2.1.6

[bk-cs]

New Commands

cspm-registration.ps1
'Get-FalconHorizonIoa'
'Get-FalconHorizonIom'

discover.ps1
'Get-FalconAsset'

psf-policies.ps1
'Copy-FalconDeviceControlPolicy'
'Copy-FalconFirewallPolicy'
'Copy-FalconPreventionPolicy'
'Copy-FalconResponsePolicy'
'Copy-FalconSensorUpdatePolicy'

scheduled-report.ps1
'Invoke-FalconScheduledReport'
'Redo-FalconScheduledReport'

Command Changes

Added 'put-and-run' to 'Invoke-FalconAdminCommand' and 'Invoke-FalconRtr'.

Changed 'Get-FalconMalQuery' parameter from '-Ids' to '-Id' to signify that the endpoint only accepts one
request at a time.

Removed '-Detailed' from 'Invoke-FalconMalQuery' because it was not supposed to be there.

Added '-Description' to 'New-FalconDeviceControlPolicy'. Whoops.

Added '-Include' to 'Get-FalconFirewallPolicy' to include firewall settings with a policy result.

Added '-LocalLogging' to 'Edit-FalconFirewallSetting' to support new Firewall Management policy setting.

Added pipeline support for parameters in 'Edit-FalconFirewallSetting'. 'Copy-FalconFirewallPolicy' uses
the pipeline to supply settings during the duplication of an existing policy.

General Changes

Updated 'Invoke-Loop' to account for new pagination token style used in 'Get-FalconHorizonIoa' and
'Get-FalconHorizonIom'.

Re-wrote 'Write-Result' to reduce total code and improve for handling of errors from the 'identity-protection'
API. As a result, errors produced by 'Write-Result' are now shown as compressed Json objects rather than a
string (which only expected 'code' and 'message'--typical with most Falcon APIs).

Fixed an issue with 'Write-Result' that prevented the output of 'meta' properties in the verbose stream. An
earlier version of PSFalcon mistakenly hid this output.

Re-wrote portions of 'Request-FalconToken' to eliminate 'call depth overflow' errors generated due to how the
'308: Permanent Redirection' response is handled in PowerShell 5.1. Redirection should now function properly.

GitHub Issues

Issue #134: Modified RegEx pattern for 'Add-FalconGroupingTag' and 'Remove-FalconGroupingTag' to allow all
characters in the initial tag value, then updated the command to use the 'Test-RegexValue' to validate
that each value is a valid tag.

Issue #135: Added check to validate both 'status' and 'comment' value are present when submitting 'comment'
with 'Edit-FalconDetection'. Also forced the input of lower case status values, as improperly-cased 'status'
values will cause a '400: Failed to validate resource' error.

Issue #136: Corrected 'Invoke-FalconMalQuery' to submit 'options' as a hashtable rather than an array, which
was causing all requests to fail (including those made with 'Search-FalconMalQueryHash').

Issue #138: Updated 'Test-FqlStatement' to account for multiple 'exact match' values, and used operator groups
to more efficiently check , and independently within an FQL 'filter' string.

Issue #140: Updated the base [System.Net.Http.HttpClientHandler] to automatically decompress gzip files when
presented with them from an API.

Issue #143: Updated 'Get-FalconScheduledReport -Execution' to work properly with the '-Detailed' parameter.

Issue #144: Updated 'Test-FqlStatement' to allow colon characters in the value portion of an FQL statement.

Issue #146: Updated 'Invoke-FalconRtr' to access the 'Initialize-Output' function when using both 'HostIds'
and 'GroupId', instead of just 'HostIds'.