2.2.8

Removed Commands

ioa

• Get-FalconCloudIoaEvent
• Get-FalconCloudIoaUser

New Commands

billing-dashboards-usage

• Get-FalconHostAverage

device-content

• Get-FalconContentState

identity-protection

• Get-FalconIdentityRule
• New-FalconIdentityRule
• Remove-FalconIdentityRule

policy-content-update

• Edit-FalconContentPolicy
• Get-FalconContentPolicy
• Get-FalconContentPolicyMember
• Invoke-FalconContentPolicyAction
• New-FalconContentPolicy
• Remove-FalconContentPolicy
• Set-FalconContentPrecedence

quickscanpro

• Remove-FalconQuickScan
• Remove-FalconQuickScanFile
• Send-FalconQuickScanFile

snapshots

• Get-FalconSnapshotCredential
• New-FalconSnapshotAwsAccount

Issues Resolved

• Issue #421: Updated internal function to evaluate FalconSensorTags and re-wrote scripts for FalconSensorTag
  manipulation through Real-time Response to fix the inability to add/remove FalconSensorTags on Linux. This
  also fixed the same issue that was impacting MacOS hosts.
• Issue #424: Increased [System.Net.Http.HttpClient] default timeout to 5 minutes from 1 minute. Updated
  Invoke-FalconAdminCommand, Invoke-FalconCommand, and Invoke-FalconResponderCommand to only attempt to
  append batch_id to results that have a session_id.
• Issue #426: Updated Uninstall-FalconSensor to properly select bash uninstall script when targeting Linux
  hosts.
• Issue #427: Added tar to valid Command list for Invoke-FalconAdminCommand and
  Invoke-FalconResponderCommand and corrected Invoke-FalconAdminCommand to properly include the Command
  value update query.
• Issue #433: Modified Edit-FalconFirewallGroup to ensure that null values for rule_ids and rule_versions
  are converted into empty arrays, and that single values are forced into arrays.
• Issue #435: Updated uninstall_sensor.sh script to incorporate the use of systemd to uninstall falcon-sensor
  on Linux hosts utilizing some additional code from an existing uninstaller script. Thanks @carlosmmatos and
  @cs-APreston-ghAccount!

General Changes

• Fixed some error message output for Request-FalconToken and Test-FalconToken.

Command Changes

ConvertTo-FalconFirewallRule

• Added protocol as a required field for the Map table and rule creation.

Edit-FalconReconRule

• Added MatchOnTsqResultType.

Export-FalconConfig

• Added ContentPolicy as a value for Select parameter.

Get-FalconChannelControl

• Renamed to Get-FalconContentControl. Get-FalconChannelControl has been kept as an alias.

Get-FalconHost

• Added content_state as an Include value.

Get-FalconIoaExclusion

• Added ClRegex and IfnRegex.

Get-FalconQuickScan

• Updated to use new QuickScan Pro API.

Get-FalconVulnerability

• Updated to set Limit to 400 when using All without Detailed to prevent
  5000 is an invalid page size, must be between 1 and 400 error.

Import-FalconConfig

• Added support for Content Update policies.
• Added ContentPolicy as a value for ModifyExisting and ModifyDefault parameters.

Invoke-FalconAdminCommand

• Added tar as a valid Command value.

Invoke-FalconResponderCommand

• Added tar as a valid Command value.
• Added update query as a valid Command which was mistakenly removed in a previous release.

New-FalconCompleteCase

• Added MalwareSubmissionId and ReconRuleType.

New-FalconQuickScan

• Updated to use new QuickScan Pro API, which is replacing the regular QuickScan API.

New-FalconReconRule

• Added MatchOnTsqResultType.

Receive-FalconCloudAwsScript

• Added DspmEnabled, DspmRegion, and DspmRole.

Receive-FalconScheduledReport

• Updated to use a combination of the last_execution.id and report_params.format fields to define a
  filename if Path is left undefined and is being passed a report via pipeline. This will ensure that
  "scheduled reports" (i.e. vulnerability reports) are successfully downloaded without providing a Path.

Set-FalconChannelControl

• Renamed to Set-FalconContentControl. Set-FalconChannelControl has been kept as an alias.