PSFalcon
2.0.8
PowerShell for CrowdStrike's OAuth2 APIs
Minimum PowerShell version
5.1
Installation Options
Owners
Copyright
(c) CrowdStrike. All rights reserved.
Package Details
Author(s)
- Brendan Kremian
Tags
CrowdStrike Falcon OAuth2 REST API Windows Linux MacOS
Functions
Confirm-DiscoverAwsAccess Edit-DiscoverAwsAccount Get-DiscoverAwsAccount Get-DiscoverAwsSettings New-DiscoverAwsAccount Remove-DiscoverAwsAccount Update-DiscoverAwsSettings Get-DiscoverAzureAccount Get-DiscoverAzureScript New-DiscoverAzureAccount Update-DiscoverAzureAccount Get-HorizonAwsAccount Get-HorizonAwsLink New-HorizonAwsAccount Receive-HorizonAwsScript Remove-HorizonAwsAccount Edit-HorizonAzureAccount Get-HorizonAzureAccount New-HorizonAzureAccount Receive-HorizonAzureScript Remove-HorizonAzureAccount Get-DiscoverGcpAccount New-DiscoverGcpAccount Receive-DiscoverGcpScript Export-Config Import-Config Edit-Detection Get-Detection Add-HostTag Edit-HostGroup Get-Host Get-HostGroup Get-HostGroupMember Invoke-HostAction Invoke-HostGroupAction New-HostGroup Remove-HostGroup Remove-HostTag Get-CompleteAllowlist Get-CompleteBlocklist Get-CompleteCollection Get-CompleteDetection Get-CompleteEscalation Get-CompleteIncident Get-CompleteRemediation Get-Report Get-Submission Get-SubmissionQuota New-Submission Receive-Artifact Remove-Report Edit-FirewallGroup Edit-FirewallSetting Get-FirewallEvent Get-FirewallField Get-FirewallGroup Get-FirewallPlatform Get-FirewallRule Get-FirewallSetting New-FirewallGroup Remove-FirewallGroup Get-Behavior Get-Incident Get-Score Invoke-IncidentAction Edit-InstallToken Get-InstallToken Get-InstallTokenEvent Get-InstallTokenSettings New-InstallToken Remove-InstallToken Get-Actor Get-Indicator Get-Intel Get-Rule Receive-Intel Receive-Rule Edit-IOAGroup Edit-IOARule Get-IOAGroup Get-IOAPlatform Get-IOARule Get-IOASeverity Get-IOAType New-IOAGroup New-IOARule Remove-IOAGroup Remove-IOARule Test-IOARule Edit-IOC Get-IOC New-IOC Remove-IOC Get-MalQuery Get-MalQueryQuota Get-MalQuerySample Group-MalQuerySample Invoke-MalQuery Receive-MalQuerySample Add-CIDGroupMember Add-GroupRole Add-UserGroupMember Edit-CIDGroup Edit-UserGroup Get-CIDGroup Get-CIDGroupMember Get-GroupRole Get-MemberCID Get-UserGroup Get-UserGroupMember New-CIDGroup New-UserGroup Remove-CIDGroup Remove-CIDGroupMember Remove-GroupRole Remove-UserGroup Remove-UserGroupMember Request-Token Revoke-Token Get-OverWatchEvent Get-OverWatchDetection Get-OverWatchIncident Edit-DeviceControlPolicy Edit-FirewallPolicy Edit-IOAExclusion Edit-MLExclusion Edit-PreventionPolicy Edit-ResponsePolicy Edit-SensorUpdatePolicy Edit-SVExclusion Get-Build Get-DeviceControlPolicy Get-DeviceControlPolicyMember Get-FirewallPolicy Get-FirewallPolicyMember Get-IOAExclusion Get-MLExclusion Get-PreventionPolicy Get-PreventionPolicyMember Get-ResponsePolicy Get-ResponsePolicyMember Get-SensorUpdatePolicy Get-SensorUpdatePolicyMember Get-SVExclusion Get-UninstallToken Invoke-DeviceControlPolicyAction Invoke-FirewallPolicyAction Invoke-PreventionPolicyAction Invoke-ResponsePolicyAction Invoke-SensorUpdatePolicyAction New-DeviceControlPolicy New-FirewallPolicy New-MLExclusion New-PreventionPolicy New-ResponsePolicy New-SensorUpdatePolicy New-SVExclusion Remove-DeviceControlPolicy Remove-FirewallPolicy Remove-IOAExclusion Remove-MLExclusion Remove-PreventionPolicy Remove-ResponsePolicy Remove-SensorUpdatePolicy Remove-SVExclusion Set-DeviceControlPrecedence Set-FirewallPrecedence Set-PreventionPrecedence Set-ResponsePrecedence Set-SensorUpdatePrecedence Get-Process Confirm-AdminCommand Confirm-Command Confirm-GetFile Confirm-ResponderCommand Edit-Script Get-PutFile Get-Script Get-Session Invoke-AdminCommand Invoke-BatchGet Invoke-Command Invoke-ResponderCommand Receive-GetFile Remove-Command Remove-GetFile Remove-PutFile Remove-Script Remove-Session Send-PutFile Send-Script Start-Session Update-Session Edit-ReconAction Edit-ReconRule Get-ReconAction Get-ReconNotification Get-ReconRule New-ReconAction New-ReconRule Remove-ReconAction Remove-ReconRule Get-Sample Receive-Sample Remove-Sample Send-Sample Get-QuickScan Get-QuickScanQuota New-QuickScan Export-Report Find-Duplicate Get-Queue Invoke-Deploy Invoke-RTR Open-Stream Search-MalQueryHash Show-Map Show-Module Test-Token Get-CCID Get-Installer Get-Stream Receive-Installer Update-Stream Edit-HorizonPolicy Edit-HorizonSchedule Get-HorizonPolicy Get-HorizonSchedule Get-Remediation Get-Vulnerability Add-Role Get-Role Remove-Role Edit-User Get-User New-User Remove-User Get-ZTA
PSEditions
Dependencies
This module has no dependencies.
Release Notes
v2.0.8
New Commands
* Added 'Get-FalconQuickScanQuota' to display QuickScan quota information
* Added commands for global 'overwatch-dashboards' APIs:
'Get-FalconOverWatchEvent'
'Get-FalconOverWatchDetection'
'Get-FalconOverWatchIncident'
* Added commands for 'falcon-complete-dashboards' APIs:
'Get-FalconCompleteAllowlist'
'Get-FalconCompleteBlocklist'
'Get-FalconCompleteCollection'
'Get-FalconCompleteDetection'
'Get-FalconCompleteEscalation'
'Get-FalconCompleteIncident'
'Get-FalconCompleteRemediation'
* Added commands for 'recon' APIs:
'Edit-FalconReconAction'
'Edit-FalconReconRule'
'Get-FalconReconAction'
'Get-FalconReconNotification'
'Get-FalconReconRule'
'New-FalconReconAction'
'New-FalconReconRule'
'Remove-FalconReconAction'
'Remove-FalconReconRule'
* Added command for 'zero-trust-assessment' API:
'Get-FalconZTA'
New Parameters
* Added 'Total' switch to each command that has 'offset' or 'after' values to provide the total result
count rather than the actual results
Changed Commands
* Updated custom indicator commands to match new 'iocs' APIs
'Edit-FalconIOC'
'Get-FalconIOC'
'New-FalconIOC'
'Remove-FalconIOC'
* Updated 'Invoke-FalconRTR' to fix various issues that would cause 'get' requests to fail with more
than one host
* Modified 'Confirm-FalconGetFile' to reduce the complexity of the output when checking the status
of a batch 'get' request -- the command now returns each result with the 'aid' value appended to it
rather than being sorted by 'aid' (which required additional object manipulation to access relevant
properties)
* Added a check before 'Receive' commands that will abort the command and output an error if the file
already exists
* Added custom indicators to 'Export-FalconConfig' and 'Import-FalconConfig'
Removed Commands
* Removed custom indicator commands that no longer have supported APIs
'Get-IOCHost',
'Get-IOCProcess'
'Get-IOCTotal'
Parameter Changes
* Removed '.zip' pattern from 'Receive-FalconMalQuerySample' as single file downloads were not zipped
GitHub Issues
* Issue #45: Updated 'Edit-FalconScript' to correctly convert relative to absolute file path
FileList
- PSFalcon.nuspec
- LICENSE
- PSFalcon.psd1
- PSFalcon.psm1
- README.md
- Class\Class.ps1
- Data\ItemTypes.psd1
- Data\Parameters.psd1
- Data\Patterns.psd1
- Data\Schema.psd1
- Data\Endpoints\cloud-connect-aws.psd1
- Data\Endpoints\cloud-connect-azure.psd1
- Data\Endpoints\cloud-connect-cspm-aws.psd1
- Data\Endpoints\cloud-connect-cspm-azure.psd1
- Data\Endpoints\cloud-connect-gcp.psd1
- Data\Endpoints\config.psd1
- Data\Endpoints\detects.psd1
- Data\Endpoints\devices.psd1
- Data\Endpoints\falcon-complete-dashboards.psd1
- Data\Endpoints\falconx.psd1
- Data\Endpoints\fwmgr.psd1
- Data\Endpoints\incidents.psd1
- Data\Endpoints\installation-tokens.psd1
- Data\Endpoints\intel.psd1
- Data\Endpoints\ioarules.psd1
- Data\Endpoints\iocs.psd1
- Data\Endpoints\malquery.psd1
- Data\Endpoints\mssp.psd1
- Data\Endpoints\oauth2.psd1
- Data\Endpoints\overwatch-dashboards.psd1
- Data\Endpoints\policy.psd1
- Data\Endpoints\processes.psd1
- Data\Endpoints\real-time-response.psd1
- Data\Endpoints\recon.psd1
- Data\Endpoints\samples.psd1
- Data\Endpoints\scanner.psd1
- Data\Endpoints\scripts.psd1
- Data\Endpoints\sensors.psd1
- Data\Endpoints\settings.psd1
- Data\Endpoints\spotlight.psd1
- Data\Endpoints\user-roles.psd1
- Data\Endpoints\users.psd1
- Data\Endpoints\zero-trust-assessment.psd1
- Private\Private.ps1
- Public\cloud-connect-aws.ps1
- Public\cloud-connect-azure.ps1
- Public\cloud-connect-cspm-aws.ps1
- Public\cloud-connect-cspm-azure.ps1
- Public\cloud-connect-gcp.ps1
- Public\config.ps1
- Public\detects.ps1
- Public\devices.ps1
- Public\falcon-complete-dashboards.ps1
- Public\falconx.ps1
- Public\fwmgr.ps1
- Public\incidents.ps1
- Public\installation-tokens.ps1
- Public\intel.ps1
- Public\ioarules.ps1
- Public\iocs.ps1
- Public\malquery.ps1
- Public\mssp.ps1
- Public\oauth2.ps1
- Public\overwatch-dashboards.ps1
- Public\policy.ps1
- Public\processes.ps1
- Public\real-time-response.ps1
- Public\recon.ps1
- Public\samples.ps1
- Public\scanner.ps1
- Public\scripts.ps1
- Public\sensors.ps1
- Public\settings.ps1
- Public\spotlight.ps1
- Public\user-roles.ps1
- Public\users.ps1
- Public\zero-trust-assessment.ps1