PSFalcon

2.2.8

public/settings.ps1

                                function Edit-FalconCloudPolicy {

<#

.SYNOPSIS

Modify a Falcon Cloud Security policy

.DESCRIPTION

Requires 'CSPM registration: Write'.

.PARAMETER Severity

Severity level

.PARAMETER Enabled

Policy enablement status

.PARAMETER Region

Cloud region

.PARAMETER TagExcluded

Tag exclusion flag

.PARAMETER AccountId

Account identifier

.PARAMETER Id

Policy identifier

.LINK

https://github.com/crowdstrike/psfalcon/wiki/Edit-FalconCloudPolicy

#>

  [CmdletBinding(DefaultParameterSetName='/settings/entities/policy/v1:patch',SupportsShouldProcess)]

  [Alias('Edit-FalconHorizonPolicy')]

  param(

    [Parameter(ParameterSetName='/settings/entities/policy/v1:patch',Mandatory,ValueFromPipelineByPropertyName,

      Position=1)]

    [ValidateSet('informational','medium','high','critical',IgnoreCase=$false)]

    [string]$Severity,

    [Parameter(ParameterSetName='/settings/entities/policy/v1:patch',Mandatory,ValueFromPipelineByPropertyName,

      Position=2)]

    [boolean]$Enabled,

    [Parameter(ParameterSetName='/settings/entities/policy/v1:patch',ValueFromPipelineByPropertyName,Position=3)]

    [Alias('regions')]

    [string[]]$Region,

    [Parameter(ParameterSetName='/settings/entities/policy/v1:patch',ValueFromPipelineByPropertyName,Position=4)]

    [Alias('tag_excluded')]

    [boolean]$TagExcluded,

    [Parameter(ParameterSetName='/settings/entities/policy/v1:patch',ValueFromPipelineByPropertyName,Position=5)]

    [Alias('account_ids')]

    [string[]]$AccountId,

    [Parameter(ParameterSetName='/settings/entities/policy/v1:patch',Mandatory,ValueFromPipelineByPropertyName)]

    [Alias('policy_id','PolicyId')]

    [int32]$Id

  )

  begin { $Param = @{ Command = $MyInvocation.MyCommand.Name; Endpoint = $PSCmdlet.ParameterSetName }}

  process { Invoke-Falcon @Param -UserInput $PSBoundParameters }

}

function Edit-FalconCloudSchedule {

<#

.SYNOPSIS

Modify Falcon Cloud Security scan schedules

.DESCRIPTION

Requires 'CSPM registration: Write'.

.PARAMETER ScanSchedule

Scan interval

.PARAMETER CloudPlatform

Cloud platform

.PARAMETER NextScanTimestamp

Next scan timestamp (RFC3339)

.LINK

https://github.com/crowdstrike/psfalcon/wiki/Edit-FalconCloudSchedule

#>

  [CmdletBinding(DefaultParameterSetName='/settings/scan-schedule/v1:post',SupportsShouldProcess)]

  [Alias('Edit-FalconHorizonSchedule')]

  param(

    [Parameter(ParameterSetName='/settings/scan-schedule/v1:post',Mandatory,ValueFromPipelineByPropertyName,

      Position=1)]

    [ValidateSet('2h','6h','12h','24h',IgnoreCase=$false)]

    [Alias('scan_schedule')]

    [string]$ScanSchedule,

    [Parameter(ParameterSetName='/settings/scan-schedule/v1:post',Mandatory,ValueFromPipelineByPropertyName,

      Position=2)]

    [ValidateSet('aws','azure','gcp',IgnoreCase=$false)]

    [Alias('cloud_platform','cloud_provider')]

    [string]$CloudPlatform,

    [Parameter(ParameterSetName='/settings/scan-schedule/v1:post',ValueFromPipelineByPropertyName,Position=3)]

    [ValidatePattern('^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$')]

    [Alias('next_scan_timestamp')]

    [string]$NextScanTimestamp

  )

  begin { $Param = @{ Command = $MyInvocation.MyCommand.Name; Endpoint = $PSCmdlet.ParameterSetName }}

  process { Invoke-Falcon @Param -UserInput $PSBoundParameters }

}

function Get-FalconCloudPolicy {

<#

.SYNOPSIS

Retrieve detailed information about Falcon Cloud Security policies

.DESCRIPTION

Requires 'CSPM registration: Read'.

.PARAMETER Id

Policy identifier

.PARAMETER PolicyId

Policy identifier

.PARAMETER Service

Cloud service type

.PARAMETER CloudPlatform

Cloud platform

.LINK

https://github.com/crowdstrike/psfalcon/wiki/Get-FalconCloudPolicy

#>

  [CmdletBinding(DefaultParameterSetName='/settings/entities/policy/v1:get',SupportsShouldProcess)]

  [Alias('Get-FalconHorizonPolicy')]

  param(

    [Parameter(ParameterSetName='/settings/entities/policy-details/v2:get',ValueFromPipelineByPropertyName,

      ValueFromPipeline,Mandatory)]

    [ValidatePattern('^\d+$')]

    [Alias('ids','policy_id')]

    [int32[]]$Id,

    [Parameter(ParameterSetName='/settings/entities/policy/v1:get',Position=1)]

    [ValidatePattern('^\d+$')]

    [Alias('policy-id')]

    [int32]$PolicyId,

    [Parameter(ParameterSetName='/settings/entities/policy/v1:get',Position=2)]

    [ValidateSet('ACM','ACR','Any','App Engine','AppService','BigQuery','Cloud Load Balancing',

      'Cloud Logging','Cloud SQL','Cloud Storage','CloudFormation','CloudTrail','CloudWatch Logs',

      'Cloudfront','Compute Engine','Config','Disk','DynamoDB','EBS','EC2','ECR','EFS','EKS',

      'ELB','EMR','Elasticache','GuardDuty','IAM','Identity','KMS','KeyVault','Kinesis',

      'Kubernetes','Lambda','LoadBalancer','Monitor','NLB/ALB','NetworkSecurityGroup','PostgreSQL',

      'RDS','Redshift','S3','SES','SNS','SQLDatabase','SQLServer','SQS','SSM',

      'Serverless Application Repository','StorageAccount','Subscriptions','VPC','VirtualMachine',

      'VirtualNetwork',IgnoreCase=$false)]

    [string]$Service,

    [Parameter(ParameterSetName='/settings/entities/policy/v1:get',Position=3)]

    [ValidateSet('aws','azure','gcp',IgnoreCase=$false)]

    [Alias('cloud-platform')]

    [string]$CloudPlatform

  )

  begin {

    $Param = @{ Command = $MyInvocation.MyCommand.Name; Endpoint = $PSCmdlet.ParameterSetName }

    [System.Collections.Generic.List[int32]]$List = @()

  }

  process {

    if ($Id) { @($Id).foreach{ $List.Add($_) }} else { Invoke-Falcon @Param -UserInput $PSBoundParameters }

  }

  end {

    if ($List) {

      $PSBoundParameters['Id'] = @($List)

      Invoke-Falcon @Param -UserInput $PSBoundParameters

    }

  }

}

function Get-FalconCloudSchedule {

<#

.SYNOPSIS

Retrieve detailed information about Falcon Cloud Security schedules

.DESCRIPTION

Requires 'CSPM registration: Read'.

.PARAMETER CloudPlatform

Cloud platform

.LINK

https://github.com/crowdstrike/psfalcon/wiki/Get-FalconCloudSchedule

#>

  [CmdletBinding(DefaultParameterSetName='/settings/scan-schedule/v1:get',SupportsShouldProcess)]

  [Alias('Get-FalconHorizonSchedule')]

  param(

    [Parameter(ParameterSetName='/settings/scan-schedule/v1:get',Mandatory,ValueFromPipelineByPropertyName,

      ValueFromPipeline,Position=1)]

    [ValidateSet('aws','azure','gcp',IgnoreCase=$false)]

    [Alias('cloud-platform','cloud_platform','cloud_provider')]

    [string[]]$CloudPlatform

  )

  begin {

    $Param = @{ Command = $MyInvocation.MyCommand.Name; Endpoint = $PSCmdlet.ParameterSetName }

    [System.Collections.Generic.List[string]]$List = @()

  }

  process { if ($CloudPlatform) { @($CloudPlatform).foreach{ $List.Add($_) }}}

  end {

    if ($List) {

      $PSBoundParameters['CloudPlatform'] = @($List)

      Invoke-Falcon @Param -UserInput $PSBoundParameters

    }

  }

}