PSFalcon
2.1.6
PowerShell for the CrowdStrike Falcon OAuth2 APIs
Minimum PowerShell version
5.1
Installation Options
Owners
Copyright
(c) CrowdStrike. All rights reserved.
Package Details
Author(s)
- Brendan Kremian
Tags
CrowdStrike Falcon OAuth2 REST API Windows Linux MacOS
Functions
Confirm-FalconDiscoverAwsAccess Edit-FalconDiscoverAwsAccount Get-FalconDiscoverAwsAccount Get-FalconDiscoverAwsSetting New-FalconDiscoverAwsAccount Remove-FalconDiscoverAwsAccount Update-FalconDiscoverAwsSetting Edit-FalconHorizonAwsAccount Edit-FalconHorizonAzureAccount Edit-FalconHorizonPolicy Edit-FalconHorizonSchedule Get-FalconHorizonAwsAccount Get-FalconHorizonAwsLink Get-FalconHorizonAzureAccount Get-FalconHorizonIoa Get-FalconHorizonIoaEvent Get-FalconHorizonIoaUser Get-FalconHorizonIom Get-FalconHorizonPolicy Get-FalconHorizonSchedule New-FalconHorizonAwsAccount New-FalconHorizonAzureAccount Receive-FalconHorizonAwsScript Receive-FalconHorizonAzureScript Remove-FalconHorizonAwsAccount Remove-FalconHorizonAzureAccount Edit-FalconIoaGroup Edit-FalconIoaRule Get-FalconIoaGroup Get-FalconIoaPlatform Get-FalconIoaRule Get-FalconIoaSeverity Get-FalconIoaType New-FalconIoaGroup New-FalconIoaRule Remove-FalconIoaGroup Remove-FalconIoaRule Test-FalconIoaRule Get-FalconDiscoverAzureAccount Get-FalconDiscoverGcpAccount New-FalconDiscoverAzureAccount New-FalconDiscoverGcpAccount Receive-FalconDiscoverAzureScript Receive-FalconDiscoverGcpScript Update-FalconDiscoverAzureAccount Edit-FalconDetection Get-FalconDetection Edit-FalconDeviceControlPolicy Get-FalconDeviceControlPolicy Get-FalconDeviceControlPolicyMember Invoke-FalconDeviceControlPolicyAction New-FalconDeviceControlPolicy Remove-FalconDeviceControlPolicy Set-FalconDeviceControlPrecedence Add-FalconGroupingTag Get-FalconHost Invoke-FalconHostAction Remove-FalconGroupingTag Get-FalconAsset Get-FalconContainerToken Get-FalconCompleteAllowlist Get-FalconCompleteBlocklist Get-FalconCompleteCollection Get-FalconCompleteDetection Get-FalconCompleteEscalation Get-FalconCompleteIncident Get-FalconCompleteRemediation Get-FalconActor Get-FalconIndicator Get-FalconIntel Receive-FalconIntel Get-FalconRule Receive-FalconRule Get-FalconReport Get-FalconSubmission Get-FalconSubmissionQuota New-FalconSubmission Receive-FalconArtifact Remove-FalconReport Edit-FalconFirewallGroup Edit-FalconFirewallPolicy Edit-FalconFirewallSetting Get-FalconFirewallEvent Get-FalconFirewallField Get-FalconFirewallGroup Get-FalconFirewallPlatform Get-FalconFirewallPolicy Get-FalconFirewallPolicyMember Get-FalconFirewallRule Get-FalconFirewallSetting Invoke-FalconFirewallPolicyAction New-FalconFirewallGroup New-FalconFirewallPolicy Remove-FalconFirewallGroup Remove-FalconFirewallPolicy Set-FalconFirewallPrecedence Edit-FalconHostGroup Get-FalconHostGroup Get-FalconHostGroupMember Invoke-FalconHostGroupAction New-FalconHostGroup Remove-FalconHostGroup Invoke-FalconIdentityGraph Get-FalconBehavior Get-FalconIncident Get-FalconScore Invoke-FalconIncidentAction Edit-FalconInstallToken Get-FalconInstallToken Get-FalconInstallTokenEvent Get-FalconInstallTokenSetting New-FalconInstallToken Remove-FalconInstallToken Edit-FalconIoc Get-FalconIoc New-FalconIoc Remove-FalconIoc Get-FalconIocHost Get-FalconIocProcess Edit-FalconContainerAwsAccount Get-FalconContainerAwsAccount Get-FalconContainerCloud Get-FalconContainerCluster Invoke-FalconContainerScan New-FalconContainerAwsAccount New-FalconContainerKey Receive-FalconContainerYaml Remove-FalconContainerAwsAccount Get-FalconMalQuery Get-FalconMalQueryQuota Get-FalconMalQuerySample Group-FalconMalQuerySample Invoke-FalconMalQuery Receive-FalconMalQuerySample Search-FalconMalQueryHash ConvertTo-FalconMlExclusion Edit-FalconMlExclusion Get-FalconMlExclusion New-FalconMlExclusion Remove-FalconMlExclusion Add-FalconCidGroupMember Add-FalconGroupRole Add-FalconUserGroupMember Edit-FalconCidGroup Edit-FalconUserGroup Get-FalconCidGroup Get-FalconCidGroupMember Get-FalconGroupRole Get-FalconMemberCid Get-FalconUserGroup Get-FalconUserGroupMember New-FalconCidGroup New-FalconUserGroup Remove-FalconCidGroup Remove-FalconCidGroupMember Remove-FalconGroupRole Remove-FalconUserGroup Remove-FalconUserGroupMember Request-FalconToken Revoke-FalconToken Test-FalconToken Get-FalconOverWatchEvent Get-FalconOverWatchDetection Get-FalconOverWatchIncident Edit-FalconPreventionPolicy Get-FalconPreventionPolicy Get-FalconPreventionPolicyMember Invoke-FalconPreventionPolicyAction New-FalconPreventionPolicy Remove-FalconPreventionPolicy Set-FalconPreventionPrecedence Export-FalconConfig Import-FalconConfig Add-FalconSensorTag Find-FalconDuplicate Get-FalconSensorTag Remove-FalconSensorTag Uninstall-FalconSensor Export-FalconReport Send-FalconWebhook Show-FalconMap Show-FalconModule Copy-FalconDeviceControlPolicy Copy-FalconFirewallPolicy Copy-FalconPreventionPolicy Copy-FalconResponsePolicy Copy-FalconSensorUpdatePolicy Get-FalconQueue Invoke-FalconDeploy Invoke-FalconRtr Get-FalconQuarantine Invoke-FalconQuarantineAction Test-FalconQuarantineAction Get-FalconQuickScan Get-FalconQuickScanQuota New-FalconQuickScan Confirm-FalconAdminCommand Edit-FalconScript Get-FalconPutFile Get-FalconScript Invoke-FalconAdminCommand Remove-FalconPutFile Remove-FalconScript Send-FalconPutFile Send-FalconScript Confirm-FalconCommand Confirm-FalconGetFile Confirm-FalconResponderCommand Get-FalconSession Invoke-FalconBatchGet Invoke-FalconCommand Invoke-FalconResponderCommand Receive-FalconGetFile Remove-FalconCommand Remove-FalconGetFile Remove-FalconSession Start-FalconSession Update-FalconSession Edit-FalconReconAction Edit-FalconReconNotification Edit-FalconReconRule Get-FalconReconAction Get-FalconReconNotification Get-FalconReconRule Get-FalconReconRulePreview New-FalconReconAction New-FalconReconRule Remove-FalconReconAction Remove-FalconReconRule Remove-FalconReconNotification Edit-FalconResponsePolicy Get-FalconResponsePolicy Get-FalconResponsePolicyMember Invoke-FalconResponsePolicyAction New-FalconResponsePolicy Remove-FalconResponsePolicy Set-FalconResponsePrecedence Get-FalconSample Send-FalconSample Receive-FalconSample Remove-FalconSample Get-FalconScheduledReport Invoke-FalconScheduledReport Receive-FalconScheduledReport Redo-FalconScheduledReport ConvertTo-FalconIoaExclusion Edit-FalconIoaExclusion Get-FalconIoaExclusion New-FalconIoaExclusion Remove-FalconIoaExclusion Get-FalconCcid Get-FalconInstaller Receive-FalconInstaller Edit-FalconSensorUpdatePolicy Get-FalconBuild Get-FalconSensorUpdatePolicy Get-FalconSensorUpdatePolicyMember Get-FalconUninstallToken Invoke-FalconSensorUpdatePolicyAction New-FalconSensorUpdatePolicy Remove-FalconSensorUpdatePolicy Set-FalconSensorUpdatePrecedence Edit-FalconSvExclusion Get-FalconSvExclusion New-FalconSvExclusion Remove-FalconSvExclusion Get-FalconRemediation Get-FalconVulnerability Get-FalconStream Update-FalconStream Add-FalconRole Edit-FalconUser Get-FalconRole Get-FalconUser New-FalconUser Remove-FalconRole Remove-FalconUser Get-FalconZta
PSEditions
Dependencies
This module has no dependencies.
Release Notes
New Commands
* cspm-registration.ps1
'Get-FalconHorizonIoa'
'Get-FalconHorizonIom'
* discover.ps1
'Get-FalconAsset'
* psf-policies.ps1
'Copy-FalconDeviceControlPolicy'
'Copy-FalconFirewallPolicy'
'Copy-FalconPreventionPolicy'
'Copy-FalconResponsePolicy'
'Copy-FalconSensorUpdatePolicy'
* scheduled-report.ps1
'Invoke-FalconScheduledReport'
'Redo-FalconScheduledReport'
Command Changes
* Added 'put-and-run' to 'Invoke-FalconAdminCommand' and 'Invoke-FalconRtr'.
* Changed 'Get-FalconMalQuery' parameter from '-Ids' to '-Id' to signify that the endpoint only accepts one
request at a time.
* Removed '-Detailed' from 'Invoke-FalconMalQuery' because it was not supposed to be there.
* Added '-Description' to 'New-FalconDeviceControlPolicy'. Whoops.
* Added '-Include' to 'Get-FalconFirewallPolicy' to include firewall settings with a policy result.
* Added '-LocalLogging' to 'Edit-FalconFirewallSetting' to support new Firewall Management policy setting.
* Added pipeline support for parameters in 'Edit-FalconFirewallSetting'. 'Copy-FalconFirewallPolicy' uses
the pipeline to supply settings during the duplication of an existing policy.
General Changes
* Updated 'Invoke-Loop' to account for new pagination token style used in 'Get-FalconHorizonIoa' and
'Get-FalconHorizonIom'.
* Re-wrote 'Write-Result' to reduce total code and improve for handling of errors from the 'identity-protection'
API. As a result, errors produced by 'Write-Result' are now shown as compressed Json objects rather than a
string (which only expected 'code' and 'message'--typical with most Falcon APIs).
* Fixed an issue with 'Write-Result' that prevented the output of 'meta' properties in the verbose stream. An
earlier version of PSFalcon mistakenly hid this output.
* Re-wrote portions of 'Request-FalconToken' to eliminate 'call depth overflow' errors generated due to how the
'308: Permanent Redirection' response is handled in PowerShell 5.1. Redirection should now function properly.
GitHub Issues
* Issue #134: Modified RegEx pattern for 'Add-FalconGroupingTag' and 'Remove-FalconGroupingTag' to allow all
characters in the initial tag value, then updated the command to use the 'Test-RegexValue' to validate
that each value is a valid tag.
* Issue #135: Added check to validate both 'status' and 'comment' value are present when submitting 'comment'
with 'Edit-FalconDetection'. Also forced the input of lower case status values, as improperly-cased 'status'
values will cause a '400: Failed to validate resource' error.
* Issue #136: Corrected 'Invoke-FalconMalQuery' to submit 'options' as a hashtable rather than an array, which
was causing all requests to fail (including those made with 'Search-FalconMalQueryHash').
* Issue #138: Updated 'Test-FqlStatement' to account for multiple 'exact match' values, and used operator groups
to more efficiently check <property>, <operator> and <value> independently within an FQL 'filter' string.
* Issue #140: Updated the base [System.Net.Http.HttpClientHandler] to automatically decompress gzip files when
presented with them from an API.
* Issue #143: Updated 'Get-FalconScheduledReport -Execution' to work properly with the '-Detailed' parameter.
* Issue #144: Updated 'Test-FqlStatement' to allow colon characters in the value portion of an FQL statement.
* Issue #146: Updated 'Invoke-FalconRtr' to access the 'Initialize-Output' function when using both 'HostIds'
and 'GroupId', instead of just 'HostIds'.
FileList
- PSFalcon.nuspec
- LICENSE
- Private\Private.ps1
- Public\detects.ps1
- Public\falconcomplete-dashboard.ps1
- Public\falconx-sandbox.ps1
- Public\installation-tokens.ps1
- Public\ml-exclusions.ps1
- Public\psf-config.ps1
- Public\psf-sensors.ps1
- Public\recon-monitoring-rules.ps1
- Public\self-service-ioa-exclusions.ps1
- Public\spotlight-vulnerabilities.ps1
- Public\cloud-connect-aws.ps1
- Public\device-control-policies.ps1
- Public\falconx-actors.ps1
- Public\firewall-management.ps1
- Public\ioc.ps1
- Public\mssp.ps1
- Public\psf-devices.ps1
- Public\quarantine.ps1
- Public\response-policies.ps1
- Public\sensor-installers.ps1
- Public\streaming.ps1
- PSFalcon.psd1
- Public\cspm-registration.ps1
- Public\devices.ps1
- Public\falconx-indicators.ps1
- Public\host-group.ps1
- Public\iocs.ps1
- Public\oauth2.ps1
- Public\psf-output.ps1
- Public\quick-scan.ps1
- Public\samplestore.ps1
- Public\sensor-update-policies.ps1
- Public\usermgmt.ps1
- PSFalcon.psm1
- Public\custom-ioa.ps1
- Public\discover.ps1
- Public\falconx-reports.ps1
- Public\identity-graphql.ps1
- Public\kubernetes-protection.ps1
- Public\overwatch-dashboard.ps1
- Public\psf-policies.ps1
- Public\real-time-response-admin.ps1
- Public\scheduled-report.ps1
- Public\sensor-visibility-exclusions.ps1
- Public\zero-trust-assessment.ps1
- Class\Class.ps1
- Public\d4c-registration.ps1
- Public\falcon-container.ps1
- Public\falconx-rules.ps1
- Public\incidents.ps1
- Public\malquery.ps1
- Public\prevention-policies.ps1
- Public\psf-real-time-response.ps1
- Public\real-time-response.ps1