Skip to content

Commit

Permalink
Added commands
Browse files Browse the repository at this point in the history 
Added `Get-FalconSnapshotCredential` and `New-FalconSnapshotAwsAccount`
  • Loading branch information
@bk-cs
bk-cs committed Dec 19, 2024
1 parent 3a76233 commit 6281822
Show file tree
Hide file tree
Showing 3 changed files with 77 additions and 2 deletions.
2 changes: 2 additions & 0 deletions PSFalcon.psd1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -577,7 +577,9 @@

# snapshots
'Get-FalconSnapshot'
'Get-FalconSnapshotCredential'
'Get-FalconSnapshotScan'
'New-FalconSnapshotAwsAccount'
'New-FalconSnapshotScan'

# spotlight
Expand Down
14 changes: 14 additions & 0 deletions format/format.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5340,6 +5340,20 @@
]
}
},
"/snapshots/entities/accounts/v1": {
"post": {
"body": {
"aws_accounts": [
"account_number",
"batch_regions",
"iam_external_id",
"iam_role_arn",
"kms_alias",
"processing_account"
]
}
}
},
"/snapshots/entities/deployments/v1": {
"get": {
"query": [
Expand Down
63 changes: 61 additions & 2 deletions public/snapshots.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ https://github.com/crowdstrike/psfalcon/wiki/Get-FalconSnapshot
#>
[CmdletBinding(DefaultParameterSetName='/snapshots/combined/deployments/v1:get',SupportsShouldProcess)]
param(
[Parameter(ParameterSetName='/snapshots/entities/deployments/v1:get',ValueFromPipelineByPropertyName,
[Parameter(ParameterSetName='/snapshots/entities/deployments/v1:get',Mandatory,ValueFromPipelineByPropertyName,
ValueFromPipeline)]
[ValidatePattern('^[a-fA-F0-9]{8}-([a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}$')]
[Alias('ids')]
Expand Down Expand Up @@ -60,6 +60,20 @@ https://github.com/crowdstrike/psfalcon/wiki/Get-FalconSnapshot
}
}
}
function Get-FalconSnapshotCredential {
<#
.SYNOPSIS
Gets the registry credentials
.DESCRIPTION
Requires 'Snapshot Scanner Image Download: Read'.
.LINK
https://github.com/crowdstrike/psfalcon/wiki/Get-FalconSnapshotCredential
#>
[CmdletBinding(DefaultParameterSetName='/snapshots/entities/image-registry-credentials/v1:get',
SupportsShouldProcess)]
param()
process { Invoke-Falcon -Command $MyInvocation.MyCommand.Name -Endpoint $PSCmdlet.ParameterSetName }
}
function Get-FalconSnapshotScan {
<#
.SYNOPSIS
Expand All @@ -74,7 +88,7 @@ https://github.com/crowdstrike/psfalcon/wiki/Get-FalconSnapshotScan
[CmdletBinding(DefaultParameterSetName='/snapshots/entities/scanreports/v1:get',SupportsShouldProcess)]
param(
[Parameter(ParameterSetName='/snapshots/entities/scanreports/v1:get',Mandatory,ValueFromPipelineByPropertyName,
ValueFromPipeline)]
ValueFromPipeline,Position=1)]
[Alias('ids','asset_identifier')]
[string[]]$Id
)
Expand All @@ -90,6 +104,51 @@ https://github.com/crowdstrike/psfalcon/wiki/Get-FalconSnapshotScan
}
}
}
function New-FalconSnapshotAwsAccount {
<#
.SYNOPSIS
Add an AWS account for Falcon Cloud Security snapshot scanning
.DESCRIPTION
Requires 'Snapshot: Write'.
.PARAMETER AccountNumber
AWS account number
.PARAMETER BatchRegion
Object(s) containing 'region', 'job_queue', and 'job_definition_name'
.PARAMETER IamExternalId
AWS IAM external identifier
.PARAMETER IamRoleArn
AWS IAM role ARN
.PARAMETER KmsAlias
AWS KMS alias
.PARAMETER ProcessingAccount
AWS processing account
.LINK
https://github.com/crowdstrike/psfalcon/wiki/New-FalconSnapshotAwsAccount
#>
[CmdletBinding(DefaultParameterSetName='/snapshots/entities/accounts/v1:post',SupportsShouldProcess)]
param(
[Parameter(ParameterSetName='/snapshots/entities/accounts/v1:post',ValueFromPipelineByPropertyName,Position=1)]
[Alias('account_number')]
[string]$AccountNumber,
[Parameter(ParameterSetName='/snapshots/entities/accounts/v1:post',ValueFromPipelineByPropertyName,Position=2)]
[Alias('batch_regions')]
[object[]]$BatchRegion,
[Parameter(ParameterSetName='/snapshots/entities/accounts/v1:post',ValueFromPipelineByPropertyName,Position=3)]
[Alias('iam_external_id')]
[string]$IamExternalId,
[Parameter(ParameterSetName='/snapshots/entities/accounts/v1:post',ValueFromPipelineByPropertyName,Position=4)]
[Alias('iam_role_arn')]
[string]$IamRoleArn,
[Parameter(ParameterSetName='/snapshots/entities/accounts/v1:post',ValueFromPipelineByPropertyName,Position=5)]
[Alias('kms_alias')]
[string]$KmsAlias,
[Parameter(ParameterSetName='/snapshots/entities/accounts/v1:post',ValueFromPipelineByPropertyName,Position=6)]
[Alias('processing_account')]
[string]$ProcessingAccount
)
begin { $Param = @{ Command = $MyInvocation.MyCommand.Name; Endpoint = $PSCmdlet.ParameterSetName }}
process { Invoke-Falcon @Param -UserInput $PSBoundParameters }
}
function New-FalconSnapshotScan {
<#
.SYNOPSIS
Expand Down

0 comments on commit 6281822

Please sign in to comment.