Skip to content

Commit

Permalink
v2.0.8
Browse files Browse the repository at this point in the history
	New Parameters
	* Added 'Total' switch to each command that has 'offset' or 'after' values to provide the total result
	  count rather than the actual results

    Changed Commands
	* Updated 'Invoke-FalconRTR' to fix various issues that would cause 'get' requests to fail with more
	  than one host
	* Modified 'Confirm-FalconGetFile' to reduce the complexity of the output when checking the status
	  of a batch 'get' request -- the command now returns each result with the 'aid' value appended to it
	  rather than being sorted by 'aid' (which required additional object manipulation to access relevant
	  properties)
	* Added a check before 'Receive' commands that will abort the command and output an error if the file
	  already exists
  • Loading branch information
bk-cs committed May 13, 2021
1 parent 031db9d commit e55d81d
Show file tree
Hide file tree
Showing 32 changed files with 599 additions and 969 deletions.
1 change: 1 addition & 0 deletions Data/ItemTypes.psd1
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@
"^/real-time-response/combined/batch-(active-responder-|admin-)?command/" =
"batch Real-time Response command"
"^/real-time-response/entities/(active-responder-|admin-)?command/" = "Real-time Response command"
"^/real-time-response/(entities|queries)/(extracted-)?file(-contents)?/" = "Real-time Response 'get' file"
"^/real-time-response/(entities|queries)/scripts/" = "Real-time Response script"
"^/real-time-response/(entities|queries)/put-files/" = "Real-time Response 'put' file"
"^/real-time-response/combined/batch-(init-|refresh-)?session/" = "batch Real-time Response session"
Expand Down
12 changes: 12 additions & 0 deletions PSFalcon.psd1
Original file line number Diff line number Diff line change
Expand Up @@ -446,12 +446,24 @@ PrivateData = @{
* Added command for 'zero-trust-assessment' API:
'Get-FalconZTA'
New Parameters
* Added 'Total' switch to each command that has 'offset' or 'after' values to provide the total result
count rather than the actual results
Changed Commands
* Updated custom indicator commands to match new 'iocs' APIs
'Edit-FalconIOC'
'Get-FalconIOC'
'New-FalconIOC'
'Remove-FalconIOC'
* Updated 'Invoke-FalconRTR' to fix various issues that would cause 'get' requests to fail with more
than one host
* Modified 'Confirm-FalconGetFile' to reduce the complexity of the output when checking the status
of a batch 'get' request -- the command now returns each result with the 'aid' value appended to it
rather than being sorted by 'aid' (which required additional object manipulation to access relevant
properties)
* Added a check before 'Receive' commands that will abort the command and output an error if the file
already exists
Removed Commands
* Removed custom indicator commands that no longer have supported APIs
Expand Down
28 changes: 22 additions & 6 deletions Private/Private.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -450,6 +450,15 @@ function Get-Dictionary {
description = 'Repeat requests until all available results are retrieved'
}
}
# Add 'Total' switch
Add-Parameter @{
total = @{
dynamic = 'Total'
set = $_
type = 'switch'
description = 'Display total result count instead of results'
}
}
}
}
# Add 'Help' to all endpoints
Expand Down Expand Up @@ -533,7 +542,7 @@ function Get-DynamicHelp {
Show-Parameter -Parameter $_
}
}
($_.Parameters).Where({ $_.Name -match '^(All|Detailed)$'}).foreach{
($_.Parameters).Where({ $_.Name -match '^(All|Detailed|Total)$'}).foreach{
# Show switch parameters added by Get-Dictionary
"`n -$($_.Name) [switch]`n $($_.HelpMessage)"
}
Expand Down Expand Up @@ -1097,7 +1106,9 @@ function Invoke-Request {
.PARAMETER DYNAMIC
A runtime parameter dictionary to search for user input values
.PARAMETER DETAILED
Toggle the use of 'Detailed' with a command when using Invoke-Loop
Toggle the use of 'Detailed' with a command
.PARAMETER TOTAL
Toggle the use of 'Total' with a command
.PARAMETER MODIFIER
The name of a switch parameter used to modify a command when using Invoke-Loop
.PARAMETER ALL
Expand All @@ -1121,6 +1132,9 @@ function Invoke-Request {
[Parameter()]
[bool] $Detailed,

[Parameter()]
[bool] $Total,

[Parameter()]
[string] $Modifier,

Expand All @@ -1136,7 +1150,7 @@ function Invoke-Request {
}
}
process {
if ($All) {
if ($All -and !$Total) {
# Construct parameters and pass to Invoke-Loop
$LoopParam = @{
Command = $Command
Expand All @@ -1152,15 +1166,17 @@ function Invoke-Request {
$LoopParam.Param[$Modifier] = $true
}
Invoke-Loop @LoopParam
}
else {
} else {
foreach ($Param in (Get-Param -Endpoint $Endpoint -Dynamic $Dynamic)) {
# Format Json body and make request
Format-Body -Param $Param
$Request = Invoke-Endpoint @Param
if ($Request -and $Detailed) {
if ($Request -and $Detailed -and !$Total) {
# Make secondary request for detail about identifiers
& $Command -Ids $Request
} elseif ($Request -and $Total) {
# Output total result count
$Meta.pagination.total
} else {
$Request
}
Expand Down
30 changes: 10 additions & 20 deletions Public/cloud-connect-aws.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,7 @@ function Confirm-DiscoverAwsAccess {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand All @@ -38,8 +37,7 @@ function Edit-DiscoverAwsAccount {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand All @@ -63,21 +61,17 @@ function Get-DiscoverAwsAccount {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @(
'/cloud-connect-aws/combined/accounts/v1:get')
}
else {
} else {
$Param = @{
Command = $MyInvocation.MyCommand.Name
Query = $Endpoints[0]
Entity = $Endpoints[1]
Dynamic = $Dynamic
}
switch ($PSBoundParameters.Keys) {
'All' {
$Param['All'] = $true
}
'Detailed' {
$Param.Query = $Endpoints[2]
}
'All' { $Param['All'] = $true }
'Total' { $Param['Total'] = $true }
'Detailed' { $Param.Query = $Endpoints[2] }
}
Invoke-Request @Param
}
Expand All @@ -100,8 +94,7 @@ function Get-DiscoverAwsSettings {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} else {
Invoke-Endpoint -Endpoint $Endpoints[0]
}
}
Expand All @@ -123,8 +116,7 @@ function New-DiscoverAwsAccount {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand All @@ -146,8 +138,7 @@ function Remove-DiscoverAwsAccount {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand All @@ -169,8 +160,7 @@ function Update-DiscoverAwsSettings {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand Down
32 changes: 3 additions & 29 deletions Public/cloud-connect-azure.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,7 @@ function Get-DiscoverAzureAccount {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand All @@ -38,31 +37,7 @@ function New-DiscoverAzureAccount {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
}
function Receive-DiscoverAzureScript {
<#
.SYNOPSIS
Additional information is available with the -Help parameter
.LINK
https://github.com/crowdstrike/psfalcon
#>
[CmdletBinding()]
[OutputType()]
param()
DynamicParam {
$Endpoints = @('/cloud-connect-azure/entities/user-scripts-download/v1:get')
return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic)
}
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand All @@ -84,8 +59,7 @@ function Update-DiscoverAzureAccount {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand Down
32 changes: 11 additions & 21 deletions Public/cloud-connect-cspm-aws.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -15,19 +15,8 @@ function Get-HorizonAwsAccount {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
$Param = @{
Command = $MyInvocation.MyCommand.Name
Query = $Endpoints[0]
Dynamic = $Dynamic
}
switch ($PSBoundParameters.Keys) {
'All' {
$Param['All'] = $true
}
}
Invoke-Request @Param
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
}
Expand All @@ -48,8 +37,7 @@ function Get-HorizonAwsLink {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand All @@ -71,8 +59,7 @@ function New-HorizonAwsAccount {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand All @@ -91,11 +78,15 @@ function Receive-HorizonAwsScript {
$Endpoints = @('/cloud-connect-cspm-aws/entities/user-scripts-download/v1:get')
return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic)
}
begin {
$Dynamic.Path.Value = $Falcon.GetAbsolutePath($Dynamic.Path.Value)
}
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} elseif (Test-Path $Dynamic.Path.Value) {
throw "'$($Dynamic.Path.Value)' already exists."
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand All @@ -117,8 +108,7 @@ function Remove-HorizonAwsAccount {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand Down
32 changes: 11 additions & 21 deletions Public/cloud-connect-cspm-azure.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,7 @@ function Edit-HorizonAzureAccount {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand All @@ -38,19 +37,8 @@ function Get-HorizonAzureAccount {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
$Param = @{
Command = $MyInvocation.MyCommand.Name
Query = $Endpoints[0]
Dynamic = $Dynamic
}
switch ($PSBoundParameters.Keys) {
'All' {
$Param['All'] = $true
}
}
Invoke-Request @Param
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
}
Expand All @@ -71,8 +59,7 @@ function New-HorizonAzureAccount {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand All @@ -91,11 +78,15 @@ function Receive-HorizonAzureScript {
$Endpoints = @('/cloud-connect-cspm-azure/entities/user-scripts-download/v1:get')
return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic)
}
begin {
$Dynamic.Path.Value = $Falcon.GetAbsolutePath($Dynamic.Path.Value)
}
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} elseif (Test-Path $Dynamic.Path.Value) {
throw "'$($Dynamic.Path.Value)' already exists."
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand All @@ -117,8 +108,7 @@ function Remove-HorizonAzureAccount {
process {
if ($PSBoundParameters.Help) {
Get-DynamicHelp -Command $MyInvocation.MyCommand.Name
}
else {
} else {
Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic
}
}
Expand Down
Loading

0 comments on commit e55d81d

Please sign in to comment.