2.2.8 release #438
Merged
2.2.8 release #438
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Removed comment
Fixed some error message output for `Request-FalconToken` and `Test-FalconToken`.
Updated `Get-FalconVulnerability` to set `Limit` to `400` when using `All` without `Detailed` to prevent `5000 is an invalid page size, must be between 1 and 400` error.
Added sample
Added `DspmEnabled`, `DspmRegion`, and `DspmRole` to `Receive-FalconCloudAwsScript` Updated `Receive-FalconCloudAwsScript` to ensure that `OrganizationId` used updated parameter name during API submission
Increased `[System.Net.Http.HttpClient]` default timeout to 5 minutes from 1 minute to allow for the `put` command step to complete during `Invoke-FalconDeploy`. Updated `Invoke-FalconAdminCommand`, `Invoke-FalconCommand`, and `Invoke-FalconResponderCommand` to only attempt to append `batch_id` to results that have a `session_id`. This should suppress `You cannot call a method on a null-valued expression` errors when trying to append `batch_id` (`Set-Property $_ batch_id $BatchId`). Decreased default `Timeout` when using `runscript` for single host sessions by 5 seconds to help provide enough time for results to return. Added some minor formatting changes for performance (using `Where()` instead of `Where-Object`).
Added an additional 30 seconds to the default request wait time to allow for a gap between the maximum RTR session length (5 minutes) and result collection
Removed deprecated version of `Get-FalconContainerVulnerability` which has been replaced by an endpoint in the `container-security` collection
Updated `Get-FalconQuickScan` and `New-FalconQuickScan` to use QuickScan Pro APIs. Added additional QuickScan related commands for submitting samples: `Remove-FalconQuickScan`, `Remove-FalconQuickScanFile`, `Send-FalconQuickScanFile`. Removed `Get-FalconCloudIoaEvent` and `Get-FalconCloudIoaUser` because the APIs are no longer available. Added `Get-FalconIdentityRule`. Removed endpoint formatting data from `format\format.json` for commands that have their own defined format detail.
Updated sample to filter to completed scheduled reports
Updated `Receive-FalconScheduledReport` to use a combination of the `last_execution.id` and `report_params.format` fields to define an output filename if `Path` is left undefined and is being passed a report execution via pipeline
### `Edit-FalconFirewallGroup` * `null` values for `rule_ids` and `rule_versions` will now be converted into empty arrays. * Single values for `rule_ids` and `rule_versions` will now be forced into arrays. * Slightly modified some error messages. * Rearranged some of the code before submission.
Added `if` condition to `Edit-FalconFirewallGroup` to prevent attempted submission when the only provided `diff_operations` object is invalid
Removed code that had been commented out
Added additional `cid` evaluation in `Import-FalconConfig` to help ensure proper policies are being picked for creation/modification (because an inherited policy and a local policy can have the same name) and also filter out inherited policies when attempting to make changes (because inherited policies can't be modified--but groups can still be assigned).
Made some minor changes to use `.Where({})` filtering where possible.
Added `Get-FalconChannelState` Added `channel_state` to accepted `Include` values for `Get-FalconHost`
Updated `uninstall_sensor.sh` script to incorporate the use of `systemd` to uninstall `falcon-sensor` on Linux hosts utilizing some additional code from an existing uninstaller script. Thanks @carlosmmatos and @cs-APreston-ghAccount!
Corrected typo from testing
Test change for UTF-8 encoding to fix GitHub desktop comparison issue
Changed from UTF-16 LE to UTF-8 encoding to resolve GitHub Desktop comparison issue
Added `Get-FalconCorrelationRule` and `Remove-FalconCorrelationRule`
Added `protocol` as a required field for `ConvertTo-FalconFirewallRule`
Renamed `Get-FalconChannelControl` to `Get-FalconContentControl` Renamed `Set-FalconChannelControl` to `Set-FalconContentControl` Renamed `Get-FalconChannelState` to `Get-FalconContentState` Renamed `Get-FalconHost -Include` value from `channel_state` to `content_state` and updated command name
Added `Edit-FalconContentPolicy`, `Get-FalconContentPolicy`, `Get-FalconContentPolicyMember`, `Invoke-FalconContentPolicyAction`, `New-FalconContentPolicy`, `Remove-FalconContentPolicy`, and `Set-FalconContentPrecedence`
Added `ContentPolicy` to `Export-FalconConfig`
Added `ContentPolicy` to `Import-FalconConfig` Updated `Compare-Setting` function to properly evaluate `ring_assignment_settings` for `ContentPolicy` Modified `Add-Result` to omit `all` as a `platform` in host output stream messages
Added `ClRegex` and `IfnRegex` to `Get-FalconIoaExclusion` Added `MatchOnTsqResultType` to `Edit-FalconReconRule` and `New-FalconReconRule`
Corrected alias for `Receive-FalconCloudAwsScript` parameter `OrganizationId`
Added `Remove-FalconIdentityRule`
Added `New-FalconIdentityRule`
Added `MalwareSubmissionId` and `ReconRuleType` to `New-FalconCompleteCase`
Added `Get-FalconSnapshotCredential` and `New-FalconSnapshotAwsAccount`
Updated version to 2.2.8 in preparation for release
Readded formatting for `Start-FalconMigration`, `Stop-FalconMigration`, `Rename-FalconMigration` and `Remove-FalconMigration`
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Removed Commands
ioa
New Commands
billing-dashboards-usage
device-content
identity-protection
policy-content-update
quickscanpro
snapshots
Issues Resolved
Add-FalconSensorTagandRemove-FalconSensorTagnot working on Linux hosts #421: Updated internal function to evaluate FalconSensorTags and re-wrote scripts for FalconSensorTagmanipulation through Real-time Response to fix the inability to add/remove FalconSensorTags on Linux. This
also fixed the same issue that was impacting MacOS hosts.
Invoke-FalconDeployproducesnull-valued expressionerror duringputstep #424: Increased[System.Net.Http.HttpClient]default timeout to 5 minutes from 1 minute. UpdatedInvoke-FalconAdminCommand,Invoke-FalconCommand, andInvoke-FalconResponderCommandto only attempt toappend
batch_idto results that have asession_id.Uninstall-FalconSensoruses Windows script on Linux #426: UpdatedUninstall-FalconSensorto properly select bash uninstall script when targeting Linuxhosts.
tarandupdate querynot working in related RTR commands #427: Addedtarto validCommandlist forInvoke-FalconAdminCommandandInvoke-FalconResponderCommandand correctedInvoke-FalconAdminCommandto properly include theCommandvalue
update query.Edit-FalconFirewallGroupthrows error400: Provided data does not match expectedRuleGroupModifyRequestV1 format#433: ModifiedEdit-FalconFirewallGroupto ensure thatnullvalues forrule_idsandrule_versionsare converted into empty arrays, and that single values are forced into arrays.
Uninstall-FalconSensorissues against Linux boxes #435: Updateduninstall_sensor.shscript to incorporate the use ofsystemdto uninstallfalcon-sensoron Linux hosts utilizing some additional code from an existing uninstaller script. Thanks @carlosmmatos and
@cs-APreston-ghAccount!
General Changes
Request-FalconTokenandTest-FalconToken.Command Changes
ConvertTo-FalconFirewallRule
protocolas a required field for theMaptable and rule creation.Edit-FalconReconRule
MatchOnTsqResultType.Export-FalconConfig
ContentPolicyas a value forSelectparameter.Get-FalconChannelControl
Get-FalconContentControl.Get-FalconChannelControlhas been kept as an alias.Get-FalconHost
content_stateas anIncludevalue.Get-FalconIoaExclusion
ClRegexandIfnRegex.Get-FalconQuickScan
Get-FalconVulnerability
Limitto400when usingAllwithoutDetailedto prevent5000 is an invalid page size, must be between 1 and 400error.Import-FalconConfig
ContentPolicyas a value forModifyExistingandModifyDefaultparameters.Invoke-FalconAdminCommand
taras a validCommandvalue.Invoke-FalconResponderCommand
taras a validCommandvalue.update queryas a validCommandwhich was mistakenly removed in a previous release.New-FalconCompleteCase
MalwareSubmissionIdandReconRuleType.New-FalconQuickScan
New-FalconReconRule
MatchOnTsqResultType.Receive-FalconCloudAwsScript
DspmEnabled,DspmRegion, andDspmRole.Receive-FalconScheduledReport
last_execution.idandreport_params.formatfields to define afilename if
Pathis left undefined and is being passed a report via pipeline. This will ensure that"scheduled reports" (i.e. vulnerability reports) are successfully downloaded without providing a
Path.Set-FalconChannelControl
Set-FalconContentControl.Set-FalconChannelControlhas been kept as an alias.