PSFalcon

2.1.6

PowerShell for the CrowdStrike Falcon OAuth2 APIs

Minimum PowerShell version

5.1

The owner has unlisted this package. This could mean that the module is deprecated or shouldn't be used anymore.

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name PSFalcon -RequiredVersion 2.1.6

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name PSFalcon -Version 2.1.6

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) CrowdStrike. All rights reserved.

Package Details

Author(s)

  • Brendan Kremian

Tags

CrowdStrike Falcon OAuth2 REST API Windows Linux MacOS

Functions

Confirm-FalconDiscoverAwsAccess Edit-FalconDiscoverAwsAccount Get-FalconDiscoverAwsAccount Get-FalconDiscoverAwsSetting New-FalconDiscoverAwsAccount Remove-FalconDiscoverAwsAccount Update-FalconDiscoverAwsSetting Edit-FalconHorizonAwsAccount Edit-FalconHorizonAzureAccount Edit-FalconHorizonPolicy Edit-FalconHorizonSchedule Get-FalconHorizonAwsAccount Get-FalconHorizonAwsLink Get-FalconHorizonAzureAccount Get-FalconHorizonIoa Get-FalconHorizonIoaEvent Get-FalconHorizonIoaUser Get-FalconHorizonIom Get-FalconHorizonPolicy Get-FalconHorizonSchedule New-FalconHorizonAwsAccount New-FalconHorizonAzureAccount Receive-FalconHorizonAwsScript Receive-FalconHorizonAzureScript Remove-FalconHorizonAwsAccount Remove-FalconHorizonAzureAccount Edit-FalconIoaGroup Edit-FalconIoaRule Get-FalconIoaGroup Get-FalconIoaPlatform Get-FalconIoaRule Get-FalconIoaSeverity Get-FalconIoaType New-FalconIoaGroup New-FalconIoaRule Remove-FalconIoaGroup Remove-FalconIoaRule Test-FalconIoaRule Get-FalconDiscoverAzureAccount Get-FalconDiscoverGcpAccount New-FalconDiscoverAzureAccount New-FalconDiscoverGcpAccount Receive-FalconDiscoverAzureScript Receive-FalconDiscoverGcpScript Update-FalconDiscoverAzureAccount Edit-FalconDetection Get-FalconDetection Edit-FalconDeviceControlPolicy Get-FalconDeviceControlPolicy Get-FalconDeviceControlPolicyMember Invoke-FalconDeviceControlPolicyAction New-FalconDeviceControlPolicy Remove-FalconDeviceControlPolicy Set-FalconDeviceControlPrecedence Add-FalconGroupingTag Get-FalconHost Invoke-FalconHostAction Remove-FalconGroupingTag Get-FalconAsset Get-FalconContainerToken Get-FalconCompleteAllowlist Get-FalconCompleteBlocklist Get-FalconCompleteCollection Get-FalconCompleteDetection Get-FalconCompleteEscalation Get-FalconCompleteIncident Get-FalconCompleteRemediation Get-FalconActor Get-FalconIndicator Get-FalconIntel Receive-FalconIntel Get-FalconRule Receive-FalconRule Get-FalconReport Get-FalconSubmission Get-FalconSubmissionQuota New-FalconSubmission Receive-FalconArtifact Remove-FalconReport Edit-FalconFirewallGroup Edit-FalconFirewallPolicy Edit-FalconFirewallSetting Get-FalconFirewallEvent Get-FalconFirewallField Get-FalconFirewallGroup Get-FalconFirewallPlatform Get-FalconFirewallPolicy Get-FalconFirewallPolicyMember Get-FalconFirewallRule Get-FalconFirewallSetting Invoke-FalconFirewallPolicyAction New-FalconFirewallGroup New-FalconFirewallPolicy Remove-FalconFirewallGroup Remove-FalconFirewallPolicy Set-FalconFirewallPrecedence Edit-FalconHostGroup Get-FalconHostGroup Get-FalconHostGroupMember Invoke-FalconHostGroupAction New-FalconHostGroup Remove-FalconHostGroup Invoke-FalconIdentityGraph Get-FalconBehavior Get-FalconIncident Get-FalconScore Invoke-FalconIncidentAction Edit-FalconInstallToken Get-FalconInstallToken Get-FalconInstallTokenEvent Get-FalconInstallTokenSetting New-FalconInstallToken Remove-FalconInstallToken Edit-FalconIoc Get-FalconIoc New-FalconIoc Remove-FalconIoc Get-FalconIocHost Get-FalconIocProcess Edit-FalconContainerAwsAccount Get-FalconContainerAwsAccount Get-FalconContainerCloud Get-FalconContainerCluster Invoke-FalconContainerScan New-FalconContainerAwsAccount New-FalconContainerKey Receive-FalconContainerYaml Remove-FalconContainerAwsAccount Get-FalconMalQuery Get-FalconMalQueryQuota Get-FalconMalQuerySample Group-FalconMalQuerySample Invoke-FalconMalQuery Receive-FalconMalQuerySample Search-FalconMalQueryHash ConvertTo-FalconMlExclusion Edit-FalconMlExclusion Get-FalconMlExclusion New-FalconMlExclusion Remove-FalconMlExclusion Add-FalconCidGroupMember Add-FalconGroupRole Add-FalconUserGroupMember Edit-FalconCidGroup Edit-FalconUserGroup Get-FalconCidGroup Get-FalconCidGroupMember Get-FalconGroupRole Get-FalconMemberCid Get-FalconUserGroup Get-FalconUserGroupMember New-FalconCidGroup New-FalconUserGroup Remove-FalconCidGroup Remove-FalconCidGroupMember Remove-FalconGroupRole Remove-FalconUserGroup Remove-FalconUserGroupMember Request-FalconToken Revoke-FalconToken Test-FalconToken Get-FalconOverWatchEvent Get-FalconOverWatchDetection Get-FalconOverWatchIncident Edit-FalconPreventionPolicy Get-FalconPreventionPolicy Get-FalconPreventionPolicyMember Invoke-FalconPreventionPolicyAction New-FalconPreventionPolicy Remove-FalconPreventionPolicy Set-FalconPreventionPrecedence Export-FalconConfig Import-FalconConfig Add-FalconSensorTag Find-FalconDuplicate Get-FalconSensorTag Remove-FalconSensorTag Uninstall-FalconSensor Export-FalconReport Send-FalconWebhook Show-FalconMap Show-FalconModule Copy-FalconDeviceControlPolicy Copy-FalconFirewallPolicy Copy-FalconPreventionPolicy Copy-FalconResponsePolicy Copy-FalconSensorUpdatePolicy Get-FalconQueue Invoke-FalconDeploy Invoke-FalconRtr Get-FalconQuarantine Invoke-FalconQuarantineAction Test-FalconQuarantineAction Get-FalconQuickScan Get-FalconQuickScanQuota New-FalconQuickScan Confirm-FalconAdminCommand Edit-FalconScript Get-FalconPutFile Get-FalconScript Invoke-FalconAdminCommand Remove-FalconPutFile Remove-FalconScript Send-FalconPutFile Send-FalconScript Confirm-FalconCommand Confirm-FalconGetFile Confirm-FalconResponderCommand Get-FalconSession Invoke-FalconBatchGet Invoke-FalconCommand Invoke-FalconResponderCommand Receive-FalconGetFile Remove-FalconCommand Remove-FalconGetFile Remove-FalconSession Start-FalconSession Update-FalconSession Edit-FalconReconAction Edit-FalconReconNotification Edit-FalconReconRule Get-FalconReconAction Get-FalconReconNotification Get-FalconReconRule Get-FalconReconRulePreview New-FalconReconAction New-FalconReconRule Remove-FalconReconAction Remove-FalconReconRule Remove-FalconReconNotification Edit-FalconResponsePolicy Get-FalconResponsePolicy Get-FalconResponsePolicyMember Invoke-FalconResponsePolicyAction New-FalconResponsePolicy Remove-FalconResponsePolicy Set-FalconResponsePrecedence Get-FalconSample Send-FalconSample Receive-FalconSample Remove-FalconSample Get-FalconScheduledReport Invoke-FalconScheduledReport Receive-FalconScheduledReport Redo-FalconScheduledReport ConvertTo-FalconIoaExclusion Edit-FalconIoaExclusion Get-FalconIoaExclusion New-FalconIoaExclusion Remove-FalconIoaExclusion Get-FalconCcid Get-FalconInstaller Receive-FalconInstaller Edit-FalconSensorUpdatePolicy Get-FalconBuild Get-FalconSensorUpdatePolicy Get-FalconSensorUpdatePolicyMember Get-FalconUninstallToken Invoke-FalconSensorUpdatePolicyAction New-FalconSensorUpdatePolicy Remove-FalconSensorUpdatePolicy Set-FalconSensorUpdatePrecedence Edit-FalconSvExclusion Get-FalconSvExclusion New-FalconSvExclusion Remove-FalconSvExclusion Get-FalconRemediation Get-FalconVulnerability Get-FalconStream Update-FalconStream Add-FalconRole Edit-FalconUser Get-FalconRole Get-FalconUser New-FalconUser Remove-FalconRole Remove-FalconUser Get-FalconZta

PSEditions

Desktop Core

Dependencies

This module has no dependencies.

Release Notes

New Commands
 * cspm-registration.ps1
   'Get-FalconHorizonIoa'
   'Get-FalconHorizonIom'

 * discover.ps1
   'Get-FalconAsset'

 * psf-policies.ps1
   'Copy-FalconDeviceControlPolicy'
   'Copy-FalconFirewallPolicy'
   'Copy-FalconPreventionPolicy'
   'Copy-FalconResponsePolicy'
   'Copy-FalconSensorUpdatePolicy'

 * scheduled-report.ps1
   'Invoke-FalconScheduledReport'
   'Redo-FalconScheduledReport'

Command Changes
 * Added 'put-and-run' to 'Invoke-FalconAdminCommand' and 'Invoke-FalconRtr'.

 * Changed 'Get-FalconMalQuery' parameter from '-Ids' to '-Id' to signify that the endpoint only accepts one
   request at a time.

 * Removed '-Detailed' from 'Invoke-FalconMalQuery' because it was not supposed to be there.

 * Added '-Description' to 'New-FalconDeviceControlPolicy'. Whoops.

 * Added '-Include' to 'Get-FalconFirewallPolicy' to include firewall settings with a policy result.

 * Added '-LocalLogging' to 'Edit-FalconFirewallSetting' to support new Firewall Management policy setting.

 * Added pipeline support for parameters in 'Edit-FalconFirewallSetting'. 'Copy-FalconFirewallPolicy' uses
   the pipeline to supply settings during the duplication of an existing policy.

General Changes
 * Updated 'Invoke-Loop' to account for new pagination token style used in 'Get-FalconHorizonIoa' and
   'Get-FalconHorizonIom'.

 * Re-wrote 'Write-Result' to reduce total code and improve for handling of errors from the 'identity-protection'
   API. As a result, errors produced by 'Write-Result' are now shown as compressed Json objects rather than a
   string (which only expected 'code' and 'message'--typical with most Falcon APIs).

 * Fixed an issue with 'Write-Result' that prevented the output of 'meta' properties in the verbose stream. An
   earlier version of PSFalcon mistakenly hid this output.

 * Re-wrote portions of 'Request-FalconToken' to eliminate 'call depth overflow' errors generated due to how the
   '308: Permanent Redirection' response is handled in PowerShell 5.1. Redirection should now function properly.

GitHub Issues
 * Issue #134: Modified RegEx pattern for 'Add-FalconGroupingTag' and 'Remove-FalconGroupingTag' to allow all
   characters in the initial tag value, then updated the command to use the 'Test-RegexValue' to validate
   that each value is a valid tag.

 * Issue #135: Added check to validate both 'status' and 'comment' value are present when submitting 'comment'
   with 'Edit-FalconDetection'. Also forced the input of lower case status values, as improperly-cased 'status'
   values will cause a '400: Failed to validate resource' error.

 * Issue #136: Corrected 'Invoke-FalconMalQuery' to submit 'options' as a hashtable rather than an array, which
   was causing all requests to fail (including those made with 'Search-FalconMalQueryHash').

 * Issue #138: Updated 'Test-FqlStatement' to account for multiple 'exact match' values, and used operator groups
   to more efficiently check <property>, <operator> and <value> independently within an FQL 'filter' string.

 * Issue #140: Updated the base [System.Net.Http.HttpClientHandler] to automatically decompress gzip files when
   presented with them from an API.

 * Issue #143: Updated 'Get-FalconScheduledReport -Execution' to work properly with the '-Detailed' parameter.

 * Issue #144: Updated 'Test-FqlStatement' to allow colon characters in the value portion of an FQL statement.

 * Issue #146: Updated 'Invoke-FalconRtr' to access the 'Initialize-Output' function when using both 'HostIds'
   and 'GroupId', instead of just 'HostIds'.

FileList

Version History

Version Downloads Last updated
2.2.6 90,529 11/27/2023
2.2.5 48,353 5/1/2023