Tasked with migrating hundreds (thousands?) of Windows Firewall rules across many Windows Group Policies and having found no existing tools or scripts, I ended up creating my own. This toolkit includes scripts to convert, add, manage, and analyse firewall rules.
- WindowsFirewall_xml2csv.py
- A Python script to convert Windows Firewall Group Policy export XML file to CSV format for data manipulation and analysis.
-
API_Add-Rules.ps1
- A PowerShell script to add firewall rules using the CrowdStrike API from CSV files.
-
API_WatchMode.ps1
- A PowerShell script to quickly bulk enable/disable Watch Mode on firewall rules.
-
summariseLogs.py
- A Python script to summarise exported CrowdStrike 'Firewall activity' CSV files into Inbound and Outbound firewall rule usage.
-
compareLogs.py
- A Python script to compare summarised rules that may require rules to be added, deleted, or IP addresses added to existing rules from summariseLogs.py