2.2.6 #368
bk-cs
announced in
Announcements
2.2.6
#368
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
New Commands
cloud-connect-azure
configuration-assessment
falcon-complete-dashboards
filevantage
identity-protection
real-time-response
Removed Commands
cloud-connect-aws (deprecated)
cloud-connect-azure (deprecated)
cloud-connect-gcp (deprecated)
discover
settings-discover (deprecated)
Issues Resolved
Get-FalconRole
andGet-FalconUser
return incorrect roles #313: Reorganized parameters forGet-FalconRole
and removedUserId
from a specific ParameterSet toensure proper output.
Uninstall-FalconSensor
fails on some 64-bit Windows machines and returns no status #315: Modified script used byUninstall-FalconSensor
tomatch 64
instead ofequal 64-bit
to correcterror caused when bit value is reported as
64 bit
instead of64-bit
.Get-FalconContainerVulnerability
validation ofPackage
fails in PowerShell Core #316: Addedif
check toConfirm-Parameter
for$Required
and$Allowed
to ensure that blank valuesdo not count when verifying objects under PowerShell Core.
Invoke-FalconDeploy
#327: ModifiedInvoke-FalconDeploy
to properly change directories and execute scripts when working with.cmd
and.bat
files. Thanks @MatthewCKelly!Invoke-FalconMalQuery
,Get-FalconMalQuery
andSearch-FalconMalQueryHash
not returning results #342: ModifiedInvoke-FalconMalQuery
andGet-FalconMalQuery
to select thereqid
,reqtype
and/orstatus
properties in their final output, when present.Get-FalconAsset
does not appendlogin_event
when usingInclude
with a single result #360: Fixed bug whereGet-FalconAsset
would not append results when using-Include login_event
with asingle asset result.
critical
withEdit-FalconHorizonPolicy
#363: Addedcritical
as a severity forEdit-FalconHorizonPolicy
.General Changes
expire within 4 minutes instead of 1 minute. This should help reduce the number of expired authorization
tokens during long-running requests (like
Get-FalconVulnerability
).Wait-RetryAfter
function fromprivate\Private.ps1
toclass\Class.ps1
underApiClient.Invoke()
function.
ApiClient.Invoke()
underclass\Class.ps1
in an effort to improve verbose logging andperformance.
Invoke-Falcon
andRequest-FalconToken
to compensate for changes toApiClient.Invoke()
.Write-Result
to ensure each error will be individually produced when a single API call generatesmultiple errors.
ApiClient.Invoke()
downloads files to eliminate "index out of range" error.format\format.json
to contain API endpoint body/formdata/query parameters for easier updates when largenumbers of API endpoints are modified at once.
Get-EndpointFormat
toprivate\Private.ps1
to read body/formdata/query parameters fromformat.json
.private
Invoke-Falcon
function into the privateBuild-Content
function.Inputs
variable (and accompanying parameter for theInvoke-Falcon
function, used by commands whenmaking a request) to
UserInput
in keeping with PowerShell style.Compare-FalconPreventionPhase
.Write-Result
to removemeta
from output whenmeta.pagination.total
equals 0 to account forsome
-Detailed
results returningmeta
information instead of an empty response (unlike a non-Detailed
result, which would return nothing, as expected).
Add-Include
function to provide error messages when unable to pull results instead of a silentfailure with no output in the related
-Include
property.Compare-FalconPreventionPhase
.Command Changes
Add-FalconSensorTag
n
was being split into separate tags due to an incorrect quote. Thanks @soggysec!CsSensorSettings.exe
.script
folder.Edit-FalconHorizonAwsAccount
CloudTrailRegion
.IamRoleArn
,BehaviorAssessmentEnabled
,SensorManagementEnabled
,RemediationRegion
, andRemediationTouAccepted
.Edit-FalconHorizonPolicy
AccountId
to accept multiple identifiers.Edit-FalconReconNotification
IdpSendStatus
andMessage
.Edit-FalconFirewallLocationSetting
LocationPrecedence
.Edit-FalconIoc
Array
parameter for submitting many IOCs for modification, and set as the default parameter set whenutilizing the pipeline.
Array
.Export-FalconConfig
FileVantagePolicy
(includingFileVantageExclusion
) andFileVantageRuleGroup
(includingFileVantageRule
). CrowdStrike-created policies and rule groups are excluded from the exportbecause they are auto-generated and can not be modified.
HostGroup
when exportingFileVantagePolicy
to evaluatehost_groups
.FileVantageRuleGroup
when exportingFileVantagePolicy
to evaluaterule_groups
andassign them to policies.
Get-FalconAlert
Id
parameter, due to new varying identifier types found in testing.Get-FalconBuild
Stage
.Get-FalconContainerAccount
Location
to correctly submit aslocations
to the API endpoint.Get-FalconContainerAwsAccount
IsHorizonAcct
.Get-FalconContainerCluster
Status
.Get-FalconContainerVulnerability
applicationPackages
.Get-FalconFimChange
v3
endpoint, replacingOffset
withAfter
.Get-FalconFileVantageChange
, but keptGet-FalconFimChange
as an alias.Get-FalconHorizonAwsAccount
IamRoleArn
andMigrated
.Get-FalconHorizonAzureAccount
TenantId
.Get-FalconHorizonAzureCertificate
YearsValid
.Get-FalconHorizonIoa
ResourceId
,ResourceUuid
, andSince
.Get-FalconHost
Login
switch to use newv2
endpoint. The initial API is limited to 10ids
values perrequest, which means that using
-Include login_history
will be substantially slower until the API limitis increased.
Get-FalconHostGroup
Include
to use a filteredGet-FalconHost
search when addingmembers
which avoids the 10kmaximum limit from the previously used
Get-FalconHostGroupMember
command.Get-FalconRole
Id
values when matching aCid
(because it also matches custom roleidentifiers).
UserId
as a parameter for the/user-management/queries/roles/v1:get
endpoint because the same datais returned by the
/combined/
endpoint and they have overlapping parameters.DirectOnly
parameter toGet-FalconRole
.Get-FalconScan
/ods/entities/scans/v2:get
endpoint.Get-FalconSensorTag
script
folder.Get-FalconSession
Cid
andCommandInfo
, which facilitate the display of all Real-time Response sessions within theauthorized CID.
Import-FalconConfig
by
Export-FalconConfig
. Thanks @JFresh15 and @soggysec!id
values forgroups
andrule_groups
objects.build
values for Sensor Update policies.build
for LinuxArm64policy variants.
FileVantagePolicy
andFileVantageRuleGroup
asModifyExisting
options.Comment
output to specify why certain items were ignored usingNoModifyDefault
andNoModifyExisting
.renamed for a
SensorUpdatePolicy
.Invoke-FalconAdminCommand
falconscript
as aCommand
option.Invoke-FalconAlertAction
Id
due to new varying identifier types found in testing.v3
endpoint.Invoke-FalconContainerScan
scan-type
toscan_type
during submission.Invoke-FalconDeploy
put
step.GroupId
to use a filteredGet-FalconHost
search which avoids the 10k maximum limit from thepreviously used
Get-FalconHostGroupMember
command.Invoke-FalconRtr
falconscript
as aCommand
option.GroupId
to use a filteredGet-FalconHost
search which avoids the 10k maximum limit from thepreviously used
Get-FalconHostGroupMember
command.New-FalconHorizonAwsAccount
CloudTrailRegion
.AccountType
,BehaviorAssessmentEnabled
,IamRoleArn
,IsMaster
,SensorManagementEnabled
, andUseExistingCloudtrail
.New-FalconHorizonAzureAccount
ClientId
,AccountType
,DefaultSubscription
, andYearsValid
.New-FalconIoc
Array
.New-FalconScheduledScan
ScanInclusion
.Receive-FalconContainerYaml
IsSelfManagedCluster
.Receive-FalconHorizonAwsScript
Id
.Receive-FalconHorizonAzureScript
SubscriptionId
,Template
, andAccountType
.Receive-FalconRule
IfNoneMatch
andIfModifiedSince
.Remove-FalconCidGroupMember
/mssp/entities/cid-group-members/v2:delete
endpoint.Remove-FalconHorizonAzureAccount
TenantId
andRetainTenant
.Remove-FalconReconRule
DeleteNotification
.Remove-FalconSample
Id
to accept asha256
value when passed through the pipeline.Remove-FalconSensorTag
CsSensorSettings.exe
.script
folder.Send-FalconPutFile
Name
.Send-FalconScript
Name
.Start-FalconScan
ScanInclusion
.Uninstall-FalconSensor
Windows host.
script
folder.This discussion was created from the release 2.2.6.
Beta Was this translation helpful? Give feedback.
All reactions