Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invoke-FalconResponderCommand #49

Closed
jtryon opened this issue May 14, 2021 · 1 comment
Closed

Invoke-FalconResponderCommand #49

jtryon opened this issue May 14, 2021 · 1 comment
Assignees
@bk-cs
Labels
question Further information is requested

Comments

@jtryon
Copy link

jtryon commented May 14, 2021

Similar to #33

Command:
Invoke-FalconResponderCommand -SessionId sessionid -Command 'runscript' -Arguments '-Raw=```commands go here```'

Results in:

Format-Result : 40014: Unrecognized flag found: Raw, value: commands go here
At C:\Users\me\Documents\WindowsPowerShell\Modules\PSFalcon\2.0.7\Private\Private.ps1:972 char:17
+                 Format-Result -Response $Response -Endpoint $Endpoint
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (StatusCode: 400...ication/json
}:HttpResponseMessage) [Format-Result], Exception

I'm trying to continue an existing session started with Invoke-RTR (which does work using -Raw as of 2.0.7) and would prefer running commands in that session instead of spinning one up for each command.
@bk-cs bk-cs self-assigned this May 17, 2021
@bk-cs bk-cs added the question Further information is requested label May 17, 2021
@bk-cs
Copy link
Collaborator

bk-cs commented May 17, 2021

Active Responder permissions are not able to be used to submit Raw runscript commands via the Real-time Response API. You'll have to use Invoke-FalconAdminCommand.

@bk-cs bk-cs closed this as completed May 17, 2021
@CrowdStrike CrowdStrike locked and limited conversation to collaborators Sep 24, 2021

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees

@bk-cs bk-cs

Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jtryon @bk-cs