Skip to content

Commit

Permalink
v2.1.8
Browse files Browse the repository at this point in the history 
Miscellaneous formatting changes
  • Loading branch information
@bk-cs
bk-cs committed Mar 15, 2022
1 parent 77fde7b commit d8aec66
Show file tree
Hide file tree
Showing 52 changed files with 497 additions and 1,447 deletions.
20 changes: 4 additions & 16 deletions Public/cloud-connect-aws.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,7 @@ function Confirm-FalconDiscoverAwsAccess {
Command = $MyInvocation.MyCommand.Name
Endpoint = $PSCmdlet.ParameterSetName
Inputs = $PSBoundParameters
Format = @{
Query = @('ids')
}
Format = @{ Query = @('ids') }
}
Invoke-Falcon @Param
}
Expand Down Expand Up @@ -105,17 +103,13 @@ function Get-FalconDiscoverAwsAccount {

[Parameter(ParameterSetName = '/cloud-connect-aws/queries/accounts/v1:get')]
[switch] $Total


)
process {
$Param = @{
Command = $MyInvocation.MyCommand.Name
Endpoint = $PSCmdlet.ParameterSetName
Inputs = $PSBoundParameters
Format = @{
Query = @('sort', 'ids', 'offset', 'limit', 'filter')
}
Format = @{ Query = @('sort', 'ids', 'offset', 'limit', 'filter') }
}
Invoke-Falcon @Param
}
Expand Down Expand Up @@ -198,9 +192,7 @@ function Remove-FalconDiscoverAwsAccount {
Command = $MyInvocation.MyCommand.Name
Endpoint = $PSCmdlet.ParameterSetName
Inputs = $PSBoundParameters
Format = @{
Query = @('ids')
}
Format = @{ Query = @('ids') }
}
Invoke-Falcon @Param
}
Expand All @@ -227,11 +219,7 @@ function Update-FalconDiscoverAwsSetting {
Command = $MyInvocation.MyCommand.Name
Endpoint = $PSCmdlet.ParameterSetName
Inputs = Update-FieldName -Fields $Fields -Inputs $PSBoundParameters
Format = @{
Body = @{
resources = @('cloudtrail_bucket_owner_id', 'static_external_id')
}
}
Format = @{ Body = @{ resources = @('cloudtrail_bucket_owner_id', 'static_external_id') }}
}
Invoke-Falcon @Param
}
Expand Down
157 changes: 51 additions & 106 deletions Public/cspm-registration.ps1
View file

Large diffs are not rendered by default.

106 changes: 31 additions & 75 deletions Public/custom-ioa.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,23 +24,17 @@ function Edit-FalconIoaGroup {
Endpoint = $PSCmdlet.ParameterSetName
Inputs = $PSBoundParameters
Format = @{
Body = @{
root = @('description', 'rulegroup_version', 'name', 'enabled', 'id', 'comment')
}
Body = @{ root = @('description', 'rulegroup_version', 'name', 'enabled', 'id', 'comment') }
}
}
($Param.Format.Body.root | Where-Object { $_ -ne 'id' }).foreach{
# When not provided, add required fields using existing policy settings
if (!$Param.Inputs.$_) {
if (!$Existing) {
$Existing = Get-FalconIoaGroup -Ids $Param.Inputs.id -ErrorAction 'SilentlyContinue'
$Existing = Get-FalconIoaGroup -Ids $Param.Inputs.id -EA 0
}
if ($Existing) {
$Value = if ($_ -eq 'rulegroup_version') {
$Existing.version
} else {
$Existing.$_
}
$Value = if ($_ -eq 'rulegroup_version') { $Existing.version } else { $Existing.$_ }
$PSBoundParameters[$_] = $Value
}
}
Expand Down Expand Up @@ -84,24 +78,16 @@ function Edit-FalconIoaRule {
Command = $MyInvocation.MyCommand.Name
Endpoint = $PSCmdlet.ParameterSetName
Inputs = Update-FieldName -Fields $Fields -Inputs $PSBoundParameters
Format = @{
Body = @{
root = @('rulegroup_id', 'comment', 'rule_updates', 'rulegroup_version')
}
}
Format = @{ Body = @{ root = @('rulegroup_id', 'comment', 'rule_updates', 'rulegroup_version') }}
}
($Param.Format.Body.root | Where-Object { $_ -ne 'rule_updates' }).foreach{
# When not provided, add required fields using existing policy settings
if (!$Param.Inputs.$_) {
if (!$Existing) {
$Existing = Get-FalconIoaGroup -Ids $Param.Inputs.rulegroup_id -ErrorAction 'SilentlyContinue'
$Existing = Get-FalconIoaGroup -Ids $Param.Inputs.rulegroup_id -EA 0
}
if ($Existing) {
$Value = if ($_ -eq 'rulegroup_version') {
$Existing.version
} else {
$Existing.$_
}
$Value = if ($_ -eq 'rulegroup_version') { $Existing.version } else { $Existing.$_ }
$PSBoundParameters[$_] = $Value
}
}
Expand All @@ -127,9 +113,9 @@ function Get-FalconIoaGroup {

[Parameter(ParameterSetName = '/ioarules/queries/rule-groups/v1:get', Position = 3)]
[Parameter(ParameterSetName = '/ioarules/queries/rule-groups-full/v1:get', Position = 3)]
[ValidateSet('created_by.asc','created_by.desc','created_on.asc','created_on.desc','description.asc',
'description.desc','enabled.asc','enabled.desc','modified_by.asc','modified_by.desc',
'modified_on.asc','modified_on.desc','name.asc','name.desc')]
[ValidateSet('created_by.asc', 'created_by.desc', 'created_on.asc', 'created_on.desc', 'description.asc',
'description.desc', 'enabled.asc', 'enabled.desc', 'modified_by.asc', 'modified_by.desc',
'modified_on.asc', 'modified_on.desc', 'name.asc', 'name.desc')]
[string] $Sort,

[Parameter(ParameterSetName = '/ioarules/queries/rule-groups/v1:get', Position = 4)]
Expand All @@ -152,23 +138,17 @@ function Get-FalconIoaGroup {
[switch] $Total
)
begin {
$Fields = @{
Query = 'q'
}
$Fields = @{ Query = 'q' }
}
process {
$Param = @{
Command = $MyInvocation.MyCommand.Name
Endpoint = $PSCmdlet.ParameterSetName
Inputs = Update-FieldName -Fields $Fields -Inputs $PSBoundParameters
Format = @{
Query = @('limit', 'ids', 'sort', 'q', 'offset', 'filter')
}
Format = @{ Query = @('limit', 'ids', 'sort', 'q', 'offset', 'filter') }
}
@(Invoke-Falcon @Param).foreach{
if ($_.version -and $null -eq $_.version) {
$_.version = 0
}
if ($_.version -and $null -eq $_.version) { $_.version = 0 }
$_
}
}
Expand Down Expand Up @@ -201,9 +181,7 @@ function Get-FalconIoaPlatform {
Command = $MyInvocation.MyCommand.Name
Endpoint = $PSCmdlet.ParameterSetName
Inputs = $PSBoundParameters
Format = @{
Query = @('ids', 'offset', 'limit')
}
Format = @{ Query = @('ids', 'offset', 'limit') }
}
Invoke-Falcon @Param
}
Expand All @@ -222,15 +200,15 @@ function Get-FalconIoaRule {
[string] $Query,

[Parameter(ParameterSetName = '/ioarules/queries/rules/v1:get', Position = 3)]
[ValidateSet('rules.created_by.asc','rules.created_by.desc','rules.created_on.asc',
'rules.created_on.desc','rules.current_version.action_label.asc',
'rules.current_version.action_label.desc','rules.current_version.description.asc',
'rules.current_version.description.desc','rules.current_version.modified_by.asc',
'rules.current_version.modified_by.desc','rules.current_version.modified_on.asc',
'rules.current_version.modified_on.desc','rules.current_version.name.asc',
'rules.current_version.name.desc','rules.current_version.pattern_severity.asc',
'rules.current_version.pattern_severity.desc','rules.enabled.asc','rules.enabled.desc',
'rules.ruletype_name.asc','rules.ruletype_name.desc')]
[ValidateSet('rules.created_by.asc', 'rules.created_by.desc', 'rules.created_on.asc',
'rules.created_on.desc', 'rules.current_version.action_label.asc',
'rules.current_version.action_label.desc', 'rules.current_version.description.asc',
'rules.current_version.description.desc', 'rules.current_version.modified_by.asc',
'rules.current_version.modified_by.desc', 'rules.current_version.modified_on.asc',
'rules.current_version.modified_on.desc', 'rules.current_version.name.asc',
'rules.current_version.name.desc', 'rules.current_version.pattern_severity.asc',
'rules.current_version.pattern_severity.desc', 'rules.enabled.asc', 'rules.enabled.desc',
'rules.ruletype_name.asc', 'rules.ruletype_name.desc')]
[string] $Sort,

[Parameter(ParameterSetName = '/ioarules/queries/rules/v1:get', Position = 4)]
Expand All @@ -250,9 +228,7 @@ function Get-FalconIoaRule {
[switch] $Total
)
begin {
$Fields = @{
Query = 'q'
}
$Fields = @{ Query = 'q' }
}
process {
$Param = @{
Expand All @@ -261,9 +237,7 @@ function Get-FalconIoaRule {
Inputs = Update-FieldName -Fields $Fields -Inputs $PSBoundParameters
Format = @{
Query = @('limit', 'sort', 'q', 'offset', 'filter')
Body = @{
root = @('ids')
}
Body = @{ root = @('ids') }
}
}
Invoke-Falcon @Param
Expand Down Expand Up @@ -298,9 +272,7 @@ function Get-FalconIoaSeverity {
Command = $MyInvocation.MyCommand.Name
Endpoint = $PSCmdlet.ParameterSetName
Inputs = $PSBoundParameters
Format = @{
Query = @('ids', 'offset', 'limit')
}
Format = @{ Query = @('ids', 'offset', 'limit') }
}
Invoke-Falcon @Param
}
Expand Down Expand Up @@ -333,9 +305,7 @@ function Get-FalconIoaType {
Command = $MyInvocation.MyCommand.Name
Endpoint = $PSCmdlet.ParameterSetName
Inputs = $PSBoundParameters
Format = @{
Query = @('ids', 'offset', 'limit')
}
Format = @{ Query = @('ids', 'offset', 'limit') }
}
Invoke-Falcon @Param
}
Expand All @@ -361,11 +331,7 @@ function New-FalconIoaGroup {
Command = $MyInvocation.MyCommand.Name
Endpoint = $PSCmdlet.ParameterSetName
Inputs = $PSBoundParameters
Format = @{
Body = @{
root = @('description', 'platform', 'name', 'comment')
}
}
Format = @{ Body = @{ root = @('description', 'platform', 'name', 'comment') }}
}
Invoke-Falcon @Param
}
Expand Down Expand Up @@ -440,9 +406,7 @@ function Remove-FalconIoaGroup {
Command = $MyInvocation.MyCommand.Name
Endpoint = $PSCmdlet.ParameterSetName
Inputs = $PSBoundParameters
Format = @{
Query = @('ids', 'comment')
}
Format = @{ Query = @('ids', 'comment') }
}
Invoke-Falcon @Param
}
Expand All @@ -461,18 +425,14 @@ function Remove-FalconIoaRule {
[string] $Comment
)
begin {
$Fields = @{
RuleGroupId = 'rule_group_id'
}
$Fields = @{ RuleGroupId = 'rule_group_id' }
}
process {
$Param = @{
Command = $MyInvocation.MyCommand.Name
Endpoint = $PSCmdlet.ParameterSetName
Inputs = Update-FieldName -Fields $Fields -Inputs $PSBoundParameters
Format = @{
Query = @('ids', 'rule_group_id', 'comment')
}
Format = @{ Query = @('ids', 'rule_group_id', 'comment') }
}
Invoke-Falcon @Param
}
Expand All @@ -489,11 +449,7 @@ function Test-FalconIoaRule {
Command = $MyInvocation.MyCommand.Name
Endpoint = $PSCmdlet.ParameterSetName
Inputs = $PSBoundParameters
Format = @{
Body = @{
root = @('fields')
}
}
Format = @{ Body = @{ root = @('fields') }}
}
Invoke-Falcon @Param
}
Expand Down
Loading

0 comments on commit d8aec66

Please sign in to comment.