v2.0.8

New Commands * Added 'Get-FalconQuickScanQuota' to display QuickScan quota information * Added commands for global 'overwatch-dashboards' APIs: 'Get-FalconOverWatchEvent' 'Get-FalconOverWatchDetection' 'Get-FalconOverWatchIncident' * Added commands for 'falcon-complete-dashboards' APIs: 'Get-FalconCompleteAllowlist' 'Get-FalconCompleteBlocklist' 'Get-FalconCompleteCollection' 'Get-FalconCompleteDetection' 'Get-FalconCompleteEscalation' 'Get-FalconCompleteIncident' 'Get-FalconCompleteRemediation' * Added commands for 'recon' APIs: 'Edit-FalconReconAction' 'Edit-FalconReconRule' 'Get-FalconReconAction' 'Get-FalconReconNotification' 'Get-FalconReconRule' 'New-FalconReconAction' 'New-FalconReconRule' 'Remove-FalconReconAction' 'Remove-FalconReconRule' * Added command for 'zero-trust-assessment' API: 'Get-FalconZTA' Changed Commands * Updated custom indicator commands to match new 'iocs' APIs 'Edit-FalconIOC' 'Get-FalconIOC' 'New-FalconIOC' 'Remove-FalconIOC' Removed Commands * Removed custom indicator commands that no longer have supported APIs 'Get-IOCHost', 'Get-IOCProcess' 'Get-IOCTotal' Parameter Changes * Removed '.zip' pattern from 'Receive-FalconMalQuerySample' as single file downloads were not zipped GitHub Issues * Issue #45: Updated 'Edit-FalconScript' to correctly convert relative to absolute file path
CrowdStrike · May 11, 2021 · 031db9d · 031db9d
1 parent 2d99f55
commit 031db9d
Show file tree

Hide file tree

Showing 21 changed files with 1,640 additions and 411 deletions.
diff --git a/Data/Endpoints/falcon-complete-dashboards.psd1 b/Data/Endpoints/falcon-complete-dashboards.psd1
@@ -0,0 +1,119 @@
+@{
+    "/falcon-complete-dashboards/queries/allowlist/v1" = @{
+        get = @{
+          description = "Search for {0} allowlist tickets"
+            security = "falconcomplete-dashboard:read"
+            produces = "application/json"
+            consumes = "application/json"
+            parameters = @{
+                schema = "BasicParams"
+                limit = @{
+                    max = 500
+                }
+            }
+            responses = @{
+                "msa.ReplyMetaOnly" = @(403,429)
+                default = "msa.QueryResponse"
+            }
+        }
+    }
+    "/falcon-complete-dashboards/queries/incidents/v1" = @{
+        get = @{
+            description = "Search for {0} incident identifiers"
+            security = "falconcomplete-dashboard:read"
+            produces = "application/json"
+            consumes = "application/json"
+            parameters = @{
+                schema = "BasicParams"
+                limit = @{
+                    max = 500
+                }
+            }
+            responses = @{
+                "msa.ReplyMetaOnly" = @(403,429)
+                default = "msa.QueryResponse"
+            }
+        }
+    }
+    "/falcon-complete-dashboards/queries/remediations/v1" = @{
+        get = @{
+            description = "Search for {0} remediation tickets"
+            security = "falconcomplete-dashboard:read"
+            produces = "application/json"
+            consumes = "application/json"
+            parameters = @{
+                schema = "BasicParams"
+                limit = @{
+                    max = 500
+                }
+            }
+            responses = @{
+                "msa.ReplyMetaOnly" = @(403,429)
+                default = "msa.QueryResponse"
+            }
+        }
+    }
+    "/falcon-complete-dashboards/queries/detects/v1" = @{
+        get = @{
+            description = "Search for {0} detection identifiers"
+            responses = @{
+                "msa.ReplyMetaOnly" = @(403,429)
+                default = "msa.QueryResponse"
+            }
+            security = "falconcomplete-dashboard:read"
+            parameters = @{
+                schema = "BasicParams"
+                limit = @{
+                    max = 500
+                }
+            }
+            produces = "application/json"
+            consumes = "application/json"
+        }
+    }
+    "/falcon-complete-dashboards/queries/devicecount-collections/v1" = @{
+        get = @{
+            description = "Search for {0} device count collection identifiers"
+            security = "falconcomplete-dashboard:read"
+            produces = "application/json"
+            consumes = "application/json"
+            parameters = @{
+                schema = "BasicParams"
+            }
+            responses = @{
+                "msa.ReplyMetaOnly" = @(403,429)
+                default = "msa.QueryResponse"
+            }
+        }
+    }
+    "/falcon-complete-dashboards/queries/escalations/v1" = @{
+        get = @{
+            description = "Search for {0} escalation tickets"
+            security = "falconcomplete-dashboard:read"
+            produces = "application/json"
+            consumes = "application/json"
+            parameters = @{
+                schema = "BasicParams"
+            }
+            responses = @{
+                "msa.ReplyMetaOnly" = @(403,429)
+                default = "msa.QueryResponse"
+            }
+        }
+    }
+    "/falcon-complete-dashboards/queries/blocklist/v1" = @{
+        get = @{
+            description = "Search for {0} blocklist tickets"
+            security = "falconcomplete-dashboard:read"
+            produces = "application/json"
+            consumes = "application/json"
+            parameters = @{
+                schema = "BasicParams"
+            }
+            responses = @{
+                "msa.ReplyMetaOnly" = @(403,429)
+                default = "msa.QueryResponse"
+            }
+        }
+    }
+}
diff --git a/Data/Endpoints/indicators.psd1 b/Data/Endpoints/indicators.psd1