[ BUG ] Settings are not applied when creating new policies using Import-FalconConfig
#222
Assignees
Labels
bug
Something isn't working
Comments
ghost
added
the
|
Thank you for the report. I've verified this bug and plan on fixing it in the next release. In the meantime, you can work around the problem by using the Please let me know if this does not behave as expected. |
|
Unfortunatly it did not work: |
bk-cs
added a commit
that referenced
this issue
Aug 19, 2022
Issue #222: Updated comparison process to ensure an imported policy would be properly added to the list of items to be modified, whether or not it was going to be created. Removed existing copy policy operation from creation process. Modified method of Write-Host output during the 'Add-Result' function to reduce overall code. Updated 'Add-Result' to ensure proper results when modifying newly created policies. Updated 'Import-ConfigData' function to exclude 'created_by', 'modified_by', 'created_timestamp' and 'modified_timestamp' fields during import. Slightly re-organized the creation of 'FirewallGroup', 'IoaGroup', 'Script', 'IoaExclusion', 'MlExclusion' and 'SvExclusion'. Moved HostGroup id update before creation of policies. Changed 'if' statement that was used to determine if settings needed modification to reduce complexity. Corrected warning message output to ensure that warning messages are produced for each policy and platform type when policy precedence should be verified. Removed forced declaration of [object[]] arrays to ensure it didn't cause issues with the creation of policies with non-array based 'settings'.
|
I believe I have fixed this issue. Can you try testing by replacing your https://raw.githubusercontent.com/CrowdStrike/psfalcon/2.2.2/Public/psf-config.ps1 You will need to reload your PSFalcon module in order for the changes to take effect. |
bk-cs
changed the title
Import-FalconConfig
|
Closing issue--resolved in 2.2.2 release. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Importing a configuration that was exported does not work correctly.
When importin a custom prevention policy no settings are imported. So every setting is set to false. Also the groups section is not imported.
It will print this error message, when importing a custom prevention policy:
Write-Result : [{"code":400,"message":"Prevention settings must specify an id"},{"code":400,"message":"Prevention settings must specify an id"},{"code":400,"message":"Prevention settings must specify an id"},{"code":400,"message":"Prevention settings must specify an id"},{"code":400,"message":"Prevention settings must specify an id"},{"code":400,"message":"Prevention settings must specify an id"},{"code":400,"message":"Prevention settings must specify an id"},{"code":400,"message":"Prevention settings must specify an id"},{"code":400,"message":"Prevention settings must specify an id"}]With the debug option it is possible to see that the client sends the wrong data:
{"resources":[{"id":"----------------","settings":[{"id":null,"value":null},{"id":null,"value":null},{"id":null,"value":null},{"id":null,"value":null},{"id":null,"value":null},{"id":null,"value":null},{"id":null,"value":null},{"id":null,"value":null},{"id":null,"value":null}]}]}To Reproduce
Export a configuration from a profile with custom settings and prevention policies, then delete these policies and import them back.
Expected behavior
It should import the configuration correct, so when exporting the configuration again, there should be no major difference.
Environment (please complete the following information):
The text was updated successfully, but these errors were encountered: