You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue #283: Added platform during creation of FirewallGroup items when using Import-FalconConfig.
Issue #294: Modified the FQL query being used by Get-FalconQueue to account for an API change that made the
previous query stop working.
Issue #295: Added code to the sub-function Invoke-Loop inside Invoke-Falcon to strip all query parameters
when paginating Get-FalconHorizonIom.
Issue #296: Updated Get-FalconAsset to ensure proper attachment of login_event results for each asset when
using -Include login_event.
Issue #283: Modified New-FalconSensorUpdatePolicy to remove scheduler under settings when set as
disabled to prevent errors when creating policies.
General Changes
Updated reference policies for Compare-FalconPreventionPhase.
Switched from using Write-Verbose to PSCmdlet.WriteVerbose() to increase content when using Verbose
with commands.
Added additional verbose message output when commands send their requests to display the endpoint being used.
Added (local) timestamp at the beginning of verbose output messages through the creation of a Verbose function
within class\Class.ps1 and the private function unnamed.
Added Start-RtrUpdate and Stop-RtrUpdate functions to manage PowerShell background jobs to refresh
Real-time Response sessions when using Invoke-FalconRtr or Invoke-FalconDeploy.
Changed the Wait parameter for Invoke-FalconAdminCommand, Invoke-FalconBatchGet, Invoke-FalconCommand, and Invoke-FalconResponderCommand to wait until completion instead of a maximum of
60 seconds.
Added Wait-RtrCommand and Wait-RtrGet private functions when using Wait with Real-time Response
commands.
Streamlined some of the code of Write-Result to increase performance.
Updated Get-RtrResult function (used by Invoke-FalconRtr and Invoke-FalconDeploy) to include properties
that are blank in output. This will ensure that piping to CSV does not present problems when certain hosts
respond with different properties (i.e. stderr on some results and not others).
Ensured the Test-FqlStatement function was properly used with each command's Filter parameter.
Slightly changed descriptions of commands to match how required permissions are labeled within the Falcon UI.
Modified PSFalcon.psd1 to remove duplicate load of class\Class.ps1.
Command Changes
Confirm-FalconGetFile
Corrected invalid ValidatePattern value for Id parameter.
Edit-FalconDetection
Removed ignored as an option for Status to conform with API change.
Edit-FalconDeviceControlPolicy
Added parameters to allow modification of custom notifications for the default Windows policy
Find-FalconDuplicate
Added Platform parameter to filter by a specific platform when retrieving hosts (instead of providing a
lists through the Hosts parameter).
Find-FalconHostname
Raised filtered search group count from 20 to 100.
Get-FalconAsset
Raised filtered search groups count from 20 to 100 when using -Include login_event.
Added Application switch to search for applications inventoried by Falcon Discover.
Added IoT switch to search for IoT assets inventoried by Falcon Discover.
Get-FalconContainerVulnerability
Added Application parameter for filtering application packages.
Get-FalconDeviceControlPolicy
Added parameters to allow retrieval of the default Windows policy with custom notifications
Get-FalconHorizonIoa
Added parameter AccountId and removed Region.
Set CloudPlatform as mandatory instead of generating an error when it was not included.
Get-FalconHorizonIom
Updated to use new endpoints /detects/entities/iom/v2:get and /detects/queries/iom/v2:get.
New parameter set includes typical parameters like Filter and Sort. Old parameters are no longer
available, but similar functionality can be found using proper Filter statements.
Get-FalconHorizonPolicy
Updated to use new /settings/entities/policy-details/v2:get endpoint when supplying an Id value.
Removed Detailed switch because the base endpoint always returns detailed results.
Get-FalconHost
Added policy_names as an option for Include to append policy_name under device_policies
results (when possible).
Get-FalconRole
Removed Detailed from command because all results have detailed information in the related parameter set.
Added All and Total to relevant parameter set.
Get-FalconUser
Raised filtered search groups count from 20 to 100 when using Username.
Get-FalconQueue
Added HostId parameter to restrict queued session search to specific host identifiers.
Get-FalconZta
Added Filter, Sort, Limit, After, Detailed, All, and Total parameters in support of new API
endpoint GET /zero-trust-assessment/queries/assessments/v1.
Invoke-FalconDeploy
Added Set-Location to force location to temporary directory when running executable on target host(s).
Removed pipeline support for GroupId so that Invoke-FalconHostAction results could be piped through the HostId parameter.
Invoke-FalconRtr
Added additional verbose output.
Increased the default Timeout for session creation and command requests to 600 seconds when not defined.
Updated to set a Timeout of 2 seconds less than defined Timeout for batch sessions (or 58 seconds if not
defined) and 3600 seconds for single-host sessions when using runscript and not specifying Timeout inside Argument.
Removed Select-Object code (which ensured all objects had the same final output) to greatly increase
performance.
Removed pipeline support for GroupId so that Invoke-FalconHostAction results can be piped through the HostId parameter.
Added Sort-Object when generating list of Command values to ensure it's provided in alphabetical order.
Added single quotes when using auto-complete for Command values that have a space.
