Skip to content

Invoke FalconDeploy

bk-cs edited this page Oct 21, 2022 · 21 revisions

Invoke-FalconDeploy

SYNOPSIS

Deploy and run an executable using Real-time Response

DESCRIPTION

'Put' files will be checked for identical file names, and if any are found, the Sha256 hash values will be compared between your local and cloud files. If they are different, a prompt will appear asking which file to use.

After ensuring that the 'Put' file is available, a Real-time Response session will be started for the designated host(s) (or members of the Host Group), 'mkdir' will create a folder ('FalconDeploy_') within the appropriate temporary folder (\Windows\Temp or /tmp), 'cd' will navigate to the new folder, and the target file or archive will be 'put' into that folder. If the target is an archive, it will be extracted, and the designated 'Run' file will be executed. If the target is a file, it will be 'run'.

Details of each step will be output to a CSV file in your current directory.

Requires 'Hosts: Read', 'Real Time Response (Admin): Write'.

PARAMETERS

Name Type Min Max Allowed Pipeline PipelineByName Description
File String Name of a 'CloudFile' or path to a local executable to upload
Archive String Name of a 'CloudFile' or path to a local archive (zip, tar, tar.gz, tgz) to upload
Run String Name of the file to run once extracted from the target archive
Argument String Arguments to include when running the target executable
Timeout Int32 1 600 Length of time to wait for a result, in seconds
QueueOffline Boolean Add non-responsive Hosts to the offline queue
Include String[] agent_version
cid
external_ip
first_seen
hostname
last_seen
local_ip
mac_address
os_build
os_version
platform_name
product_type
product_type_desc
serial_number
system_manufacturer
system_product_name
tags
Include additional properties
GroupId String X Host group identifier
HostId String[] X X Host identifier

SYNTAX

Invoke-FalconDeploy [-File] <String> [[-Argument] <String>] [[-Timeout] <Int32>] [[-QueueOffline] <Boolean>] [[-Include] <String[]>] -HostId <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-FalconDeploy [-File] <String> [[-Argument] <String>] [[-Timeout] <Int32>] [[-QueueOffline] <Boolean>] [[-Include] <String[]>] -GroupId <String> [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-FalconDeploy -Archive <String> [-Run] <String> [[-Argument] <String>] [[-Timeout] <Int32>] [[-QueueOffline] <Boolean>] [[-Include] <String[]>] -GroupId <String> [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-FalconDeploy -Archive <String> [-Run] <String> [[-Argument] <String>] [[-Timeout] <Int32>] [[-QueueOffline] <Boolean>] [[-Include] <String[]>] -HostId <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]

USAGE

2022-10-21: PSFalcon v2.2.3

Clone this wiki locally