Public/settings.ps1
function Edit-FalconHorizonPolicy { <# .SYNOPSIS Modify a Falcon Horizon policy .DESCRIPTION Requires 'CSPM Registration: Write'. .PARAMETER Severity Severity level .PARAMETER Enabled Policy enablement status .PARAMETER Region Cloud region .PARAMETER TagExcluded .PARAMETER AccountId Account identifier .PARAMETER Id Policy identifier .LINK https://github.com/crowdstrike/psfalcon/wiki/Edit-FalconHorizonPolicy #> [CmdletBinding(DefaultParameterSetName='/settings/entities/policy/v1:patch',SupportsShouldProcess)] param( [Parameter(ParameterSetName='/settings/entities/policy/v1:patch',Mandatory,ValueFromPipelineByPropertyName, Position=1)] [ValidateSet('informational','medium','high',IgnoreCase=$false)] [string]$Severity, [Parameter(ParameterSetName='/settings/entities/policy/v1:patch',Mandatory,ValueFromPipelineByPropertyName, Position=2)] [boolean]$Enabled, [Parameter(ParameterSetName='/settings/entities/policy/v1:patch',ValueFromPipelineByPropertyName, Position=3)] [Alias('regions')] [string[]]$Region, [Parameter(ParameterSetName='/settings/entities/policy/v1:patch',ValueFromPipelineByPropertyName, Position=4)] [Alias('tag_excluded')] [boolean]$TagExcluded, [Parameter(ParameterSetName='/settings/entities/policy/v1:patch',ValueFromPipelineByPropertyName, Position=5)] [Alias('account_id')] [string]$AccountId, [Parameter(ParameterSetName='/settings/entities/policy/v1:patch',Mandatory, ValueFromPipelineByPropertyName)] [Alias('policy_id','PolicyId')] [int32]$Id ) begin { $Param = @{ Command = $MyInvocation.MyCommand.Name Endpoint = $PSCmdlet.ParameterSetName Format = @{ Body = @{ resources = @('enabled','policy_id','regions','account_id','severity','tag_excluded') } } } } process { Invoke-Falcon @Param -Inputs $PSBoundParameters } } function Edit-FalconHorizonSchedule { <# .SYNOPSIS Modify Falcon Horizon scan schedules .DESCRIPTION Requires 'CSPM Registration: Write'. .PARAMETER ScanSchedule Scan interval .PARAMETER CloudPlatform Cloud platform .PARAMETER NextScanTimestamp Next scan timestamp (RFC3339) .LINK https://github.com/crowdstrike/psfalcon/wiki/Edit-FalconHorizonSchedule #> [CmdletBinding(DefaultParameterSetName='/settings/scan-schedule/v1:post',SupportsShouldProcess)] param( [Parameter(ParameterSetName='/settings/scan-schedule/v1:post',Mandatory,ValueFromPipelineByPropertyName, Position=1)] [ValidateSet('2h','6h','12h','24h',IgnoreCase=$false)] [Alias('scan_schedule')] [string]$ScanSchedule, [Parameter(ParameterSetName='/settings/scan-schedule/v1:post',Mandatory,ValueFromPipelineByPropertyName, Position=2)] [ValidateSet('aws','azure','gcp',IgnoreCase=$false)] [Alias('cloud_platform','cloud_provider')] [string]$CloudPlatform, [Parameter(ParameterSetName='/settings/scan-schedule/v1:post',ValueFromPipelineByPropertyName,Position=3)] [ValidatePattern('^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$')] [Alias('next_scan_timestamp')] [string]$NextScanTimestamp ) begin { $Param = @{ Command = $MyInvocation.MyCommand.Name Endpoint = $PSCmdlet.ParameterSetName Format = @{ Body = @{ resources = @('cloud_platform','scan_schedule','next_scan_timestamp') }} } } process { Invoke-Falcon @Param -Inputs $PSBoundParameters } } function Get-FalconHorizonPolicy { <# .SYNOPSIS Retrieve detailed information about Falcon Horizon policies .DESCRIPTION Requires 'CSPM Registration: Read'. .PARAMETER Id Policy identifier .PARAMETER PolicyId Policy identifier .PARAMETER Service Cloud service type .PARAMETER CloudPlatform Cloud platform .PARAMETER Detailed Retrieve detailed information .LINK https://github.com/crowdstrike/psfalcon/wiki/Get-FalconHorizonPolicy #> [CmdletBinding(DefaultParameterSetName='/settings/entities/policy/v1:get',SupportsShouldProcess)] param( [Parameter(ParameterSetName='/settings/entities/policy-details/v1:get',ValueFromPipelineByPropertyName, ValueFromPipeline,Mandatory)] [ValidatePattern('^\d+$')] [Alias('Ids','policy_id')] [int32[]]$Id, [Parameter(ParameterSetName='/settings/entities/policy/v1:get',Position=1)] [ValidatePattern('^\d+$')] [Alias('policy-id')] [int32]$PolicyId, [Parameter(ParameterSetName='/settings/entities/policy/v1:get',Position=2)] [ValidateSet('ACM','ACR','Any','App Engine','AppService','BigQuery','Cloud Load Balancing', 'Cloud Logging','Cloud SQL','Cloud Storage','CloudFormation','CloudTrail','CloudWatch Logs', 'Cloudfront','Compute Engine','Config','Disk','DynamoDB','EBS','EC2','ECR','EFS','EKS', 'ELB','EMR','Elasticache','GuardDuty','IAM','Identity','KMS','KeyVault','Kinesis', 'Kubernetes','Lambda','LoadBalancer','Monitor','NLB/ALB','NetworkSecurityGroup','PostgreSQL', 'RDS','Redshift','S3','SES','SNS','SQLDatabase','SQLServer','SQS','SSM', 'Serverless Application Repository','StorageAccount','Subscriptions','VPC','VirtualMachine', 'VirtualNetwork',IgnoreCase=$false)] [string]$Service, [Parameter(ParameterSetName='/settings/entities/policy/v1:get',Position=3)] [ValidateSet('aws','azure','gcp',IgnoreCase=$false)] [Alias('cloud-platform')] [string]$CloudPlatform, [Parameter(ParameterSetName='/settings/entities/policy/v1:get')] [switch]$Detailed ) begin { $Param = @{ Command = $MyInvocation.MyCommand.Name Endpoint = $PSCmdlet.ParameterSetName Format = @{ Query = @('ids','service','policy-id','cloud-platform') } } [System.Collections.Generic.List[int32]]$List = @() } process { if ($Id) { @($Id).foreach{ $List.Add($_) }}} end { if ($List) { $PSBoundParameters['Id'] = @($List | Select-Object -Unique) } Invoke-Falcon @Param -Inputs $PSBoundParameters } } function Get-FalconHorizonSchedule { <# .SYNOPSIS Retrieve detailed information about Falcon Horizon schedules .DESCRIPTION Requires 'CSPM Registration: Read'. .PARAMETER CloudPlatform Cloud platform .LINK https://github.com/crowdstrike/psfalcon/wiki/Get-FalconHorizonSchedule #> [CmdletBinding(DefaultParameterSetName='/settings/scan-schedule/v1:get',SupportsShouldProcess)] param( [Parameter(ParameterSetName='/settings/scan-schedule/v1:get',Mandatory,ValueFromPipelineByPropertyName, ValueFromPipeline,Position=1)] [ValidateSet('aws','azure','gcp',IgnoreCase=$false)] [Alias('cloud-platform','cloud_platform','cloud_provider')] [string[]]$CloudPlatform ) begin { $Param = @{ Command = $MyInvocation.MyCommand.Name Endpoint = $PSCmdlet.ParameterSetName Format = @{ Query = @('cloud-platform') } } [System.Collections.Generic.List[string]]$List = @() } process { if ($CloudPlatform) { @($CloudPlatform).foreach{ $List.Add($_) }}} end { if ($List) { $PSBoundParameters['CloudPlatform'] = @($List | Select-Object -Unique) Invoke-Falcon @Param -Inputs $PSBoundParameters } } } |