diff --git a/Data/ItemTypes.psd1 b/Data/ItemTypes.psd1 index c850464b..9eb5f2c8 100644 --- a/Data/ItemTypes.psd1 +++ b/Data/ItemTypes.psd1 @@ -52,6 +52,7 @@ "^/real-time-response/combined/batch-(active-responder-|admin-)?command/" = "batch Real-time Response command" "^/real-time-response/entities/(active-responder-|admin-)?command/" = "Real-time Response command" + "^/real-time-response/(entities|queries)/(extracted-)?file(-contents)?/" = "Real-time Response 'get' file" "^/real-time-response/(entities|queries)/scripts/" = "Real-time Response script" "^/real-time-response/(entities|queries)/put-files/" = "Real-time Response 'put' file" "^/real-time-response/combined/batch-(init-|refresh-)?session/" = "batch Real-time Response session" diff --git a/PSFalcon.psd1 b/PSFalcon.psd1 index fb31dc00..083eea80 100644 --- a/PSFalcon.psd1 +++ b/PSFalcon.psd1 @@ -446,12 +446,24 @@ PrivateData = @{ * Added command for 'zero-trust-assessment' API: 'Get-FalconZTA' + New Parameters + * Added 'Total' switch to each command that has 'offset' or 'after' values to provide the total result + count rather than the actual results + Changed Commands * Updated custom indicator commands to match new 'iocs' APIs 'Edit-FalconIOC' 'Get-FalconIOC' 'New-FalconIOC' 'Remove-FalconIOC' + * Updated 'Invoke-FalconRTR' to fix various issues that would cause 'get' requests to fail with more + than one host + * Modified 'Confirm-FalconGetFile' to reduce the complexity of the output when checking the status + of a batch 'get' request -- the command now returns each result with the 'aid' value appended to it + rather than being sorted by 'aid' (which required additional object manipulation to access relevant + properties) + * Added a check before 'Receive' commands that will abort the command and output an error if the file + already exists Removed Commands * Removed custom indicator commands that no longer have supported APIs diff --git a/Private/Private.ps1 b/Private/Private.ps1 index 35094218..92dcfcbe 100644 --- a/Private/Private.ps1 +++ b/Private/Private.ps1 @@ -450,6 +450,15 @@ function Get-Dictionary { description = 'Repeat requests until all available results are retrieved' } } + # Add 'Total' switch + Add-Parameter @{ + total = @{ + dynamic = 'Total' + set = $_ + type = 'switch' + description = 'Display total result count instead of results' + } + } } } # Add 'Help' to all endpoints @@ -533,7 +542,7 @@ function Get-DynamicHelp { Show-Parameter -Parameter $_ } } - ($_.Parameters).Where({ $_.Name -match '^(All|Detailed)$'}).foreach{ + ($_.Parameters).Where({ $_.Name -match '^(All|Detailed|Total)$'}).foreach{ # Show switch parameters added by Get-Dictionary "`n -$($_.Name) [switch]`n $($_.HelpMessage)" } @@ -1097,7 +1106,9 @@ function Invoke-Request { .PARAMETER DYNAMIC A runtime parameter dictionary to search for user input values .PARAMETER DETAILED - Toggle the use of 'Detailed' with a command when using Invoke-Loop + Toggle the use of 'Detailed' with a command + .PARAMETER TOTAL + Toggle the use of 'Total' with a command .PARAMETER MODIFIER The name of a switch parameter used to modify a command when using Invoke-Loop .PARAMETER ALL @@ -1121,6 +1132,9 @@ function Invoke-Request { [Parameter()] [bool] $Detailed, + [Parameter()] + [bool] $Total, + [Parameter()] [string] $Modifier, @@ -1136,7 +1150,7 @@ function Invoke-Request { } } process { - if ($All) { + if ($All -and !$Total) { # Construct parameters and pass to Invoke-Loop $LoopParam = @{ Command = $Command @@ -1152,15 +1166,17 @@ function Invoke-Request { $LoopParam.Param[$Modifier] = $true } Invoke-Loop @LoopParam - } - else { + } else { foreach ($Param in (Get-Param -Endpoint $Endpoint -Dynamic $Dynamic)) { # Format Json body and make request Format-Body -Param $Param $Request = Invoke-Endpoint @Param - if ($Request -and $Detailed) { + if ($Request -and $Detailed -and !$Total) { # Make secondary request for detail about identifiers & $Command -Ids $Request + } elseif ($Request -and $Total) { + # Output total result count + $Meta.pagination.total } else { $Request } diff --git a/Public/cloud-connect-aws.ps1 b/Public/cloud-connect-aws.ps1 index 86e2d31a..a0b9960d 100644 --- a/Public/cloud-connect-aws.ps1 +++ b/Public/cloud-connect-aws.ps1 @@ -15,8 +15,7 @@ function Confirm-DiscoverAwsAccess { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -38,8 +37,7 @@ function Edit-DiscoverAwsAccount { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -63,8 +61,7 @@ function Get-DiscoverAwsAccount { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/cloud-connect-aws/combined/accounts/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -72,12 +69,9 @@ function Get-DiscoverAwsAccount { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param.Query = $Endpoints[2] - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[2] } } Invoke-Request @Param } @@ -100,8 +94,7 @@ function Get-DiscoverAwsSettings { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Endpoint -Endpoint $Endpoints[0] } } @@ -123,8 +116,7 @@ function New-DiscoverAwsAccount { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -146,8 +138,7 @@ function Remove-DiscoverAwsAccount { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -169,8 +160,7 @@ function Update-DiscoverAwsSettings { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } diff --git a/Public/cloud-connect-azure.ps1 b/Public/cloud-connect-azure.ps1 index fac27dce..7a9e8902 100644 --- a/Public/cloud-connect-azure.ps1 +++ b/Public/cloud-connect-azure.ps1 @@ -15,8 +15,7 @@ function Get-DiscoverAzureAccount { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -38,31 +37,7 @@ function New-DiscoverAzureAccount { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { - Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic - } - } -} -function Receive-DiscoverAzureScript { - <# - .SYNOPSIS - Additional information is available with the -Help parameter - .LINK - https://github.com/crowdstrike/psfalcon - #> - [CmdletBinding()] - [OutputType()] - param() - DynamicParam { - $Endpoints = @('/cloud-connect-azure/entities/user-scripts-download/v1:get') - return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) - } - process { - if ($PSBoundParameters.Help) { - Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -84,8 +59,7 @@ function Update-DiscoverAzureAccount { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } diff --git a/Public/cloud-connect-cspm-aws.ps1 b/Public/cloud-connect-cspm-aws.ps1 index 5f756748..37dc2da4 100644 --- a/Public/cloud-connect-cspm-aws.ps1 +++ b/Public/cloud-connect-cspm-aws.ps1 @@ -15,19 +15,8 @@ function Get-HorizonAwsAccount { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { - $Param = @{ - Command = $MyInvocation.MyCommand.Name - Query = $Endpoints[0] - Dynamic = $Dynamic - } - switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - } - Invoke-Request @Param + } else { + Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } @@ -48,8 +37,7 @@ function Get-HorizonAwsLink { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -71,8 +59,7 @@ function New-HorizonAwsAccount { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -91,11 +78,15 @@ function Receive-HorizonAwsScript { $Endpoints = @('/cloud-connect-cspm-aws/entities/user-scripts-download/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } + begin { + $Dynamic.Path.Value = $Falcon.GetAbsolutePath($Dynamic.Path.Value) + } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } elseif (Test-Path $Dynamic.Path.Value) { + throw "'$($Dynamic.Path.Value)' already exists." + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -117,8 +108,7 @@ function Remove-HorizonAwsAccount { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } diff --git a/Public/cloud-connect-cspm-azure.ps1 b/Public/cloud-connect-cspm-azure.ps1 index ac74b625..70feec8e 100644 --- a/Public/cloud-connect-cspm-azure.ps1 +++ b/Public/cloud-connect-cspm-azure.ps1 @@ -15,8 +15,7 @@ function Edit-HorizonAzureAccount { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -38,19 +37,8 @@ function Get-HorizonAzureAccount { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { - $Param = @{ - Command = $MyInvocation.MyCommand.Name - Query = $Endpoints[0] - Dynamic = $Dynamic - } - switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - } - Invoke-Request @Param + } else { + Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } } @@ -71,8 +59,7 @@ function New-HorizonAzureAccount { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -91,11 +78,15 @@ function Receive-HorizonAzureScript { $Endpoints = @('/cloud-connect-cspm-azure/entities/user-scripts-download/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } + begin { + $Dynamic.Path.Value = $Falcon.GetAbsolutePath($Dynamic.Path.Value) + } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } elseif (Test-Path $Dynamic.Path.Value) { + throw "'$($Dynamic.Path.Value)' already exists." + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -117,8 +108,7 @@ function Remove-HorizonAzureAccount { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } diff --git a/Public/cloud-connect-gcp.ps1 b/Public/cloud-connect-gcp.ps1 index 5552a626..7bc2fc54 100644 --- a/Public/cloud-connect-gcp.ps1 +++ b/Public/cloud-connect-gcp.ps1 @@ -15,8 +15,7 @@ function Get-DiscoverGcpAccount { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -38,13 +37,10 @@ function New-DiscoverGcpAccount { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { foreach ($Param in (Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic)) { $Param.Body.resources = ($Param.Body.resources.parent_id).foreach{ - @{ - parent_id = $_ - } + @{ parent_id = $_ } } Format-Body -Param $Param Invoke-Endpoint @Param @@ -66,11 +62,15 @@ function Receive-DiscoverGcpScript { $Endpoints = @('/cloud-connect-gcp/entities/user-scripts-download/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } + begin { + $Dynamic.Path.Value = $Falcon.GetAbsolutePath($Dynamic.Path.Value) + } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } elseif (Test-Path $Dynamic.Path.Value) { + throw "'$($Dynamic.Path.Value)' already exists." + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } diff --git a/Public/detects.ps1 b/Public/detects.ps1 index 434980bf..bfdd3912 100644 --- a/Public/detects.ps1 +++ b/Public/detects.ps1 @@ -15,12 +15,10 @@ function Edit-Detection { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif ($PSBoundParameters.Comment -and (-not($PSBoundParameters.AssignedToUuid -or + } elseif ($PSBoundParameters.Comment -and (-not($PSBoundParameters.AssignedToUuid -or $PSBoundParameters.ShowInUi -or $PSBoundParameters.Status))) { throw 'AssignedToUuid, ShowInUi or Status are required when using Comment' - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -42,8 +40,7 @@ function Get-Detection { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -51,12 +48,9 @@ function Get-Detection { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } diff --git a/Public/devices.ps1 b/Public/devices.ps1 index bf1b00dd..41099142 100644 --- a/Public/devices.ps1 +++ b/Public/devices.ps1 @@ -18,8 +18,7 @@ function Add-HostTag { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Ids = $Dynamic.Ids.value for ($i = 0; $i -lt $Ids.count; $i += $MaxHosts) { $Dynamic.Ids.value = $Ids[$i..($i + ($MaxHosts - 1))] @@ -48,16 +47,14 @@ function Edit-HostGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif ($PSBoundParameters.Array) { + } elseif ($PSBoundParameters.Array) { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param['Body'] = @{ resources = @( $PSBoundParameters.Array ) } Format-Body -Param $Param Invoke-Endpoint @Param - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -80,8 +77,7 @@ function Get-Host { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -89,13 +85,10 @@ function Get-Host { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } - 'Hidden' { + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } + 'Hidden' { $Param.Query = $Endpoints[2] $Param['Modifier'] = 'Hidden' } @@ -123,8 +116,7 @@ function Get-HostGroup { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/devices/combined/host-groups/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -132,12 +124,9 @@ function Get-HostGroup { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param.Query = $Endpoints[2] - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[2] } } Invoke-Request @Param } @@ -161,20 +150,16 @@ function Get-HostGroupMember { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/devices/combined/host-group-members/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param.Query = $Endpoints[1] - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[1] } } Invoke-Request @Param } @@ -197,16 +182,14 @@ function Invoke-HostAction { begin { $Max = if ($Dynamic.Name.Value -match '^(hide_host|unhide_host)$') { 100 - } - else { + } else { 500 } } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { foreach ($Param in (Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic -Max $Max)) { Format-Body -Param $Param Invoke-Endpoint @Param @@ -235,8 +218,7 @@ function Invoke-HostGroupAction { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $HostIds = $Dynamic.HostIds.value for ($i = 0; $i -lt $HostIds.count; $i += $MaxHosts) { $Dynamic.HostIds.value = $HostIds[$i..($i + ($MaxHosts - 1))] @@ -270,16 +252,14 @@ function New-HostGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif ($PSBoundParameters.Array) { + } elseif ($PSBoundParameters.Array) { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param['Body'] = @{ resources = @( $PSBoundParameters.Array ) } Format-Body -Param $Param Invoke-Endpoint @Param - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -301,8 +281,7 @@ function Remove-HostGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -327,8 +306,7 @@ function Remove-HostTag { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Ids = $Dynamic.Ids.value for ($i = 0; $i -lt $Ids.count; $i += $MaxHosts) { $Dynamic.Ids.value = $Ids[$i..($i + ($MaxHosts - 1))] diff --git a/Public/falconx.ps1 b/Public/falconx.ps1 index 5de916c2..d3995a8b 100644 --- a/Public/falconx.ps1 +++ b/Public/falconx.ps1 @@ -16,8 +16,7 @@ function Get-Report { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -25,13 +24,10 @@ function Get-Report { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } - 'Summary' { + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } + 'Summary' { $Param.Entity = $Endpoints[2] $Param['Modifier'] = 'Summary' } @@ -57,8 +53,7 @@ function Get-Submission { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -66,12 +61,9 @@ function Get-Submission { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -94,18 +86,15 @@ function Get-SubmissionQuota { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { try { Get-FalconSubmission -Limit 1 -ErrorAction SilentlyContinue | Out-Null if ($Script:Meta.Quota) { $Meta.Quota - } - else { + } else { throw "Unable to retrieve submission quota. Check client permissions." } - } - catch { + } catch { Write-Error $_ } } @@ -128,11 +117,9 @@ function New-Submission { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif ($PSBoundParameters.Url -and $PSBoundParameters.Sha256) { + } elseif ($PSBoundParameters.Url -and $PSBoundParameters.Sha256) { throw "Url and Sha256 cannot be combined in a submission." - } - else { + } else { if ($Dynamic.EnvironmentId.value) { $Dynamic.EnvironmentId.value = switch ($Dynamic.EnvironmentId.value) { 'Android' { 200 } @@ -162,11 +149,15 @@ function Receive-Artifact { $Endpoints = @('/falconx/entities/artifacts/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } + begin { + $Dynamic.Path.Value = $Falcon.GetAbsolutePath($Dynamic.Path.Value) + } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } elseif (Test-Path $Dynamic.Path.Value) { + throw "'$($Dynamic.Path.Value)' already exists." + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -188,8 +179,7 @@ function Remove-Report { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } diff --git a/Public/fwmgr.ps1 b/Public/fwmgr.ps1 index b5630682..a3c4d4e4 100644 --- a/Public/fwmgr.ps1 +++ b/Public/fwmgr.ps1 @@ -15,8 +15,7 @@ function Edit-FirewallGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { foreach ($Param in (Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic)) { $Param['Header'] = @{ 'X-CS-USERNAME' = "api-client-id:$($Falcon.ClientId)" @@ -45,8 +44,7 @@ function Edit-FirewallSetting { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { foreach ($Param in (Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic)) { $Param['Header'] = @{ 'X-CS-USERNAME' = "api-client-id:$($Falcon.ClientId)" @@ -74,8 +72,7 @@ function Get-FirewallEvent { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -83,12 +80,9 @@ function Get-FirewallEvent { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -111,8 +105,7 @@ function Get-FirewallField { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -120,12 +113,9 @@ function Get-FirewallField { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -148,8 +138,7 @@ function Get-FirewallGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -157,12 +146,9 @@ function Get-FirewallGroup { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -185,8 +171,7 @@ function Get-FirewallPlatform { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -194,12 +179,9 @@ function Get-FirewallPlatform { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } # should this be here? - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -222,8 +204,7 @@ function Get-FirewallRule { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -231,12 +212,9 @@ function Get-FirewallRule { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -259,8 +237,7 @@ function Get-FirewallSetting { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -282,8 +259,7 @@ function New-FirewallGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { foreach ($Param in (Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic)) { $Param['Header'] = @{ 'X-CS-USERNAME' = "api-client-id:$($Falcon.ClientId)" @@ -311,8 +287,7 @@ function Remove-FirewallGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { foreach ($Param in (Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic)) { $Param['Header'] = @{ 'X-CS-USERNAME' = "api-client-id:$($Falcon.ClientId)" diff --git a/Public/incidents.ps1 b/Public/incidents.ps1 index 943775b1..c8a8352a 100644 --- a/Public/incidents.ps1 +++ b/Public/incidents.ps1 @@ -15,8 +15,7 @@ function Get-Behavior { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -24,12 +23,9 @@ function Get-Behavior { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -52,8 +48,7 @@ function Get-Incident { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -61,12 +56,9 @@ function Get-Incident { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -89,17 +81,15 @@ function Get-Score { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } } Invoke-Request @Param } @@ -122,8 +112,7 @@ function Invoke-IncidentAction { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { if ($Dynamic.'Name'.value -eq 'update_status') { if ($Dynamic.'Value'.value -match '(closed|in_progress|new|reopened)') { $Dynamic.'Value'.value = switch ($Dynamic.'Value'.value) { diff --git a/Public/installation-tokens.ps1 b/Public/installation-tokens.ps1 index 4c40c456..e08ecee3 100644 --- a/Public/installation-tokens.ps1 +++ b/Public/installation-tokens.ps1 @@ -15,8 +15,7 @@ function Edit-InstallToken { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -38,8 +37,7 @@ function Get-InstallToken { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -47,12 +45,9 @@ function Get-InstallToken { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -76,8 +71,7 @@ function Get-InstallTokenEvent { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -85,12 +79,9 @@ function Get-InstallTokenEvent { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -113,8 +104,7 @@ function Get-InstallTokenSettings { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Endpoint -Endpoint $Endpoints[0] } } @@ -136,8 +126,7 @@ function New-InstallToken { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -159,8 +148,7 @@ function Remove-InstallToken { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } diff --git a/Public/intel.ps1 b/Public/intel.ps1 index 07247ef6..e4bbfd25 100644 --- a/Public/intel.ps1 +++ b/Public/intel.ps1 @@ -16,8 +16,7 @@ function Get-Actor { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @('/intel/combined/actors/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -25,12 +24,9 @@ function Get-Actor { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param.Query = $Endpoints[2] - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[2] } } Invoke-Request @Param } @@ -55,8 +51,7 @@ function Get-Indicator { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/intel/combined/indicators/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -64,12 +59,9 @@ function Get-Indicator { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param.Query = $Endpoints[2] - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[2] } } Invoke-Request @Param } @@ -93,8 +85,7 @@ function Get-Intel { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @('/intel/combined/reports/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -102,12 +93,9 @@ function Get-Intel { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param.Query = $Endpoints[2] - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[2] } } Invoke-Request @Param } @@ -130,8 +118,7 @@ function Get-Rule { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -139,12 +126,9 @@ function Get-Rule { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -164,11 +148,15 @@ function Receive-Intel { $Endpoints = @('/intel/entities/report-files/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } + begin { + $Dynamic.Path.Value = $Falcon.GetAbsolutePath($Dynamic.Path.Value) + } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } elseif (Test-Path $Dynamic.Path.Value) { + throw "'$($Dynamic.Path.Value)' already exists." + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -187,16 +175,19 @@ function Receive-Rule { $Endpoints = @('/intel/entities/rules-files/v1:get', '/intel/entities/rules-latest-files/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } + begin { + $Dynamic.Path.Value = $Falcon.GetAbsolutePath($Dynamic.Path.Value) + } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } elseif (Test-Path $Dynamic.Path.Value) { + throw "'$($Dynamic.Path.Value)' already exists." + } else { $Param = Get-Param -Endpoint $PSCmdlet.ParameterSetName -Dynamic $Dynamic $Format = if ($Param.Path -match '\.gzip$') { "format=gzip" - } - else { + } else { "format=zip" } $Param.Query = @($Param.Query, $Format) diff --git a/Public/ioarules.ps1 b/Public/ioarules.ps1 index 04d1926a..06262bf7 100644 --- a/Public/ioarules.ps1 +++ b/Public/ioarules.ps1 @@ -15,8 +15,7 @@ function Edit-IOAGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { foreach ($Param in (Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic)) { $Param['Header'] = @{ 'X-CS-USERNAME' = "api-client-id:$($Falcon.ClientId)" @@ -44,8 +43,7 @@ function Edit-IOARule { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { foreach ($Param in (Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic)) { $Param['Header'] = @{ 'X-CS-USERNAME' = "api-client-id:$($Falcon.ClientId)" @@ -73,19 +71,17 @@ function Get-IOAGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Entity = $Endpoints[1] Dynamic = $Dynamic } - if ($PSBoundParameters.All) { - $Param['All'] = $true - } - if ($PSBoundParameters.Detailed) { - $Param['Detailed'] = $true + switch ($PSBoundParameters.Keys) { + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -108,8 +104,7 @@ function Get-IOAPlatform { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -117,12 +112,9 @@ function Get-IOAPlatform { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -145,8 +137,7 @@ function Get-IOARule { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -154,12 +145,9 @@ function Get-IOARule { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -182,8 +170,7 @@ function Get-IOASeverity { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -191,12 +178,9 @@ function Get-IOASeverity { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -219,8 +203,7 @@ function Get-IOAType { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -228,12 +211,9 @@ function Get-IOAType { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -256,8 +236,7 @@ function New-IOAGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { foreach ($Param in (Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic)) { $Param['Header'] = @{ 'X-CS-USERNAME' = "api-client-id:$($Falcon.ClientId)" @@ -285,8 +264,7 @@ function New-IOARule { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { foreach ($Param in (Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic)) { $Param['Header'] = @{ 'X-CS-USERNAME' = "api-client-id:$($Falcon.ClientId)" @@ -314,8 +292,7 @@ function Remove-IOAGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { foreach ($Param in (Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic)) { $Param['Header'] = @{ 'X-CS-USERNAME' = "api-client-id:$($Falcon.ClientId)" @@ -342,8 +319,7 @@ function Remove-IOARule { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { foreach ($Param in (Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic)) { $Param['Header'] = @{ 'X-CS-USERNAME' = "api-client-id:$($Falcon.ClientId)" @@ -370,8 +346,7 @@ function Test-IOARule { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { foreach ($Param in (Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic)) { $Param['Header'] = @{ 'X-CS-USERNAME' = "api-client-id:$($Falcon.ClientId)" diff --git a/Public/iocs.ps1 b/Public/iocs.ps1 index 33e84296..fc850a2c 100644 --- a/Public/iocs.ps1 +++ b/Public/iocs.ps1 @@ -46,6 +46,7 @@ function Get-IOC { } switch ($PSBoundParameters.Keys) { 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param diff --git a/Public/malquery.ps1 b/Public/malquery.ps1 index 47b534c6..2d31eb2a 100644 --- a/Public/malquery.ps1 +++ b/Public/malquery.ps1 @@ -15,8 +15,7 @@ function Get-MalQuery { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -38,8 +37,7 @@ function Get-MalQueryQuota { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Endpoint -Endpoint $Endpoints[0] } } @@ -61,8 +59,7 @@ function Get-MalQuerySample { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -84,8 +81,7 @@ function Group-MalQuerySample { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -108,8 +104,7 @@ function Invoke-MalQuery { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = Get-Param -Endpoint $PSCmdlet.ParameterSetName -Dynamic $Dynamic if ($Param.Body.options) { $Param.Body.options = $Param.Body.options[0] @@ -133,15 +128,18 @@ function Receive-MalQuerySample { $Endpoints = @('/malquery/entities/download-files/v1:get', '/malquery/entities/samples-fetch/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } + begin { + $Dynamic.Path.Value = $Falcon.GetAbsolutePath($Dynamic.Path.Value) + } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } elseif (Test-Path $Dynamic.Path.Value) { + throw "'$($Dynamic.Path.Value)' already exists." + } else { $Endpoint = if ($Dynamic.Id.Value -match '\w{8}-\w{4}-\w{4}-\w{4}-\w{12}') { $Endpoints[1] - } - else { + } else { $Endpoints[0] } Invoke-Request -Query $Endpoint -Dynamic $Dynamic diff --git a/Public/mssp.ps1 b/Public/mssp.ps1 index 2fea154c..9da9fb8a 100644 --- a/Public/mssp.ps1 +++ b/Public/mssp.ps1 @@ -15,8 +15,7 @@ function Add-CIDGroupMember { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -38,8 +37,7 @@ function Add-GroupRole { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -61,8 +59,7 @@ function Add-UserGroupMember { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -84,8 +81,7 @@ function Edit-CIDGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -107,8 +103,7 @@ function Edit-UserGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -130,8 +125,7 @@ function Get-CIDGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -139,12 +133,9 @@ function Get-CIDGroup { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -167,8 +158,7 @@ function Get-CIDGroupMember { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -176,12 +166,9 @@ function Get-CIDGroupMember { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -204,8 +191,7 @@ function Get-GroupRole { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -213,12 +199,9 @@ function Get-GroupRole { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -241,8 +224,7 @@ function Get-MemberCID { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -250,12 +232,9 @@ function Get-MemberCID { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -278,8 +257,7 @@ function Get-UserGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -287,12 +265,9 @@ function Get-UserGroup { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -316,23 +291,18 @@ function Get-UserGroupMember { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/mssp/entities/user-group-members/v1:get') - } - elseif ($PSBoundParameters.Id -match '\w{32}') { + } elseif ($PSBoundParameters.Id -match '\w{32}') { Invoke-Request -Query $Endpoints[1] -Dynamic $Dynamic - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -355,8 +325,7 @@ function New-CIDGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -378,8 +347,7 @@ function New-UserGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -401,8 +369,7 @@ function Remove-CIDGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -424,8 +391,7 @@ function Remove-CIDGroupMember { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -447,8 +413,7 @@ function Remove-GroupRole { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -470,8 +435,7 @@ function Remove-UserGroup { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -493,8 +457,7 @@ function Remove-UserGroupMember { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } diff --git a/Public/oauth2.ps1 b/Public/oauth2.ps1 index b4863686..1819dc8d 100644 --- a/Public/oauth2.ps1 +++ b/Public/oauth2.ps1 @@ -15,8 +15,7 @@ function Request-Token { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { if (-not($PSBoundParameters.Cloud)) { if (-not($Falcon.Hostname)) { $PSBoundParameters.Cloud = 'us-1' diff --git a/Public/policy.ps1 b/Public/policy.ps1 index 81d4dd70..7d07451b 100644 --- a/Public/policy.ps1 +++ b/Public/policy.ps1 @@ -15,16 +15,14 @@ function Edit-DeviceControlPolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif ($PSBoundParameters.Array) { + } elseif ($PSBoundParameters.Array) { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param['Body'] = @{ resources = @( $PSBoundParameters.Array ) } Format-Body -Param $Param Invoke-Endpoint @Param - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -46,16 +44,14 @@ function Edit-FirewallPolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif ($PSBoundParameters.Array) { + } elseif ($PSBoundParameters.Array) { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param['Body'] = @{ resources = @( $PSBoundParameters.Array ) } Format-Body -Param $Param Invoke-Endpoint @Param - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -77,8 +73,7 @@ function Edit-IOAExclusion { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -100,8 +95,7 @@ function Edit-MLExclusion { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -123,16 +117,14 @@ function Edit-PreventionPolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif ($PSBoundParameters.Array) { + } elseif ($PSBoundParameters.Array) { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param['Body'] = @{ resources = @( $PSBoundParameters.Array ) } Format-Body -Param $Param Invoke-Endpoint @Param - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -154,16 +146,14 @@ function Edit-ResponsePolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif ($PSBoundParameters.Array) { + } elseif ($PSBoundParameters.Array) { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param['Body'] = @{ resources = @( $PSBoundParameters.Array ) } Format-Body -Param $Param Invoke-Endpoint @Param - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -185,16 +175,14 @@ function Edit-SensorUpdatePolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif ($PSBoundParameters.Array) { + } elseif ($PSBoundParameters.Array) { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param['Body'] = @{ resources = @( $PSBoundParameters.Array ) } Format-Body -Param $Param Invoke-Endpoint @Param - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -216,8 +204,7 @@ function Edit-SVExclusion { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -239,8 +226,7 @@ function Get-Build { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -264,19 +250,17 @@ function Get-DeviceControlPolicy { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/policy/combined/device-control/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Entity = $Endpoints[1] Dynamic = $Dynamic } - if ($PSBoundParameters.All) { - $Param['All'] = $true - } - if ($PSBoundParameters.Detailed) { - $Param.Query = $Endpoints[2] + switch ($PSBoundParameters.Keys) { + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[2] } } Invoke-Request @Param } @@ -301,20 +285,16 @@ function Get-DeviceControlPolicyMember { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/policy/combined/device-control-members/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param.Query = $Endpoints[1] - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[1] } } Invoke-Request @Param } @@ -338,19 +318,17 @@ function Get-FirewallPolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @('/policy/combined/firewall/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Entity = $Endpoints[1] Dynamic = $Dynamic } - if ($PSBoundParameters.All) { - $Param['All'] = $true - } - if ($PSBoundParameters.Detailed) { - $Param.Query = $Endpoints[2] + switch ($PSBoundParameters.Keys) { + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[2] } } Invoke-Request @Param } @@ -374,20 +352,16 @@ function Get-FirewallPolicyMember { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/policy/combined/firewall-members/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param.Query = $Endpoints[1] - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[1] } } Invoke-Request @Param } @@ -410,8 +384,7 @@ function Get-IOAExclusion { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -419,12 +392,9 @@ function Get-IOAExclusion { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -447,8 +417,7 @@ function Get-MLExclusion { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -456,12 +425,9 @@ function Get-MLExclusion { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -486,19 +452,17 @@ function Get-PreventionPolicy { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/policy/combined/prevention/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Entity = $Endpoints[1] Dynamic = $Dynamic } - if ($PSBoundParameters.All) { - $Param['All'] = $true - } - if ($PSBoundParameters.Detailed) { - $Param.Query = $Endpoints[2] + switch ($PSBoundParameters.Keys) { + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[2] } } Invoke-Request @Param } @@ -522,20 +486,16 @@ function Get-PreventionPolicyMember { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/policy/combined/prevention-members/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param.Query = $Endpoints[1] - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[1] } } Invoke-Request @Param } @@ -560,19 +520,17 @@ function Get-ResponsePolicy { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/policy/combined/response/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Entity = $Endpoints[1] Dynamic = $Dynamic } - if ($PSBoundParameters.All) { - $Param['All'] = $true - } - if ($PSBoundParameters.Detailed) { - $Param.Query = $Endpoints[2] + switch ($PSBoundParameters.Keys) { + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[2] } } Invoke-Request @Param } @@ -596,20 +554,16 @@ function Get-ResponsePolicyMember { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/policy/combined/response-members/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param.Query = $Endpoints[1] - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[1] } } Invoke-Request @Param } @@ -634,19 +588,17 @@ function Get-SensorUpdatePolicy { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/policy/combined/sensor-update/v2:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Entity = $Endpoints[1] Dynamic = $Dynamic } - if ($PSBoundParameters.All) { - $Param['All'] = $true - } - if ($PSBoundParameters.Detailed) { - $Param.Query = $Endpoints[2] + switch ($PSBoundParameters.Keys) { + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[2] } } Invoke-Request @Param } @@ -671,20 +623,16 @@ function Get-SensorUpdatePolicyMember { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/policy/combined/sensor-update-members/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param.Query = $Endpoints[1] - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[1] } } Invoke-Request @Param } @@ -707,8 +655,7 @@ function Get-SVExclusion { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -716,12 +663,9 @@ function Get-SVExclusion { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -744,8 +688,7 @@ function Get-UninstallToken { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -767,8 +710,7 @@ function Invoke-DeviceControlPolicyAction { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param.Body.ids = @( $Param.Body.ids ) if ($Param.Body.action_parameters) { @@ -796,8 +738,7 @@ function Invoke-FirewallPolicyAction { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param.Body.ids = @( $Param.Body.ids ) if ($Param.Body.action_parameters) { @@ -825,8 +766,7 @@ function Invoke-PreventionPolicyAction { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param.Body.ids = @( $Param.Body.ids ) if ($Param.Body.action_parameters) { @@ -859,8 +799,7 @@ function Invoke-ResponsePolicyAction { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param.Body.ids = @( $Param.Body.ids ) if ($Param.Body.action_parameters) { @@ -889,8 +828,7 @@ function Invoke-SensorUpdatePolicyAction { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param.Body.ids = @( $Param.Body.ids ) if ($Param.Body.action_parameters) { @@ -918,16 +856,14 @@ function New-DeviceControlPolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif ($PSBoundParameters.Array) { + } elseif ($PSBoundParameters.Array) { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param['Body'] = @{ resources = @( $PSBoundParameters.Array ) } Format-Body -Param $Param Invoke-Endpoint @Param - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -949,16 +885,14 @@ function New-FirewallPolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif ($PSBoundParameters.Array) { + } elseif ($PSBoundParameters.Array) { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param['Body'] = @{ resources = @( $PSBoundParameters.Array ) } Format-Body -Param $Param Invoke-Endpoint @Param - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1005,8 +939,7 @@ function New-MLExclusion { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param.Body.groups = @( $Param.Body.groups ) Format-Body -Param $Param @@ -1031,16 +964,14 @@ function New-PreventionPolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif ($PSBoundParameters.Array) { + } elseif ($PSBoundParameters.Array) { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param['Body'] = @{ resources = @( $PSBoundParameters.Array ) } Format-Body -Param $Param Invoke-Endpoint @Param - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1062,16 +993,14 @@ function New-ResponsePolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif ($PSBoundParameters.Array) { + } elseif ($PSBoundParameters.Array) { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param['Body'] = @{ resources = @( $PSBoundParameters.Array ) } Format-Body -Param $Param Invoke-Endpoint @Param - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1093,16 +1022,14 @@ function New-SensorUpdatePolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif ($PSBoundParameters.Array) { + } elseif ($PSBoundParameters.Array) { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param['Body'] = @{ resources = @( $PSBoundParameters.Array ) } Format-Body -Param $Param Invoke-Endpoint @Param - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1124,8 +1051,7 @@ function New-SVExclusion { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param.Body.groups = @( $Param.Body.groups ) Format-Body -Param $Param @@ -1150,8 +1076,7 @@ function Remove-DeviceControlPolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1173,8 +1098,7 @@ function Remove-FirewallPolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1196,8 +1120,7 @@ function Remove-IOAExclusion { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1219,8 +1142,7 @@ function Remove-MLExclusion { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1242,8 +1164,7 @@ function Remove-PreventionPolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1265,8 +1186,7 @@ function Remove-ResponsePolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1288,8 +1208,7 @@ function Remove-SensorUpdatePolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1311,8 +1230,7 @@ function Remove-SVExclusion { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1334,8 +1252,7 @@ function Set-DeviceControlPrecedence { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1357,8 +1274,7 @@ function Set-FirewallPrecedence { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1380,8 +1296,7 @@ function Set-PreventionPrecedence { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1403,8 +1318,7 @@ function Set-ResponsePrecedence { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -1426,8 +1340,7 @@ function Set-SensorUpdatePrecedence { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } diff --git a/Public/processes.ps1 b/Public/processes.ps1 index 153b5f8c..b22b01db 100644 --- a/Public/processes.ps1 +++ b/Public/processes.ps1 @@ -15,8 +15,7 @@ function Get-Process { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } diff --git a/Public/real-time-response.ps1 b/Public/real-time-response.ps1 index 09c9da71..c72e6951 100644 --- a/Public/real-time-response.ps1 +++ b/Public/real-time-response.ps1 @@ -5,7 +5,7 @@ function Confirm-AdminCommand { .LINK https://github.com/crowdstrike/psfalcon #> - [CmdletBinding()] + [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/admin-command/v1:get')] [OutputType()] param() DynamicParam { @@ -20,8 +20,7 @@ function Confirm-AdminCommand { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -41,7 +40,7 @@ function Confirm-Command { .LINK https://github.com/crowdstrike/psfalcon #> - [CmdletBinding()] + [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/command/v1:get')] [OutputType()] param() DynamicParam { @@ -56,8 +55,7 @@ function Confirm-Command { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -88,8 +86,7 @@ function Confirm-GetFile { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $PSCmdlet.ParameterSetName @@ -98,7 +95,17 @@ function Confirm-GetFile { if ($PSBoundParameters.All) { $Param['All'] = $true } - Invoke-Request @Param + $Request = Invoke-Request @Param + if ($PSCmdlet.ParameterSetName -eq '/real-time-response/combined/batch-get-command/v1:get') { + $Request.PSObject.Properties | ForEach-Object { + $Aid = $_.Name + ($_.Value).PSObject.Properties.Add((New-Object PSNoteProperty( + 'aid', $Aid))) + $_.Value + } + } else { + $Request + } } } } @@ -109,7 +116,7 @@ function Confirm-ResponderCommand { .LINK https://github.com/crowdstrike/psfalcon #> - [CmdletBinding()] + [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/active-responder-command/v1:get')] [OutputType()] param() DynamicParam { @@ -124,8 +131,7 @@ function Confirm-ResponderCommand { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -145,7 +151,7 @@ function Edit-Script { .LINK https://github.com/crowdstrike/psfalcon #> - [CmdletBinding()] + [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/scripts/v1:patch')] [OutputType()] param() DynamicParam { @@ -160,11 +166,9 @@ function Edit-Script { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif ($Dynamic.Path.Value -and -not(Test-Path $Dynamic.Path.Value)) { + } elseif ($Dynamic.Path.Value -and -not(Test-Path $Dynamic.Path.Value)) { throw "Cannot find path '$($Dynamic.Path.Value)' because it does not exist." - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -180,14 +184,14 @@ function Get-PutFile { [OutputType()] param() DynamicParam { - $Endpoints = @('/real-time-response/queries/put-files/v1:get', '/real-time-response/entities/put-files/v1:get') + $Endpoints = @('/real-time-response/queries/put-files/v1:get', + '/real-time-response/entities/put-files/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -195,12 +199,9 @@ function Get-PutFile { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -225,8 +226,7 @@ function Get-Script { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { # Evaluate input and make request $Param = @{ Command = $MyInvocation.MyCommand.Name @@ -235,12 +235,9 @@ function Get-Script { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -265,8 +262,7 @@ function Get-Session { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -274,16 +270,13 @@ function Get-Session { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'Queue' { + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } + 'Queue' { $Param.Entity = $Endpoints[2] $Param['Modifier'] = 'Queue' } - 'Detailed' { - $Param['Detailed'] = $true - } - 'All' { - $Param['All'] = $true - } } Invoke-Request @Param } @@ -307,12 +300,10 @@ function Invoke-AdminCommand { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { if ($Dynamic.Arguments.value) { $Dynamic.Arguments.value = $Dynamic.Command.value, $Dynamic.Arguments.value -join ' ' - } - else { + } else { $Dynamic.Arguments.value = $Dynamic.Command.value } Invoke-Request -Query $PSCmdlet.ParameterSetName -Dynamic $Dynamic @@ -326,7 +317,7 @@ function Invoke-BatchGet { .LINK https://github.com/crowdstrike/psfalcon #> - [CmdletBinding()] + [CmdletBinding(DefaultParameterSetName = '/real-time-response/combined/batch-get-command/v1:post')] [OutputType()] param() DynamicParam { @@ -336,8 +327,7 @@ function Invoke-BatchGet { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -360,12 +350,10 @@ function Invoke-Command { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { if ($Dynamic.Arguments.value) { $Dynamic.Arguments.value = $Dynamic.Command.value, $Dynamic.Arguments.value -join ' ' - } - else { + } else { $Dynamic.Arguments.value = $Dynamic.Command.value } Invoke-Request -Query $PSCmdlet.ParameterSetName -Dynamic $Dynamic @@ -390,12 +378,10 @@ function Invoke-ResponderCommand { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { if ($Dynamic.Arguments.value) { $Dynamic.Arguments.value = $Dynamic.Command.value, $Dynamic.Arguments.value -join ' ' - } - else { + } else { $Dynamic.Arguments.value = $Dynamic.Command.value } Invoke-Request -Query $PSCmdlet.ParameterSetName -Dynamic $Dynamic @@ -409,18 +395,22 @@ function Receive-GetFile { .LINK https://github.com/crowdstrike/psfalcon #> - [CmdletBinding()] + [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/extracted-file-contents/v1:get')] [OutputType()] param() DynamicParam { $Endpoints = @('/real-time-response/entities/extracted-file-contents/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } + begin { + $Dynamic.Path.Value = $Falcon.GetAbsolutePath($Dynamic.Path.Value) + } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } elseif (Test-Path $Dynamic.Path.Value) { + throw "'$($Dynamic.Path.Value)' already exists." + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -432,7 +422,7 @@ function Remove-Command { .LINK https://github.com/crowdstrike/psfalcon #> - [CmdletBinding()] + [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/queued-sessions/command/v1:delete')] [OutputType()] param() DynamicParam { @@ -442,8 +432,7 @@ function Remove-Command { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -455,7 +444,7 @@ function Remove-GetFile { .LINK https://github.com/crowdstrike/psfalcon #> - [CmdletBinding()] + [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/file/v1:delete')] [OutputType()] param() DynamicParam { @@ -465,8 +454,7 @@ function Remove-GetFile { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -478,7 +466,7 @@ function Remove-PutFile { .LINK https://github.com/crowdstrike/psfalcon #> - [CmdletBinding()] + [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/put-files/v1:delete')] [OutputType()] param() DynamicParam { @@ -488,8 +476,7 @@ function Remove-PutFile { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -501,7 +488,7 @@ function Remove-Script { .LINK https://github.com/crowdstrike/psfalcon #> - [CmdletBinding()] + [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/scripts/v1:delete')] [OutputType()] param() DynamicParam { @@ -511,8 +498,7 @@ function Remove-Script { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -524,7 +510,7 @@ function Remove-Session { .LINK https://github.com/crowdstrike/psfalcon #> - [CmdletBinding()] + [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/sessions/v1:delete')] [OutputType()] param() DynamicParam { @@ -534,8 +520,7 @@ function Remove-Session { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -547,7 +532,7 @@ function Send-PutFile { .LINK https://github.com/crowdstrike/psfalcon #> - [CmdletBinding()] + [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/put-files/v1:post')] [OutputType()] param() DynamicParam { @@ -560,11 +545,9 @@ function Send-PutFile { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif (-not(Test-Path $Dynamic.Path.Value)) { + } elseif (-not(Test-Path $Dynamic.Path.Value)) { throw "Cannot find path '$($Dynamic.Path.Value)' because it does not exist." - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -576,7 +559,7 @@ function Send-Script { .LINK https://github.com/crowdstrike/psfalcon #> - [CmdletBinding()] + [CmdletBinding(DefaultParameterSetName = '/real-time-response/entities/scripts/v1:post')] [OutputType()] param() DynamicParam { @@ -589,11 +572,9 @@ function Send-Script { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif (-not(Test-Path $Dynamic.Path.Value)) { + } elseif (-not(Test-Path $Dynamic.Path.Value)) { throw "Cannot find path '$($Dynamic.Path.Value)' because it does not exist." - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -616,8 +597,7 @@ function Start-Session { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $PSCmdlet.ParameterSetName -Dynamic $Dynamic } } @@ -640,8 +620,7 @@ function Update-Session { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $PSCmdlet.ParameterSetName -Dynamic $Dynamic } } diff --git a/Public/recon.ps1 b/Public/recon.ps1 index c6c52e2a..d09af73b 100644 --- a/Public/recon.ps1 +++ b/Public/recon.ps1 @@ -75,6 +75,7 @@ function Get-ReconAction { } switch ($PSBoundParameters.Keys) { 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param @@ -114,6 +115,7 @@ function Get-ReconNotification { } switch ($PSBoundParameters.Keys) { 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param @@ -146,6 +148,7 @@ function Get-ReconRule { } switch ($PSBoundParameters.Keys) { 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param diff --git a/Public/samples.ps1 b/Public/samples.ps1 index 68a236ad..45673b5a 100644 --- a/Public/samples.ps1 +++ b/Public/samples.ps1 @@ -15,8 +15,7 @@ function Get-Sample { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $PSCmdlet.ParameterSetName -Dynamic $Dynamic } } @@ -35,11 +34,15 @@ function Receive-Sample { $Endpoints = @('/samples/entities/samples/v3:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } + begin { + $Dynamic.Path.Value = $Falcon.GetAbsolutePath($Dynamic.Path.Value) + } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } elseif (Test-Path $Dynamic.Path.Value) { + throw "'$($Dynamic.Path.Value)' already exists." + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -61,8 +64,7 @@ function Remove-Sample { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -90,11 +92,9 @@ function Send-Sample { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif (-not(Test-Path $Dynamic.Path.Value)) { + } elseif (-not(Test-Path $Dynamic.Path.Value)) { throw "Cannot find path '$($Dynamic.Path.Value)' because it does not exist." - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } diff --git a/Public/scanner.ps1 b/Public/scanner.ps1 index 169586a7..d3c853fc 100644 --- a/Public/scanner.ps1 +++ b/Public/scanner.ps1 @@ -15,8 +15,7 @@ function Get-QuickScan { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -24,12 +23,9 @@ function Get-QuickScan { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } @@ -83,8 +79,7 @@ function New-QuickScan { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } diff --git a/Public/scripts.ps1 b/Public/scripts.ps1 index 05f71276..14a8bbff 100644 --- a/Public/scripts.ps1 +++ b/Public/scripts.ps1 @@ -41,11 +41,9 @@ function Export-Report { function Add-Field ($Object, $Name, $Value) { $Value = if ($Value -and $Name -match $TimeRegex) { [datetime] $Value - } - elseif (($Value -is [object[]]) -and ($Value[0] -is [string])) { + } elseif (($Value -is [object[]]) -and ($Value[0] -is [string])) { $Value -join ', ' - } - else { + } else { $Value } $Object.PSObject.Properties.Add((New-Object PSNoteProperty($Name, $Value))) @@ -64,8 +62,7 @@ function Export-Report { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Output = switch (($Meta.PSObject.TypeNames).Where({ $_ -notmatch '^System.*$' })) { { $TypeNames.Detection -contains $_ } { $PSBoundParameters.Object | ForEach-Object { @@ -76,17 +73,14 @@ function Export-Report { $_.PSObject.Properties | ForEach-Object { if ($_.Name -eq 'device') { Add-Field @Param -Name 'device_id' -Value $_.Value.device_id - } - elseif ($_.Name -eq 'behaviors') { + } elseif ($_.Name -eq 'behaviors') { $TTP = $_.Value | ForEach-Object { "$($_.tactic_id):$($_.technique_id)" } Add-Field @Param -Name 'tactic_and_technique' -Value ($TTP -join ', ') - } - elseif ($_.Name -eq 'quarantined_files') { + } elseif ($_.Name -eq 'quarantined_files') { Add-Field @Param -Name 'quarantined_files' -Value $_.Value.id - } - elseif ($Exclusions.Detection -notcontains $_.Name) { + } elseif ($Exclusions.Detection -notcontains $_.Name) { Add-Field @Param -Name $_.Name -Value $_.Value } } @@ -102,13 +96,11 @@ function Export-Report { $_.PSObject.Properties | ForEach-Object { if ($_.Name -eq 'groups') { Add-Field @Param -Name $_.Name -Value ($_.Value.id -join ', ') - } - elseif ($_.Name -eq 'settings') { + } elseif ($_.Name -eq 'settings') { Add-Field @Param -Name 'enforcement_mode' -Value $_.Value.enforcement_mode Add-Field @Param -Name 'end_user_notification' -Value $_.Value.end_user_notification - } - else { + } else { Add-Field @Param -Name $_.Name -Value $_.Value } } @@ -124,8 +116,7 @@ function Export-Report { $_.PSObject.Properties | ForEach-Object { if ($_.Name -eq 'groups') { Add-Field @Param -Name $_.Name -Value ($_.Value.id -join ', ') - } - else { + } else { Add-Field @Param -Name $_.Name -Value $_.Value } } @@ -145,8 +136,7 @@ function Export-Report { Add-Field @Param -Name "$($_.Name)_assigned" -Value $_.Value.assigned_date $Applied = if ($_.Value.applied -eq $true) { $_.Value.applied_date - } - else { + } else { $null } Add-Field @Param -Name "$($_.Name)_applied" -Value $Applied @@ -155,11 +145,9 @@ function Export-Report { $_.Value.uninstall_protection) } } - } - elseif ($_.Name -eq 'meta') { + } elseif ($_.Name -eq 'meta') { Add-Field @Param -Name "$($_.Name)_version" -Value $_.Value.version - } - elseif ($Exclusions.Host -notcontains $_.Name) { + } elseif ($Exclusions.Host -notcontains $_.Name) { Add-Field @Param -Name $_.Name -Value $_.Value } } @@ -195,8 +183,7 @@ function Export-Report { value = ($_).Split(':')[1] } } - } - else { + } else { Get-SimpleObject -Object $PSBoundParameters.Object } } @@ -209,19 +196,16 @@ function Export-Report { $_.PSObject.Properties | ForEach-Object { if ($_.Name -eq 'groups') { Add-Field @Param -Name $_.Name -Value ($_.Value.id -join ', ') - } - elseif ($_.Name -eq 'prevention_settings') { + } elseif ($_.Name -eq 'prevention_settings') { $_.Value.settings | ForEach-Object { if ($_.type -eq 'toggle') { Add-Field @Param -Name $_.id -Value $_.Value.enabled - } - else { + } else { Add-Field @Param -Name $_.id -Value ( "$($_.Value.detection):$($_.Value.prevention)") } } - } - else { + } else { Add-Field @Param -Name $_.Name -Value $_.Value } } @@ -240,13 +224,11 @@ function Export-Report { $_.PSObject.Properties | ForEach-Object { if ($_.Name -eq 'groups') { Add-Field @Param -Name $_.Name -Value ($_.Value.id -join ', ') - } - elseif ($_.Name -eq 'settings') { + } elseif ($_.Name -eq 'settings') { $_.Value.psobject.properties | ForEach-Object { Add-Field @Param -Name $_.Name -Value $_.Value } - } - else { + } else { Add-Field @Param -Name $_.Name -Value $_.Value } } @@ -267,26 +249,21 @@ function Export-Report { $_.Value.psobject.properties | ForEach-Object { Add-Field @Param -Name "cve_$($_.Name)" -Value $_.Value } - } - elseif ($_.Name -eq 'app') { + } elseif ($_.Name -eq 'app') { $_.Value.psobject.properties | ForEach-Object { Add-Field @Param -Name $_.Name -Value $_.Value } - } - elseif ($_.Name -eq 'host_info') { + } elseif ($_.Name -eq 'host_info') { $_.Value.psobject.properties | ForEach-Object { if ($_.Name -eq 'groups') { Add-Field @Param -Name $_.Name -Value ($_.Value.name -join ', ') - } - else { + } else { Add-Field @Param -Name $_.Name -Value $_.Value } } - } - elseif ($_.Name -eq 'remediation') { + } elseif ($_.Name -eq 'remediation') { Add-Field @Param -Name "remediation_ids" -Value ($_.Value.ids -join ', ') - } - else { + } else { Add-Field @Param -Name $_.Name -Value $_.Value } } @@ -296,8 +273,7 @@ function Export-Report { } if ($Output) { $Output | Export-Csv -Path $PSBoundParameters.Path -NoTypeInformation -Append -Force - } - else { + } else { Write-Error "CSV conversion is not available for this request type" } } @@ -332,8 +308,7 @@ function Find-Duplicate { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { try { ($Criteria).foreach{ if ($InputFields -notcontains $_) { @@ -347,12 +322,10 @@ function Find-Duplicate { $Duplicates = Group-Selection @Param if ($Duplicates) { $Duplicates - } - else { + } else { Write-Warning "No duplicates found" } - } - catch { + } catch { $_ } } @@ -506,14 +479,12 @@ function Invoke-Deploy { $Result.PSObject.Properties | ForEach-Object { $Value = if (($_.Name -eq 'errors') -and $_.Value) { "$($_.Value.code): $($_.Value.message)" - } - else { + } else { $_.Value } $Name = if ($_.Name -eq 'task_id') { 'cloud_request_id' - } - else { + } else { $_.Name } $Output | Where-Object { $_.aid -eq $Result.aid } | ForEach-Object { @@ -549,8 +520,7 @@ function Invoke-Deploy { } if ($LocalFile.sha256 -eq $CloudFile.sha256) { Write-Host "Matched hash values between local and cloud files..." - } - else { + } else { foreach ($Item in @('CloudFile', 'LocalFile')) { Write-Host "[$($Item -replace 'File', $null)]" (Get-Variable $Item).Value | Select-Object name, created_timestamp, @@ -561,8 +531,7 @@ function Invoke-Deploy { [System.Management.Automation.Host.ChoiceDescription[]] @("&Yes", "&No"), 0) if ($FileChoice -eq 0) { Write-Host "Proceeding with $($CloudFile.id)..." - } - else { + } else { $RemovePut = Remove-FalconPutFile -FileId $CloudFile.id if ($RemovePut.resources_affected -eq 1) { Write-Host "Removed cloud file $($CloudFile.id)" @@ -570,8 +539,7 @@ function Invoke-Deploy { } } } - } - catch { + } catch { $_ } } @@ -579,11 +547,9 @@ function Invoke-Deploy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif (-not $FilePath) { + } elseif (-not $FilePath) { Write-Error "Cannot find path '$($Dynamic.Path.Value)' because it does not exist." - } - else { + } else { try { if (($RemovePut.resources_affected -eq 1) -or (-not $CloudFile)) { Write-Host "Uploading $Filename..." @@ -669,11 +635,9 @@ function Invoke-Deploy { } } } - } - catch { + } catch { $_ - } - finally { + } finally { if (Test-Path $OutputFile) { Get-ChildItem $OutputFile | Out-Host } @@ -724,8 +688,7 @@ function Invoke-RTR { $InvokeCmd = if ($PSBoundParameters.Command -eq 'get' -and $PSBoundParameters.HostIds.count -gt 1) { # Set command for 'get' with multiple hosts "Invoke-FalconBatchGet" - } - else { + } else { # Set command "Invoke-Falcon$($Permission)Command" } @@ -738,30 +701,25 @@ function Invoke-RTR { $Value = if (($_.Value -is [object[]]) -and ($_.Value[0] -is [string])) { # Convert array results into strings $_.Value -join ', ' - } - elseif ($_.Value.code -and $_.Value.message) { + } elseif ($_.Value.code -and $_.Value.message) { # Convert error code and message into string "$($_.Value.code): $($_.Value.message)" - } - else { + } else { $_.Value } $Name = if ($_.Name -eq 'task_id') { # Rename 'task_id' 'cloud_request_id' - } - elseif ($_.Name -eq 'queued_command_offline') { + } elseif ($_.Name -eq 'queued_command_offline') { # Rename 'queued_command_offline' 'offline_queued' - } - else { + } else { $_.Name } $Item = if ($Object.aid) { # Match using 'aid' for batches $Output | Where-Object { $_.aid -eq $Object.aid } - } - else { + } else { # Assume single host $Output[0] } @@ -776,8 +734,7 @@ function Invoke-RTR { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { for ($i = 0; $i -lt $PSBoundParameters.HostIds.count; $i += $MaxHosts) { try { [array] $Output = ($PSBoundParameters.HostIds[$i..($i + ($MaxHosts - 1))]).foreach{ @@ -795,20 +752,14 @@ function Invoke-RTR { } # Determine total number of hosts and set request parameters $HostParam = if ($Output.aid.count -eq 1) { - $Output[0].PSObject.Properties.Remove('batch_id') 'HostId' - } - else { + } else { 'HostIds' } - $Param = @{ - $HostParam = $Output.aid - } + $Param = @{ $HostParam = $Output.aid } switch ($PSBoundParameters.Keys) { - 'QueueOffline' { - $Param['QueueOffline'] = $PSBoundParameters.$_ - } - 'Timeout' { + 'QueueOffline' { $Param['QueueOffline'] = $PSBoundParameters.$_ } + 'Timeout' { if ($HostParam -eq 'HostIds') { $Param['Timeout'] = $PSBoundParameters.$_ } @@ -819,8 +770,7 @@ function Invoke-RTR { if ($Init) { $Content = if ($Init.hosts) { $Init.hosts - } - else { + } else { $Init } $Content | ForEach-Object { @@ -837,8 +787,7 @@ function Invoke-RTR { $SessionType = if ($HostParam -eq 'HostIds') { 'BatchId' $IdValue = $Init.batch_id - } - else { + } else { 'SessionId' $IdValue = $Init.session_id } @@ -848,13 +797,14 @@ function Invoke-RTR { switch ($PSBoundParameters.Keys) { # Add user input to command parameters 'Command' { - $Param[$_] = $PSBoundParameters.$_ + if ($InvokeCmd -ne 'Invoke-FalconBatchGet') { + $Param[$_] = $PSBoundParameters.$_ + } } 'Arguments' { if ($InvokeCmd -eq 'Invoke-FalconBatchGet') { - $Param['Path'] = $PSBoundParameters.$_ - } - else { + $Param['FilePath'] = $PSBoundParameters.$_ + } else { $Param[$_] = $PSBoundParameters.$_ } } @@ -867,14 +817,31 @@ function Invoke-RTR { # Perform command request $Request = & $InvokeCmd @Param } - if ($Request -and $HostParam -eq 'HostIds') { - # Capture results and output batch commands + if ($Request -and $InvokeCmd -eq 'Invoke-FalconBatchGet') { + $Output | Where-Object { $_.session_id } | ForEach-Object { + # Add 'batch_get_cmd_req_id' for batch 'get' requests + $_.PSObject.Properties.Add((New-Object PSNoteProperty( + 'batch_get_cmd_req_id', $Request.batch_get_cmd_req_id))) + } + # Capture results $Request | ForEach-Object { Write-Result -Object $_ } + $Output | ForEach-Object { + if ($_.stdout -eq 'C:\') { + # Remove 'stdout' from initial 'pwd' command to reduce confusion when using 'get' + $_.stdout = $null + } + } + # Output result $Output - } - elseif ($Request) { + } elseif ($Request -and $HostParam -eq 'HostIds') { + # Capture results and output + $Request | ForEach-Object { + Write-Result -Object $_ + } + $Output + } elseif ($Request) { # Capture results Write-Result -Object $Request if ($Output.cloud_request_id -and $Output.complete -eq $false -and @@ -893,8 +860,7 @@ function Invoke-RTR { # Output results $Output } - } - catch { + } catch { $_ } } @@ -918,8 +884,7 @@ function Open-Stream { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - elseif (($PSVersionTable.PSVersion.Major -lt 6) -or ($IsWindows -eq $true)) { + } elseif (($PSVersionTable.PSVersion.Major -lt 6) -or ($IsWindows -eq $true)) { try { $Stream = Get-FalconStream -AppId 'psfalcon' -Format json if ($Stream) { @@ -940,12 +905,10 @@ function Open-Stream { }" Start-Process -FilePath powershell.exe -ArgumentList $ArgumentList } - } - catch { + } catch { $_ } - } - else { + } else { throw "This command is only compatible with PowerShell on Windows" } } @@ -973,8 +936,7 @@ function Search-MalQueryHash { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { try { $Param = @{ YaraRule = "import `"hash`"`nrule SearchHash`n{`ncondition:`nhash.sha256(0, filesize) == " + @@ -997,8 +959,7 @@ function Search-MalQueryHash { } $Result } - } - catch { + } catch { $_ } } @@ -1024,8 +985,7 @@ function Show-Map { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param.Query = $Param.Query | ForEach-Object { $Split = $_ -split ':' @@ -1059,8 +1019,7 @@ function Show-Module { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Parent = Split-Path -Path $Falcon.GetAbsolutePath($PSScriptRoot) -Parent if (Test-Path "$Parent\PSFalcon.psd1") { $Module = Import-PowerShellDataFile $Parent\PSFalcon.psd1 @@ -1072,8 +1031,7 @@ function Show-Module { UserSystem = ("PowerShell $($PSVersionTable.PSEdition): v$($PSVersionTable.PSVersion)" + " [$($PSVersionTable.OS)]") } | Format-List - } - else { + } else { throw "PSFalcon.psd1 missing from default location" } } diff --git a/Public/sensors.ps1 b/Public/sensors.ps1 index 4aa7fbe4..d95a9d83 100644 --- a/Public/sensors.ps1 +++ b/Public/sensors.ps1 @@ -15,8 +15,7 @@ function Get-CCID { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Endpoint -Endpoint $Endpoints[0] } } @@ -40,8 +39,7 @@ function Get-Installer { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/sensors/combined/installers/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -49,12 +47,9 @@ function Get-Installer { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param.Query = $Endpoints[2] - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param.Query = $Endpoints[2] } } Invoke-Request @Param } @@ -77,8 +72,7 @@ function Get-Stream { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -97,11 +91,15 @@ function Receive-Installer { $Endpoints = @('/sensors/entities/download-installer/v1:get') return (Get-Dictionary -Endpoints $Endpoints -OutVariable Dynamic) } + begin { + $Dynamic.Path.Value = $Falcon.GetAbsolutePath($Dynamic.Path.Value) + } process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } elseif (Test-Path $Dynamic.Path.Value) { + throw "'$($Dynamic.Path.Value)' already exists." + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -123,8 +121,7 @@ function Update-Stream { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = Get-Param -Endpoint $Endpoints[0] -Dynamic $Dynamic $Param.Query = @( $Param.Query, "action_name=refresh_active_stream_session" ) Invoke-Endpoint @Param diff --git a/Public/settings.ps1 b/Public/settings.ps1 index a019c8f1..b6a179a9 100644 --- a/Public/settings.ps1 +++ b/Public/settings.ps1 @@ -15,8 +15,7 @@ function Edit-HorizonPolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -38,8 +37,7 @@ function Edit-HorizonSchedule { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -61,18 +59,15 @@ function Get-HorizonPolicy { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { if ($PSBoundParameters.Service) { $Request = Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic if ($PSBoundParameters.Detailed) { & $MyInvocation.MyCommand.Name -PolicyIds $Request.policy_id - } - else { + } else { $Request } - } - else { + } else { Invoke-Request -Query $Endpoints[1] -Dynamic $Dynamic } } @@ -95,8 +90,7 @@ function Get-HorizonSchedule { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } diff --git a/Public/spotlight.ps1 b/Public/spotlight.ps1 index 9388219f..74518793 100644 --- a/Public/spotlight.ps1 +++ b/Public/spotlight.ps1 @@ -15,8 +15,7 @@ function Get-Remediation { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -38,8 +37,7 @@ function Get-Vulnerability { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -47,12 +45,9 @@ function Get-Vulnerability { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } } Invoke-Request @Param } diff --git a/Public/user-roles.ps1 b/Public/user-roles.ps1 index aaf055bf..b84124b8 100644 --- a/Public/user-roles.ps1 +++ b/Public/user-roles.ps1 @@ -15,8 +15,7 @@ function Add-Role { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -40,8 +39,7 @@ function Get-Role { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/user-roles/queries/user-role-ids-by-user-uuid/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -49,15 +47,10 @@ function Get-Role { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'UserId' { - $Param.Query = $Endpoints[2] - } - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } + 'UserId' { $Param.Query = $Endpoints[2] } } Invoke-Request @Param } @@ -80,8 +73,7 @@ function Remove-Role { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } diff --git a/Public/users.ps1 b/Public/users.ps1 index 987319d4..b0174d27 100644 --- a/Public/users.ps1 +++ b/Public/users.ps1 @@ -15,8 +15,7 @@ function Edit-User { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -40,8 +39,7 @@ function Get-User { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name -Exclusions @( '/users/queries/user-uuids-by-email/v1:get') - } - else { + } else { $Param = @{ Command = $MyInvocation.MyCommand.Name Query = $Endpoints[0] @@ -49,15 +47,10 @@ function Get-User { Dynamic = $Dynamic } switch ($PSBoundParameters.Keys) { - 'Usernames' { - $Param.Entity = $Endpoints[2] - } - 'All' { - $Param['All'] = $true - } - 'Detailed' { - $Param['Detailed'] = $true - } + 'All' { $Param['All'] = $true } + 'Total' { $Param['Total'] = $true } + 'Detailed' { $Param['Detailed'] = $true } + 'Usernames' { $Param.Entity = $Endpoints[2] } } Invoke-Request @Param } @@ -80,8 +73,7 @@ function New-User { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } } @@ -103,8 +95,7 @@ function Remove-User { process { if ($PSBoundParameters.Help) { Get-DynamicHelp -Command $MyInvocation.MyCommand.Name - } - else { + } else { Invoke-Request -Query $Endpoints[0] -Dynamic $Dynamic } }