Public/spotlight-vulnerabilities.ps1
function Get-FalconRemediation { [CmdletBinding(DefaultParameterSetName = '/spotlight/entities/remediations/v2:get')] param( [Parameter(ParameterSetName = '/spotlight/entities/remediations/v2:get', Mandatory = $true, Position = 1)] [ValidatePattern('^\w{32}$')] [array] $Ids ) process { $Param = @{ Command = $MyInvocation.MyCommand.Name Endpoint = $PSCmdlet.ParameterSetName Inputs = $PSBoundParameters Format = @{ Query = @('ids') } } Invoke-Falcon @Param } } function Get-FalconVulnerability { [CmdletBinding(DefaultParameterSetName = '/spotlight/queries/vulnerabilities/v1:get')] param( [Parameter(ParameterSetName = '/spotlight/entities/vulnerabilities/v2:get', Mandatory = $true, Position = 1)] [ValidatePattern('^\w{32}_\w{32}$')] [array] $Ids, [Parameter(ParameterSetName = '/spotlight/queries/vulnerabilities/v1:get', Mandatory = $true, Position = 1)] [Parameter(ParameterSetName = '/spotlight/combined/vulnerabilities/v1:get', Mandatory = $true, Position = 1)] [ValidateScript({ Test-FqlStatement $_ })] [string] $Filter, [Parameter(ParameterSetName = '/spotlight/combined/vulnerabilities/v1:get', Position = 2)] [ValidateSet('cve', 'host_info', 'remediation')] [array] $Facet, [Parameter(ParameterSetName = '/spotlight/queries/vulnerabilities/v1:get', Position = 3)] [Parameter(ParameterSetName = '/spotlight/combined/vulnerabilities/v1:get', Position = 3)] [ValidateSet('created_timestamp.asc', 'created_timestamp.desc', 'closed_timestamp.asc', 'closed_timestamp.desc', 'updated_timestamp.asc', 'updated_timestamp.desc')] [string] $Sort, [Parameter(ParameterSetName = '/spotlight/queries/vulnerabilities/v1:get', Position = 4)] [Parameter(ParameterSetName = '/spotlight/combined/vulnerabilities/v1:get', Position = 4)] [ValidateRange(1,400)] [int] $Limit, [Parameter(ParameterSetName = '/spotlight/queries/vulnerabilities/v1:get', Position = 5)] [Parameter(ParameterSetName = '/spotlight/combined/vulnerabilities/v1:get', Position = 5)] [string] $After, [Parameter(ParameterSetName = '/spotlight/combined/vulnerabilities/v1:get', Mandatory = $true)] [switch] $Detailed, [Parameter(ParameterSetName = '/spotlight/queries/vulnerabilities/v1:get')] [Parameter(ParameterSetName = '/spotlight/combined/vulnerabilities/v1:get')] [switch] $All, [Parameter(ParameterSetName = '/spotlight/queries/vulnerabilities/v1:get')] [switch] $Total ) process { $Param = @{ Command = $MyInvocation.MyCommand.Name Endpoint = $PSCmdlet.ParameterSetName Inputs = $PSBoundParameters Format = @{ Query = @('after', 'sort', 'ids', 'filter', 'limit', 'facet') } } Invoke-Falcon @Param } } |