public/spotlight.ps1

function Get-FalconRemediation {
<#
.SYNOPSIS
Retrieve detail about remediations specified in a Falcon Spotlight vulnerability
.DESCRIPTION
Requires 'Vulnerabilities: Read'.
.PARAMETER Id
Remediation identifier
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Get-FalconRemediation
#>

  [CmdletBinding(DefaultParameterSetName='/spotlight/entities/remediations/v2:get',SupportsShouldProcess)]
  param(
    [Parameter(ParameterSetName='/spotlight/entities/remediations/v2:get',Mandatory,
      ValueFromPipelineByPropertyName,ValueFromPipeline,Position=1)]
    [Alias('ids')]
    [object[]]$Id
  )
  begin {
    $Param = @{ Command = $MyInvocation.MyCommand.Name; Endpoint = $PSCmdlet.ParameterSetName }
    [System.Collections.Generic.List[string]]$List = @()
  }
  process {
    if ($Id) {
      @($Id).foreach{
        if ($_.apps.remediation.ids) {
          # Use 'apps.remediation.ids' when supplied with a detailed vulnerability object
          @($_.apps.remediation.ids).foreach{ $List.Add($_) }
        } elseif ($_ -is [string]) {
          if ($_ -notmatch '^[a-fA-F0-9]{32}$') {
            throw "'$_' is not a valid remediation identifier."
          } else {
            $List.Add($_)
          }
        }
      }
    }
  }
  end {
    if ($List) {
      $PSBoundParameters['Id'] = @($List)
      Invoke-Falcon @Param -UserInput $PSBoundParameters
    }
  }
}
function Get-FalconVulnerability {
<#
.SYNOPSIS
Search for Falcon Spotlight vulnerabilities
.DESCRIPTION
Requires 'Vulnerabilities: Read'.
.PARAMETER Id
Vulnerability identifier
.PARAMETER Filter
Falcon Query Language expression to limit results
.PARAMETER Facet
Include additional properties
.PARAMETER Sort
Property and direction to sort results
.PARAMETER Limit
Maximum number of results per request
.PARAMETER After
Pagination token to retrieve the next set of results
.PARAMETER Detailed
Retrieve detailed information
.PARAMETER All
Repeat requests until all available results are retrieved
.PARAMETER Total
Display total result count instead of results
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Get-FalconVulnerability
#>

  [CmdletBinding(DefaultParameterSetName='/spotlight/queries/vulnerabilities/v1:get',SupportsShouldProcess)]
  param(
    [Parameter(ParameterSetName='/spotlight/entities/vulnerabilities/v2:get',Mandatory,
      ValueFromPipelineByPropertyName,ValueFromPipeline)]
    [ValidatePattern('^[a-fA-F0-9]{32}_[a-fA-F0-9]{32}$')]
    [Alias('ids')]
    [string[]]$Id,
    [Parameter(ParameterSetName='/spotlight/queries/vulnerabilities/v1:get',Mandatory,Position=1)]
    [Parameter(ParameterSetName='/spotlight/combined/vulnerabilities/v1:get',Mandatory,Position=1)]
    [ValidateScript({ Test-FqlStatement $_ })]
    [string]$Filter,
    [Parameter(ParameterSetName='/spotlight/combined/vulnerabilities/v1:get',Position=2)]
    [ValidateSet('cve','evaluation_logic','host_info','remediation',IgnoreCase=$false)]
    [string[]]$Facet,
    [Parameter(ParameterSetName='/spotlight/queries/vulnerabilities/v1:get',Position=3)]
    [Parameter(ParameterSetName='/spotlight/combined/vulnerabilities/v1:get',Position=3)]
    [ValidateSet('created_timestamp.asc','created_timestamp.desc','closed_timestamp.asc',
      'closed_timestamp.desc','updated_timestamp.asc','updated_timestamp.desc',IgnoreCase=$false)]
    [string]$Sort,
    [Parameter(ParameterSetName='/spotlight/queries/vulnerabilities/v1:get',Position=4)]
    [Parameter(ParameterSetName='/spotlight/combined/vulnerabilities/v1:get',Position=4)]
    [ValidateRange(1,5000)]
    [int32]$Limit,
    [Parameter(ParameterSetName='/spotlight/queries/vulnerabilities/v1:get')]
    [Parameter(ParameterSetName='/spotlight/combined/vulnerabilities/v1:get')]
    [string]$After,
    [Parameter(ParameterSetName='/spotlight/combined/vulnerabilities/v1:get',Mandatory)]
    [switch]$Detailed,
    [Parameter(ParameterSetName='/spotlight/queries/vulnerabilities/v1:get')]
    [Parameter(ParameterSetName='/spotlight/combined/vulnerabilities/v1:get')]
    [switch]$All,
    [Parameter(ParameterSetName='/spotlight/queries/vulnerabilities/v1:get')]
    [switch]$Total
  )
  begin {
    $Param = @{ Command = $MyInvocation.MyCommand.Name; Endpoint = $PSCmdlet.ParameterSetName }
    [System.Collections.Generic.List[string]]$List = @()
    if (($Param.Endpoint -match 'queries' -and $PSBoundParameters.Limit -gt 400) -or
    ($PSBoundParameters.All -and !$PSBoundParameters.Limit)) {
      $PSBoundParameters['Limit'] = 400
    }
  }
  process {
    if ($Id) { @($Id).foreach{ $List.Add($_) }} else { Invoke-Falcon @Param -UserInput $PSBoundParameters }
  }
  end {
    if ($List) {
      $PSBoundParameters['Id'] = @($List)
      Invoke-Falcon @Param -UserInput $PSBoundParameters
    }
  }
}
function Get-FalconVulnerabilityLogic {
<#
.SYNOPSIS
Search for Falcon Spotlight vulnerability evaluation logic
.DESCRIPTION
Requires 'Vulnerabilities: Read'.
.PARAMETER Id
Vulnerability logic identifier
.PARAMETER Filter
Falcon Query Language expression to limit results
.PARAMETER Sort
Property and direction to sort results
.PARAMETER Limit
Maximum number of results per request
.PARAMETER After
Pagination token to retrieve the next set of results
.PARAMETER Detailed
Retrieve detailed information
.PARAMETER All
Repeat requests until all available results are retrieved
.PARAMETER Total
Display total result count instead of results
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Get-FalconVulnerabilityLogic
#>

  [CmdletBinding(DefaultParameterSetName='/spotlight/queries/evaluation-logic/v1:get',SupportsShouldProcess)]
  param(
    [Parameter(ParameterSetName='/spotlight/entities/evaluation-logic/v1:get',Mandatory,
      ValueFromPipelineByPropertyName,ValueFromPipeline)]
    [Alias('ids','apps')]
    [object[]]$Id,
    [Parameter(ParameterSetName='/spotlight/queries/evaluation-logic/v1:get',Mandatory,Position=1)]
    [Parameter(ParameterSetName='/spotlight/combined/evaluation-logic/v1:get',Mandatory,Position=1)]
    [ValidateScript({ Test-FqlStatement $_ })]
    [string]$Filter,
    [Parameter(ParameterSetName='/spotlight/queries/evaluation-logic/v1:get',Position=2)]
    [Parameter(ParameterSetName='/spotlight/combined/evaluation-logic/v1:get',Position=2)]
    [string]$Sort,
    [Parameter(ParameterSetName='/spotlight/queries/evaluation-logic/v1:get',Position=3)]
    [Parameter(ParameterSetName='/spotlight/combined/evaluation-logic/v1:get',Position=3)]
    [int]$Limit,
    [Parameter(ParameterSetName='/spotlight/queries/evaluation-logic/v1:get')]
    [Parameter(ParameterSetName='/spotlight/combined/evaluation-logic/v1:get')]
    [string]$After,
    [Parameter(ParameterSetName='/spotlight/combined/evaluation-logic/v1:get',Mandatory)]
    [switch]$Detailed,
    [Parameter(ParameterSetName='/spotlight/queries/evaluation-logic/v1:get')]
    [Parameter(ParameterSetName='/spotlight/combined/evaluation-logic/v1:get')]
    [switch]$All,
    [Parameter(ParameterSetName='/spotlight/queries/evaluation-logic/v1:get')]
    [switch]$Total
  )
  begin {
    $Param = @{ Command = $MyInvocation.MyCommand.Name; Endpoint = $PSCmdlet.ParameterSetName }
    [System.Collections.Generic.List[string]]$List = @()
  }
  process {
    if ($Id) {
      @($Id).foreach{
        if ($_.apps.evaluation_logic.id) {
          # Use 'apps.evaluation_logic.id' when supplied with a detailed vulnerability object
          $List.Add($_.apps.evaluation_logic.id)
        } elseif ($_ -is [string]) {
          if ($_ -notmatch '^[a-fA-F0-9]{32}$') {
            throw "'$_' is not a valid vulnerability evaluation logic identifier."
          } else {
            $List.Add($_)
          }
        }
      }
    } else {
      Invoke-Falcon @Param -UserInput $PSBoundParameters
    }
  }
  end {
    if ($List) {
      $PSBoundParameters['Id'] = @($List)
      Invoke-Falcon @Param -UserInput $PSBoundParameters
    }
  }
}