/
create-csvs-containing-device-control-policy-details-and-exceptions.ps1
105 lines (105 loc) · 3.55 KB
/
create-csvs-containing-device-control-policy-details-and-exceptions.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#Requires -Version 5.1
using module @{ModuleName='PSFalcon';ModuleVersion ='2.2'}
<#
.SYNOPSIS
Create a CSV containing Device Control policy info (settings, members, groups, exceptions) using id or name
.PARAMETER ClientId
OAuth2 client identifier
.PARAMETER ClientSecret
OAuth2 client secret
.PARAMETER Cloud
CrowdStrike cloud [default: 'us-1']
.PARAMETER Id
Policy identifier
.PARAMETER Name
Policy name
.PARAMETER Path
Target directory for CSV output
#>
[CmdletBinding(DefaultParameterSetName='Id')]
param(
[Parameter(ParameterSetName='Id',Mandatory,Position=1)]
[Parameter(ParameterSetName='Name',Mandatory,Position=1)]
[ValidatePattern('^[a-fA-F0-9]{32}$')]
[string]$ClientId,
[Parameter(ParameterSetName='Id',Mandatory,Position=2)]
[Parameter(ParameterSetName='Name',Mandatory,Position=2)]
[ValidatePattern('^\w{40}$')]
[string]$ClientSecret,
[Parameter(ParameterSetName='Id',Position=3)]
[Parameter(ParameterSetName='Name',Position=3)]
[ValidateSet('eu-1','us-gov-1','us-1','us-2')]
[string]$Cloud,
[Parameter(ParameterSetName='Id',Mandatory,Position=4)]
[ValidatePattern('^[a-fA-F0-9]{32}$')]
[string]$Id,
[Parameter(ParameterSetName='Name',Mandatory,Position=5)]
[string]$Name,
[Parameter(ParameterSetName='Id',Position=6)]
[Parameter(ParameterSetName='Name',Position=6)]
[ValidateScript({
if ((Test-Path $_) -eq $false) {
throw "Cannot find path '$_' because it does not exist."
} elseif ((Test-Path $_ -PathType Container) -eq $false) {
throw "'Path' must specify a directory."
} else {
$true
}
})]
[string]$Path
)
begin {
function Write-CsvOutput ([object]$Content,[string]$Type) {
if ($Content) {
$Param = @{
Path = Join-Path $OutputFolder "$((Get-Date -Format FileDate),$PolicyId,$Type -join '_').csv"
NoTypeInformation = $true
Append = $true
Force = $true
}
$Content | Export-Csv @Param
}
}
[string]$OutputFolder = if (!$Path) { (Get-Location).Path } else { $Path }
$Token = @{ ClientId = $ClientId; ClientSecret = $ClientSecret }
if ($Cloud) { $Token['Cloud'] = $Cloud }
Request-FalconToken @Token
$VerbosePreference = 'Continue'
}
process {
[string]$PolicyId = if ((Test-FalconToken).Token -eq $true) {
if ($Name) {
try {
Get-FalconDeviceControlPolicy -Filter "name:'$($Name.ToLower())'"
} catch {
throw "No Device Control policy found matching '$($Name.ToLower())'."
}
} else {
$Id
}
}
if ($PolicyId) {
foreach ($Item in (Get-FalconDeviceControlPolicy -Id $PolicyId)) {
$Item.settings.PSObject.Members.Where({ $_.MemberType -eq 'NoteProperty' }).foreach{
if ($_.Name -eq 'classes') {
Write-CsvOutput ($_.Value | Select-Object id,action) 'classes'
foreach ($Exception in ($_.Value).Where({ $_.exceptions }).exceptions) {
Write-CsvOutput $Exception 'exceptions'
}
} else {
$Item.PSObject.Properties.Add((New-Object PSNoteProperty($_.Name,$_.Value)))
}
}
foreach ($Property in @('groups','settings')) {
if ($Item.$Property -and $Property -eq 'groups') {
Write-CsvOutput ($Item.$Property | Select-Object id,name) $Property
}
$Item.PSObject.Properties.Remove($Property)
}
Write-CsvOutput $Item 'settings'
Write-CsvOutput (Get-FalconDeviceControlPolicyMember -Id $PolicyId -Detailed -All |
Select-Object device_id,hostname) 'members'
}
}
}
end { if (Test-Path $OutputFolder) { Get-ChildItem $OutputFolder | Select-Object FullName,Length,LastWriteTime }}