowdStrike's OAuth2 APIs

Minimum PowerShell version

5.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name PSFalcon

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

Brendan Kremian

Copyright

(c) CrowdStrike. All rights reserved.

Owners

Tags

CrowdStrike Falcon OAuth2 REST API Windows Linux MacOS

Functions

Confirm-DiscoverAwsAccess Edit-DiscoverAwsAccount Get-DiscoverAwsAccount Get-DiscoverAwsSettings New-DiscoverAwsAccount Remove-DiscoverAwsAccount Update-DiscoverAwsSettings Get-DiscoverAzureAccount Get-DiscoverAzureScript New-DiscoverAzureAccount Update-DiscoverAzureAccount Get-HorizonAwsAccount Get-HorizonAwsLink New-HorizonAwsAccount Receive-HorizonAwsScript Remove-HorizonAwsAccount Edit-HorizonAzureAccount Get-HorizonAzureAccount New-HorizonAzureAccount Receive-HorizonAzureScript Remove-HorizonAzureAccount Get-DiscoverGcpAccount New-DiscoverGcpAccount Receive-DiscoverGcpScript Export-Config Import-Config Edit-Detection Get-Detection Add-HostTag Edit-HostGroup Get-Host Get-HostGroup Get-HostGroupMember Invoke-HostAction Invoke-HostGroupAction New-HostGroup Remove-HostGroup Remove-HostTag Get-CompleteAllowlist Get-CompleteBlocklist Get-CompleteCollection Get-CompleteDetection Get-CompleteEscalation Get-CompleteIncident Get-CompleteRemediation Get-Report Get-Submission Get-SubmissionQuota New-Submission Receive-Artifact Remove-Report Edit-FirewallGroup Edit-FirewallSetting Get-FirewallEvent Get-FirewallField Get-FirewallGroup Get-FirewallPlatform Get-FirewallRule Get-FirewallSetting New-FirewallGroup Remove-FirewallGroup Get-Behavior Get-Incident Get-Score Invoke-IncidentAction Edit-InstallToken Get-InstallToken Get-InstallTokenEvent Get-InstallTokenSettings New-InstallToken Remove-InstallToken Get-Actor Get-Indicator Get-Intel Get-Rule Receive-Intel Receive-Rule Edit-IOAGroup Edit-IOARule Get-IOAGroup Get-IOAPlatform Get-IOARule Get-IOASeverity Get-IOAType New-IOAGroup New-IOARule Remove-IOAGroup Remove-IOARule Test-IOARule Edit-IOC Get-IOC New-IOC Remove-IOC Get-MalQuery Get-MalQueryQuota Get-MalQuerySample Group-MalQuerySample Invoke-MalQuery Receive-MalQuerySample Add-CIDGroupMember Add-GroupRole Add-UserGroupMember Edit-CIDGroup Edit-UserGroup Get-CIDGroup Get-CIDGroupMember Get-GroupRole Get-MemberCID Get-UserGroup Get-UserGroupMember New-CIDGroup New-UserGroup Remove-CIDGroup Remove-CIDGroupMember Remove-GroupRole Remove-UserGroup Remove-UserGroupMember Request-Token Revoke-Token Get-OverWatchEvent Get-OverWatchDetection Get-OverWatchIncident Edit-DeviceControlPolicy Edit-FirewallPolicy Edit-IOAExclusion Edit-MLExclusion Edit-PreventionPolicy Edit-ResponsePolicy Edit-SensorUpdatePolicy Edit-SVExclusion Get-Build Get-DeviceControlPolicy Get-DeviceControlPolicyMember Get-FirewallPolicy Get-FirewallPolicyMember Get-IOAExclusion Get-MLExclusion Get-PreventionPolicy Get-PreventionPolicyMember Get-ResponsePolicy Get-ResponsePolicyMember Get-SensorUpdatePolicy Get-SensorUpdatePolicyMember Get-SVExclusion Get-UninstallToken Invoke-DeviceControlPolicyAction Invoke-FirewallPolicyAction Invoke-PreventionPolicyAction Invoke-ResponsePolicyAction Invoke-SensorUpdatePolicyAction New-DeviceControlPolicy New-FirewallPolicy New-MLExclusion New-PreventionPolicy New-ResponsePolicy New-SensorUpdatePolicy New-SVExclusion Remove-DeviceControlPolicy Remove-FirewallPolicy Remove-IOAExclusion Remove-MLExclusion Remove-PreventionPolicy Remove-ResponsePolicy Remove-SensorUpdatePolicy Remove-SVExclusion Set-DeviceControlPrecedence Set-FirewallPrecedence Set-PreventionPrecedence Set-ResponsePrecedence Set-SensorUpdatePrecedence Get-Process Confirm-AdminCommand Confirm-Command Confirm-GetFile Confirm-ResponderCommand Edit-Script Get-PutFile Get-Script Get-Session Invoke-AdminCommand Invoke-BatchGet Invoke-Command Invoke-ResponderCommand Receive-GetFile Remove-Command Remove-GetFile Remove-PutFile Remove-Script Remove-Session Send-PutFile Send-Script Start-Session Update-Session Edit-ReconAction Edit-ReconRule Get-ReconAction Get-ReconNotification Get-ReconRule New-ReconAction New-ReconRule Remove-ReconAction Remove-ReconRule Get-Sample Receive-Sample Remove-Sample Send-Sample Get-QuickScan Get-QuickScanQuota New-QuickScan Export-Report Find-Duplicate Get-Queue Invoke-Deploy Invoke-RTR Open-Stream Search-MalQueryHash Show-Map Show-Module Test-Token Get-CCID Get-Installer Get-Stream Receive-Installer Update-Stream Edit-HorizonPolicy Edit-HorizonSchedule Get-HorizonPolicy Get-HorizonSchedule Get-Remediation Get-Vulnerability Add-Role Get-Role Remove-Role Edit-User Get-User New-User Remove-User Get-ZTA

PSEditions

Desktop Core

Dependencies

This module has no dependencies.

Release Notes

v2.0.8

       New Commands
       * Added 'Get-FalconQuickScanQuota' to display QuickScan quota information
       * Added commands for global 'overwatch-dashboards' APIs:
           'Get-FalconOverWatchEvent'
           'Get-FalconOverWatchDetection'
           'Get-FalconOverWatchIncident'
       * Added commands for 'falcon-complete-dashboards' APIs:
           'Get-FalconCompleteAllowlist'
           'Get-FalconCompleteBlocklist'
           'Get-FalconCompleteCollection'
           'Get-FalconCompleteDetection'
           'Get-FalconCompleteEscalation'
           'Get-FalconCompleteIncident'
           'Get-FalconCompleteRemediation'
       * Added commands for 'recon' APIs:
           'Edit-FalconReconAction'
           'Edit-FalconReconRule'
           'Get-FalconReconAction'
           'Get-FalconReconNotification'
           'Get-FalconReconRule'
           'New-FalconReconAction'
           'New-FalconReconRule'
           'Remove-FalconReconAction'
           'Remove-FalconReconRule'
       * Added command for 'zero-trust-assessment' API:
           'Get-FalconZTA'

       New Parameters
       * Added 'Total' switch to each command that has 'offset' or 'after' values to provide the total result
         count rather than the actual results

       Changed Commands
       * Updated custom indicator commands to match new 'iocs' APIs
           'Edit-FalconIOC'
           'Get-FalconIOC'
           'New-FalconIOC'
           'Remove-FalconIOC'
       * Updated 'Invoke-FalconRTR' to fix various issues that would cause 'get' requests to fail with more
         than one host
       * Modified 'Confirm-FalconGetFile' to reduce the complexity of the output when checking the status
         of a batch 'get' request -- the command now returns each result with the 'aid' value appended to it
         rather than being sorted by 'aid' (which required additional object manipulation to access relevant
         properties)
       * Added a check before 'Receive' commands that will abort the command and output an error if the file
         already exists
       * Added custom indicators to 'Export-FalconConfig' and 'Import-FalconConfig'

       Removed Commands
       * Removed custom indicator commands that no longer have supported APIs
           'Get-IOCHost',
           'Get-IOCProcess'
           'Get-IOCTotal'

       Parameter Changes
       * Removed '.zip' pattern from 'Receive-FalconMalQuerySample' as single file downloads were not zipped

       GitHub Issues
       * Issue #45: Updated 'Edit-FalconScript' to correctly convert relative to absolute file path
       

Version History

Version Downloads Last updated
2.0.8 (current version) 37 5/17/2021
2.0.7 1,753 4/16/2021
2.0.6 2,977 3/1/2021
1.4.2 3,760 11/3/2020