-
Notifications
You must be signed in to change notification settings - Fork 81
Edit FalconFirewallSetting
bk-cs edited this page Oct 20, 2022
·
20 revisions
Modify Falcon Firewall Management policy settings
All fields are required to modify policy settings. PSFalcon adds missing values automatically using data from your existing policy.
If adding or removing rule groups, all rule groups must be supplied in precedence order.
Requires 'Firewall Management: Write'.
| Name | Type | Min | Max | Allowed | Pipeline | PipelineByName | Description |
|---|---|---|---|---|---|---|---|
| PlatformId | String |
01
|
X | Operating System platform identifier | |||
| Enforce | Boolean | X | Policy enforcement status | ||||
| RuleGroupId | String[] | X | Rule group identifier | ||||
| DefaultInbound | String |
ALLOWDENY
|
X | Default action for inbound traffic | |||
| DefaultOutbound | String |
ALLOWDENY
|
X | Default action for outbound traffic | |||
| MonitorMode | Boolean | X | Override all block rules and enable monitoring | ||||
| LocalLogging | Boolean | X | Enable local logging of firewall events | ||||
| Id | String | X | Policy identifier |
Edit-FalconFirewallSetting [[-PlatformId] <String>] [[-Enforce] <Boolean>] [[-RuleGroupId] <String[]>] [[-DefaultInbound] <String>] [[-DefaultOutbound] <String>] [[-MonitorMode] <Boolean>] [[-LocalLogging] <Boolean>] [-Id] <String> [-WhatIf] [-Confirm] [<CommonParameters>]Edit-FalconFirewallSetting -PolicyId <id> -Enforce $true -DefaultInbound DENY -DefaultOutbound ALLOW2022-10-20: PSFalcon v2.2.3

- Using PSFalcon
-
Commands by Permission
- Actors (Falcon Intelligence)
- Alerts
- API integrations
- App Logs
- Assets
- CAO Hunting
- Case Templates
- Cases
- Channel File Control Settings
- Cloud Security API Assets
- Configuration Assessment
- Content Update Policies
- Correlation Rules
- CSPM registration
- Custom IOA rules
- Device Content
- Device control policies
- Event streams
- Falcon Complete Dashboards
- Falcon Container Image
- Falcon Data Replicator
- Falcon FileVantage
- Falcon FileVantage Content
- Firewall management
- Flight Control
- Host groups
- Host Migration
- Hosts
- Identity Protection Entities
- Identity Protection GraphQL
- Identity Protection Policy Rules
- Incidents
- Indicators (Falcon Intelligence)
- Installation tokens
- Installation token settings
- IOA Exclusions
- IOC Manager APIs
- IOCs
- IT Automation - Policies
- IT Automation - Task Executions
- IT Automation - Tasks
- IT Automation - User Groups
- Kubernetes Protection
- Machine Learning exclusions
- MalQuery
- Malware Families (Falcon Intelligence)
- Message Center
- Mobile Enrollment
- Monitoring rules (Falcon Intelligence Recon)
- NGSIEM
- NGSIEM Dashboards
- NGSIEM Lookup Files
- NGSIEM Parsers
- NGSIEM Saved Queries
- On demand scans (ODS)
- OverWatch Dashboard
- Prevention Policies
- Quarantined Files
- QuickScan Pro
- Real time response
- Real time response (admin)
- Reports (Falcon Intelligence)
- Response policies
- Rules (Falcon Intelligence)
- Sample uploads
- Sandbox (Falcon Intelligence)
- Scheduled Reports
- Sensor Download
- Sensor update policies
- Sensor Usage
- Sensor Visibility Exclusions
- Snapshot
- Snapshot Scanner Image Download
- Tailored Intelligence
- Threatgraph
- User management
- Vulnerabilities
- Vulnerabilities (Falcon Intelligence)
- Workflow
- Zero Trust Assessment
- Other Commands
- Examples
-
CrowdStrike SDKs
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust