Public/policy-sensor-update.ps1

function Edit-FalconSensorUpdatePolicy {
<#
.SYNOPSIS
Modify Sensor Update policies
.DESCRIPTION
Requires 'Sensor Update Policies: Write'.
.PARAMETER Array
An array of policies to modify in a single request
.PARAMETER Id
Policy identifier
.PARAMETER Name
Policy name
.PARAMETER Description
Policy description
.PARAMETER Setting
Policy settings
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Edit-FalconSensorUpdatePolicy
#>

    [CmdletBinding(DefaultParameterSetName='/policy/entities/sensor-update/v2:patch',SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='array',Mandatory,ValueFromPipeline)]
        [ValidateScript({
            foreach ($Object in $_) {
                $Param = @{
                    Object = $Object
                    Command = 'Edit-FalconSensorUpdatePolicy'
                    Endpoint = '/policy/entities/sensor-update/v2:patch'
                    Required = @('id')
                    Pattern = @('id')
                }
                Confirm-Parameter @Param
            }
        })]
        [Alias('resources')]
        [object[]]$Array,
        [Parameter(ParameterSetName='/policy/entities/sensor-update/v2:patch',Mandatory,Position=1)]
        [ValidatePattern('^[a-fA-F0-9]{32}$')]
        [string]$Id,
        [Parameter(ParameterSetName='/policy/entities/sensor-update/v2:patch',Position=2)]
        [string]$Name,
        [Parameter(ParameterSetName='/policy/entities/sensor-update/v2:patch',Position=3)]
        [string]$Description,
        [Parameter(ParameterSetName='/policy/entities/sensor-update/v2:patch',Position=4)]
        [Alias('settings')]
        [System.Object]$Setting
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = '/policy/entities/sensor-update/v2:patch'
            Format = @{
                Body = @{
                    resources = @('name','id','description','settings')
                    root = @('resources')
                }
            }
        }
        [System.Collections.Generic.List[object]]$List = @()
    }
    process {
        if ($Array) {
            foreach ($i in $Array) {
                # Select allowed fields, when populated
                [string[]]$Select = @('id','name','description','platform_name','settings').foreach{
                    if ($_ -eq 'settings') {
                        # Filter 'settings'
                        $i.settings = $i.settings | Select-Object @($i.settings.PSObject.Properties |
                            Where-Object { $null -ne $_.Value -and $_.Value -ne '' }).Name
                        if ($i.settings.variants) {
                            # Filter 'variants'
                            $i.settings.variants = @($i.settings.variants).foreach{
                                $_ | Select-Object @($_.PSObject.Properties | Where-Object {
                                    $null -ne $_.Value -and $_.Value -ne '' }).Name
                            }
                        }
                    }
                    if ($i.$_) { $_ }
                }
                if ($Select) { $List.Add(($i | Select-Object $Select)) }
            }
        } else {
            Invoke-Falcon @Param -Inputs $PSBoundParameters
        }
    }
    end {
        if ($List) {
            for ($i = 0; $i -lt $List.Count; $i += 100) {
                $PSBoundParameters['Array'] = @($List[$i..($i + 99)])
                Invoke-Falcon @Param -Inputs $PSBoundParameters
            }
        }
    }
}
function Get-FalconBuild {
<#
.SYNOPSIS
Retrieve Falcon Sensor builds for assignment in Sensor Update policies
.DESCRIPTION
Requires 'Sensor Update Policies: Read'.
.PARAMETER Platform
Operating system platform
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Get-FalconBuild
#>

    [CmdletBinding(DefaultParameterSetName='/policy/combined/sensor-update-builds/v1:get',SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/policy/combined/sensor-update-builds/v1:get')]
        [ValidateSet('linux','mac','windows',IgnoreCase=$false)]
        [string]$Platform
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Query = @('platform') }
        }
    }
    process { Invoke-Falcon @Param -Inputs $PSBoundParameters }
}
function Get-FalconKernel {
<#
.SYNOPSIS
Search for Falcon kernel compatibility information for Sensor builds
.DESCRIPTION
Requires 'Sensor Update Policies: Read'.
.PARAMETER Field
Return values for a specific field
.PARAMETER Filter
Falcon Query Language expression to limit results
.PARAMETER Sort
Property and direction to sort results
.PARAMETER Limit
Maximum number of results per request
.PARAMETER Offset
Position to begin retrieving results
.PARAMETER All
Repeat requests until all available results are retrieved
.PARAMETER Total
Display total result count instead of results
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Get-FalconKernel
#>

    [CmdletBinding(DefaultParameterSetName='/policy/combined/sensor-update-kernels/v1:get',SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/policy/queries/sensor-update-kernels/{field}/v1:get',Mandatory,
           Position=1)]
        [ValidateSet('architecture','base_package_supported_sensor_versions','distro','distro_version',
            'flavor','release','vendor','version','ztl_supported_sensor_versions',IgnoreCase=$false)]
        [string]$Field,
        [Parameter(ParameterSetName='/policy/combined/sensor-update-kernels/v1:get',Position=1)]
        [Parameter(ParameterSetName='/policy/queries/sensor-update-kernels/{field}/v1:get',Position=2)]
        [ValidateScript({ Test-FqlStatement $_ })]
        [string]$Filter,
        [Parameter(ParameterSetName='/policy/combined/sensor-update-kernels/v1:get',Position=2)]
        [Parameter(ParameterSetName='/policy/queries/sensor-update-kernels/{field}/v1:get',Position=3)]
        [ValidateSet('architecture.asc','architecture.desc','distro.asc','distro.desc','distro_version.asc',
            'distro_version.desc','flavor.asc','flavor.desc','release.asc','release.desc','vendor.asc',
            'vendor.desc','version.asc','version.desc',IgnoreCase=$false)]
        [string]$Sort,
        [Parameter(ParameterSetName='/policy/combined/sensor-update-kernels/v1:get',Position=3)]
        [Parameter(ParameterSetName='/policy/queries/sensor-update-kernels/{field}/v1:get',Position=4)]
        [ValidateRange(1,500)]
        [int32]$Limit,
        [Parameter(ParameterSetName='/policy/combined/sensor-update-kernels/v1:get')]
        [Parameter(ParameterSetName='/policy/queries/sensor-update-kernels/{field}/v1:get')]
        [int32]$Offset,
        [Parameter(ParameterSetName='/policy/combined/sensor-update-kernels/v1:get')]
        [Parameter(ParameterSetName='/policy/queries/sensor-update-kernels/{field}/v1:get')]
        [switch]$All,
        [Parameter(ParameterSetName='/policy/combined/sensor-update-kernels/v1:get')]
        [switch]$Total
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = if ($PSBoundParameters.Field) {
                $PSCmdlet.ParameterSetName -replace '\{field\}',$PSBoundParameters.Field
                [void]$PSBoundParameters.Remove('Field')
            } else {
                $PSCmdlet.ParameterSetName
            }
            Format = @{ Query = @('offset','filter','sort','limit') }
        }
    }
    process { Invoke-Falcon @Param -Inputs $PSBoundParameters }
}
function Get-FalconSensorUpdatePolicy {
<#
.SYNOPSIS
Search for Sensor Update policies
.DESCRIPTION
Requires 'Sensor Update Policies: Read'.
.PARAMETER Id
Policy identifier
.PARAMETER Filter
Falcon Query Language expression to limit results
.PARAMETER Sort
Property and direction to sort results
.PARAMETER Limit
Maximum number of results per request
.PARAMETER Include
Include additional properties
.PARAMETER Offset
Position to begin retrieving results
.PARAMETER Detailed
Retrieve detailed information
.PARAMETER All
Repeat requests until all available results are retrieved
.PARAMETER Total
Display total result count instead of results
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Get-FalconSensorUpdatePolicy
#>

    [CmdletBinding(DefaultParameterSetName='/policy/queries/sensor-update/v1:get',SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/policy/entities/sensor-update/v2:get',Mandatory,
            ValueFromPipelineByPropertyName,ValueFromPipeline)]
        [ValidatePattern('^[a-fA-F0-9]{32}$')]
        [Alias('Ids')]
        [string[]]$Id,
        [Parameter(ParameterSetName='/policy/combined/sensor-update/v2:get',Position=1)]
        [Parameter(ParameterSetName='/policy/queries/sensor-update/v1:get',Position=1)]
        [ValidateScript({ Test-FqlStatement $_ })]
        [string]$Filter,
        [Parameter(ParameterSetName='/policy/combined/sensor-update/v2:get',Position=2)]
        [Parameter(ParameterSetName='/policy/queries/sensor-update/v1:get',Position=2)]
        [ValidateSet('created_by.asc','created_by.desc','created_timestamp.asc','created_timestamp.desc',
            'enabled.asc','enabled.desc','modified_by.asc','modified_by.desc','modified_timestamp.asc',
            'modified_timestamp.desc','name.asc','name.desc','platform_name.asc','platform_name.desc',
            'precedence.asc','precedence.desc',IgnoreCase=$false)]
        [string]$Sort,
        [Parameter(ParameterSetName='/policy/combined/sensor-update/v2:get',Position=3)]
        [Parameter(ParameterSetName='/policy/queries/sensor-update/v1:get',Position=3)]
        [ValidateRange(1,5000)]
        [int32]$Limit,
        [Parameter(ParameterSetName='/policy/entities/sensor-update/v2:get',Position=2)]
        [Parameter(ParameterSetName='/policy/combined/sensor-update/v2:get',Position=4)]
        [Parameter(ParameterSetName='/policy/queries/sensor-update/v1:get',Position=4)]
        [ValidateSet('members',IgnoreCase=$false)]
        [string[]]$Include,
        [Parameter(ParameterSetName='/policy/combined/sensor-update/v2:get')]
        [Parameter(ParameterSetName='/policy/queries/sensor-update/v1:get')]
        [int32]$Offset,
        [Parameter(ParameterSetName='/policy/combined/sensor-update/v2:get',Mandatory)]
        [switch]$Detailed,
        [Parameter(ParameterSetName='/policy/combined/sensor-update/v2:get')]
        [Parameter(ParameterSetName='/policy/queries/sensor-update/v1:get')]
        [switch]$All,
        [Parameter(ParameterSetName='/policy/queries/sensor-update/v1:get')]
        [switch]$Total
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Query = @('sort','ids','offset','filter','limit') }
        }
        [System.Collections.Generic.List[string]]$List = @()
    }
    process { if ($Id) { @($Id).foreach{ $List.Add($_) }}}
    end {
        if ($List) { $PSBoundParameters['Id'] = @($List | Select-Object -Unique) }
        if ($Include) {
            Invoke-Falcon @Param -Inputs $PSBoundParameters | ForEach-Object {
                Add-Include $_ $PSBoundParameters @{ members = 'Get-FalconSensorUpdatePolicyMember' }
            }
        } else {
            Invoke-Falcon @Param -Inputs $PSBoundParameters
        }
    }
}
function Get-FalconSensorUpdatePolicyMember {
<#
.SYNOPSIS
Search for members of Sensor Update policies
.DESCRIPTION
Requires 'Sensor Update Policies: Read'.
.PARAMETER Id
Policy identifier
.PARAMETER Filter
Falcon Query Language expression to limit results
.PARAMETER Sort
Property and direction to sort results
.PARAMETER Limit
Maximum number of results per request
.PARAMETER Offset
Position to begin retrieving results
.PARAMETER Detailed
Retrieve detailed information
.PARAMETER All
Repeat requests until all available results are retrieved
.PARAMETER Total
Display total result count instead of results
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Get-FalconSensorUpdatePolicyMember
#>

    [CmdletBinding(DefaultParameterSetName='/policy/queries/sensor-update-members/v1:get',SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/policy/queries/sensor-update-members/v1:get',ValueFromPipelineByPropertyName,
            ValueFromPipeline,Position=1)]
        [Parameter(ParameterSetName='/policy/combined/sensor-update-members/v1:get',
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=1)]
        [ValidatePattern('^[a-fA-F0-9]{32}$')]
        [string]$Id,
        [Parameter(ParameterSetName='/policy/queries/sensor-update-members/v1:get',Position=2)]
        [Parameter(ParameterSetName='/policy/combined/sensor-update-members/v1:get',Position=2)]
        [ValidateScript({ Test-FqlStatement $_ })]
        [string]$Filter,
        [Parameter(ParameterSetName='/policy/queries/sensor-update-members/v1:get',Position=3)]
        [Parameter(ParameterSetName='/policy/combined/sensor-update-members/v1:get',Position=3)]
        [string]$Sort,
        [Parameter(ParameterSetName='/policy/queries/sensor-update-members/v1:get',Position=4)]
        [Parameter(ParameterSetName='/policy/combined/sensor-update-members/v1:get',Position=4)]
        [ValidateRange(1,5000)]
        [int32]$Limit,
        [Parameter(ParameterSetName='/policy/queries/sensor-update-members/v1:get')]
        [Parameter(ParameterSetName='/policy/combined/sensor-update-members/v1:get')]
        [int32]$Offset,
        [Parameter(ParameterSetName='/policy/combined/sensor-update-members/v1:get',Mandatory)]
        [switch]$Detailed,
        [Parameter(ParameterSetName='/policy/combined/sensor-update-members/v1:get')]
        [Parameter(ParameterSetName='/policy/queries/sensor-update-members/v1:get')]
        [switch]$All,
        [Parameter(ParameterSetName='/policy/queries/sensor-update-members/v1:get')]
        [switch]$Total
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Query = @('sort','offset','filter','id','limit') }
        }
    }
    process { Invoke-Falcon @Param -Inputs $PSBoundParameters }
}
function Get-FalconUninstallToken {
<#
.SYNOPSIS
Retrieve an uninstallation or maintenance token
.DESCRIPTION
Requires 'Sensor Update Policies: Write', plus related permission(s) for 'Include' selection(s).
.PARAMETER AuditMessage
Audit log comment
.PARAMETER Include
Include additional properties
.PARAMETER Id
Host identifier
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Get-FalconUninstallToken
#>

    [CmdletBinding(DefaultParameterSetName='/policy/combined/reveal-uninstall-token/v1:post',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/policy/combined/reveal-uninstall-token/v1:post',Position=1)]
        [Alias('audit_message')]
        [string]$AuditMessage,
        [Parameter(ParameterSetName='/policy/combined/reveal-uninstall-token/v1:post',Position=2)]
        [ValidateSet('agent_version','cid','external_ip','first_seen','hostname','last_seen','local_ip',
            'mac_address','os_build','os_version','platform_name','product_type','product_type_desc',
            'serial_number','system_manufacturer','system_product_name','tags',IgnoreCase=$false)]
        [string[]]$Include,
        [Parameter(ParameterSetName='/policy/combined/reveal-uninstall-token/v1:post',Mandatory,
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=3)]
        [Alias('device_id','DeviceId')]
        [ValidatePattern('^([a-fA-F0-9]{32}|MAINTENANCE)$')]
        [string]$Id
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Body = @{ root = @('audit_message','device_id') }}
        }
    }
    process {
        if ($Include) {
            # Append properties from 'Include'
            foreach ($Request in (Invoke-Falcon @Param -Inputs $PSBoundParameters)) {
                @($Request | Get-FalconHost -EA 0 | Select-Object @($Include + 'device_id')).foreach{
                    @($_.PSObject.Properties).foreach{ Set-Property $Request $_.Name $_.Value }
                }
                $Request
            }
        } else {
            Invoke-Falcon @Param -Inputs $PSBoundParameters
        }
    }
}
function Invoke-FalconSensorUpdatePolicyAction {
<#
.SYNOPSIS
Perform actions on Sensor Update policies
.DESCRIPTION
Requires 'Sensor Update Policies: Write'.
.PARAMETER Name
Action to perform
.PARAMETER GroupId
Host group identifier
.PARAMETER Id
Policy identifier
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Invoke-FalconSensorUpdatePolicyAction
#>

    [CmdletBinding(DefaultParameterSetName='/policy/entities/sensor-update-actions/v1:post',SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/policy/entities/sensor-update-actions/v1:post',Mandatory,Position=1)]
        [ValidateSet('add-host-group','disable','enable','remove-host-group',IgnoreCase=$false)]
        [Alias('action_name')]
        [string]$Name,
        [Parameter(ParameterSetName='/policy/entities/sensor-update-actions/v1:post',Position=2)]
        [ValidatePattern('^[a-fA-F0-9]{32}$')]
        [string]$GroupId,
        [Parameter(ParameterSetName='/policy/entities/sensor-update-actions/v1:post',Mandatory,
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=3)]
        [ValidatePattern('^[a-fA-F0-9]{32}$')]
        [string]$Id
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{
                Query = @('action_name')
                Body = @{ root = @('ids','action_parameters') }
            }
        }
    }
    process {
        $PSBoundParameters['Ids'] = @($PSBoundParameters.Id)
        [void]$PSBoundParameters.Remove('Id')
        if ($PSBoundParameters.GroupId) {
            $PSBoundParameters['action_parameters'] = @(
                @{
                    name = 'group_id'
                    value = $PSBoundParameters.GroupId
                }
            )
            [void]$PSBoundParameters.Remove('GroupId')
        }
        Invoke-Falcon @Param -Inputs $PSBoundParameters
    }
}
function New-FalconSensorUpdatePolicy {
<#
.SYNOPSIS
Create Sensor Update policies
.DESCRIPTION
Requires 'Sensor Update Policies: Write'.
.PARAMETER Array
An array of policies to create in a single request
.PARAMETER PlatformName
Operating system platform
.PARAMETER Name
Policy name
.PARAMETER Description
Policy description
.PARAMETER Setting
Policy settings
.LINK
https://github.com/crowdstrike/psfalcon/wiki/New-FalconSensorUpdatePolicy
#>

    [CmdletBinding(DefaultParameterSetName='/policy/entities/sensor-update/v2:post',SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='array',Mandatory,ValueFromPipeline)]
        [ValidateScript({
            foreach ($Object in $_) {
                $Param = @{
                    Object = $Object
                    Command = 'New-FalconSensorUpdatePolicy'
                    Endpoint = '/policy/entities/sensor-update/v2:post'
                    Required = @('name','platform_name')
                    Content = @('platform_name')
                    Format = @{ platform_name = 'PlatformName' }
                }
                Confirm-Parameter @Param
            }
        })]
        [Alias('resources')]
        [object[]]$Array,
        [Parameter(ParameterSetName='/policy/entities/sensor-update/v2:post',Mandatory,Position=1)]
        [string]$Name,
        [Parameter(ParameterSetName='/policy/entities/sensor-update/v2:post',Mandatory,Position=2)]
        [ValidateSet('Windows','Mac','Linux',IgnoreCase=$false)]
        [Alias('platform_name')]
        [string]$PlatformName,
        [Parameter(ParameterSetName='/policy/entities/sensor-update/v2:post',Position=3)]
        [string]$Description,
        [Parameter(ParameterSetName='/policy/entities/sensor-update/v2:post',Position=4)]
        [Alias('settings')]
        [System.Object]$Setting
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = '/policy/entities/sensor-update/v2:post'
            Format = @{
                Body = @{
                    resources = @('description','platform_name','name','settings')
                    root =      @('resources')
                }
            }
        }
        [System.Collections.Generic.List[object]]$List = @()
    }
    process {
        if ($Array) {
            foreach ($i in $Array) {
                # Select allowed fields, when populated
                [string[]]$Select = @('name','description','platform_name','settings').foreach{
                    if ($_ -eq 'settings') {
                        # Filter 'settings'
                        $i.settings = $i.settings | Select-Object @($i.settings.PSObject.Properties |
                            Where-Object { $null -ne $_.Value -and $_.Value -ne '' }).Name
                        if ($i.settings.variants) {
                            # Filter 'variants'
                            $i.settings.variants = @($i.settings.variants).foreach{
                                $_ | Select-Object @($_.PSObject.Properties | Where-Object {
                                    $null -ne $_.Value -and $_.Value -ne '' }).Name
                            }
                        }
                    }
                    if ($i.$_) { $_ }
                }
                if ($Select) { $List.Add(($i | Select-Object $Select)) }
            }
        } else {
            Invoke-Falcon @Param -Inputs $PSBoundParameters
        }
    }
    end {
        if ($List) {
            for ($i = 0; $i -lt $List.Count; $i += 100) {
                $PSBoundParameters['Array'] = @($List[$i..($i + 99)])
                Invoke-Falcon @Param -Inputs $PSBoundParameters
            }
        }
    }
}
function Remove-FalconSensorUpdatePolicy {
<#
.SYNOPSIS
Remove Sensor Update policies
.DESCRIPTION
Requires 'Sensor Update Policies: Write'.
.PARAMETER Id
Policy identifier
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Remove-FalconSensorUpdatePolicy
#>

    [CmdletBinding(DefaultParameterSetName='/policy/entities/sensor-update/v1:delete',SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/policy/entities/sensor-update/v1:delete',Mandatory,
            ValueFromPipelineByPropertyName,ValueFromPipeline,Position=1)]
        [ValidatePattern('^[a-fA-F0-9]{32}$')]
        [Alias('Ids')]
        [string[]]$Id
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Query = @('ids') }
        }
        [System.Collections.Generic.List[string]]$List = @()
    }
    process { if ($Id) { @($Id).foreach{ $List.Add($_) }}}
    end {
        if ($List) {
            $PSBoundParameters['Id'] = @($List | Select-Object -Unique)
            Invoke-Falcon @Param -Inputs $PSBoundParameters
        }
    }
}
function Set-FalconSensorUpdatePrecedence {
<#
.SYNOPSIS
Set Sensor Update policy precedence
.DESCRIPTION
All policy identifiers must be supplied in order (with the exception of the 'platform_default' policy) to define
policy precedence.
 
Requires 'Sensor Update Policies: Write'.
.PARAMETER PlatformName
Operating system platform
.PARAMETER Id
Policy identifiers in desired precedence order
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Set-FalconSensorUpdatePrecedence
#>

    [CmdletBinding(DefaultParameterSetName='/policy/entities/sensor-update-precedence/v1:post',
        SupportsShouldProcess)]
    param(
        [Parameter(ParameterSetName='/policy/entities/sensor-update-precedence/v1:post',Mandatory,Position=1)]
        [ValidateSet('Windows','Mac','Linux',IgnoreCase=$false)]
        [Alias('platform_name')]
        [string]$PlatformName,
        [Parameter(ParameterSetName='/policy/entities/sensor-update-precedence/v1:post',Mandatory,Position=2)]
        [ValidatePattern('^[a-fA-F0-9]{32}$')]
        [Alias('Ids')]
        [string[]]$Id
    )
    begin {
        $Param = @{
            Command = $MyInvocation.MyCommand.Name
            Endpoint = $PSCmdlet.ParameterSetName
            Format = @{ Body = @{ root = @('platform_name','ids') }}
        }
    }
    process { Invoke-Falcon @Param -Inputs $PSBoundParameters }
}