From 2c2ee45e84ffac1dcf337eede0866b85d23b6607 Mon Sep 17 00:00:00 2001 From: bk-cs <54042976+bk-cs@users.noreply.github.com> Date: Wed, 8 Apr 2020 07:56:17 -0700 Subject: [PATCH 1/8] Update Get-CsInstallerInfo.psm1 --- sensor-download/Get-CsInstallerInfo.psm1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sensor-download/Get-CsInstallerInfo.psm1 b/sensor-download/Get-CsInstallerInfo.psm1 index 07c3eff..46c6381 100644 --- a/sensor-download/Get-CsInstallerInfo.psm1 +++ b/sensor-download/Get-CsInstallerInfo.psm1 @@ -7,13 +7,13 @@ function Get-CsInstallerInfo { The hashes of specific Falcon Sensor Installers to return .PARAMETER FILTER - The filter expression that should be used to limit the results (when hashes are not provided) + The filter expression that should be used to limit the results .PARAMETER LIMIT - The maximum records to return [Default: 500] (when hashes are not provided) + The maximum records to return [Default: 500] .PARAMETER OFFSET - The offset to start retrieving records from [Default: 0] (when hashes are not provided) + The offset to start retrieving records from [Default: 0] #> [CmdletBinding(DefaultParameterSetName = 'combined')] [OutputType([psobject])] From 27645a528741f9eb7f9b217d599bb5b261527722 Mon Sep 17 00:00:00 2001 From: bk-cs <54042976+bk-cs@users.noreply.github.com> Date: Wed, 8 Apr 2020 08:22:22 -0700 Subject: [PATCH 2/8] Create CODE_OF_CONDUCT.md --- CODE_OF_CONDUCT.md | 76 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..6a76fea --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,76 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team. All complaints will be reviewed and +investigated and will result in a response that is deemed necessary and +appropriate to the circumstances. The project team is obligated to maintain +confidentiality with regard to the reporter of an incident. Further details +of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see +https://www.contributor-covenant.org/faq From dff6de2105d8bc43339bb5c50b6b50e3775be391 Mon Sep 17 00:00:00 2001 From: bk-cs <54042976+bk-cs@users.noreply.github.com> Date: Wed, 8 Apr 2020 08:57:16 -0700 Subject: [PATCH 3/8] Delete Add-FXSandboxFile.psm1 Renamed to 'New-FXSample' for consistency --- falconx-sandbox/Add-FXSandboxFile.psm1 | 44 -------------------------- 1 file changed, 44 deletions(-) delete mode 100644 falconx-sandbox/Add-FXSandboxFile.psm1 diff --git a/falconx-sandbox/Add-FXSandboxFile.psm1 b/falconx-sandbox/Add-FXSandboxFile.psm1 deleted file mode 100644 index 4096c95..0000000 --- a/falconx-sandbox/Add-FXSandboxFile.psm1 +++ /dev/null @@ -1,44 +0,0 @@ -function Add-FXSandboxFile { -<# - .SYNOPSIS - Upload a file for sandbox analysis - - .PARAMETER PATH - The full path to the file to upload - - .PARAMETER COMMENT - A descriptive comment to identify the file for other users - - .PARAMETER CONFIDENTIAL - Defines visibility of this file in Falcon MalQuery [Default: True] -#> - [CmdletBinding()] - [OutputType([psobject])] - param( - [Parameter(Mandatory=$true)] - [string] - $Path, - - [string] - $Comment, - - [boolean] - $Confidential = $true - ) - process{ - $Param = @{ - Uri = '/samples/entities/samples/v2?file_name=' + (Split-Path $Path -Leaf) + - '&is_confidential=' + $Confidential - Method = 'post' - Header = @{ - accept = 'application/json' - 'content-type' = 'application/octet-stream' - } - } - switch ($PSBoundParameters.Keys) { - 'Comment' { $Param.Uri += '&comment=' + $Comment } - 'Verbose' { $Param['Verbose'] = $true } - } - Invoke-FalconAPI @Param - } -} \ No newline at end of file From c86bd09342a9296a1f6bf2df78744e99943f4439 Mon Sep 17 00:00:00 2001 From: bk-cs <54042976+bk-cs@users.noreply.github.com> Date: Wed, 8 Apr 2020 08:57:25 -0700 Subject: [PATCH 4/8] Create New-FXSample.psm1 Renamed from 'Add-FXSandboxFile' --- falconx-sandbox/New-FXSample.psm1 | 44 +++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 falconx-sandbox/New-FXSample.psm1 diff --git a/falconx-sandbox/New-FXSample.psm1 b/falconx-sandbox/New-FXSample.psm1 new file mode 100644 index 0000000..d22775a --- /dev/null +++ b/falconx-sandbox/New-FXSample.psm1 @@ -0,0 +1,44 @@ +function New-FXSample { +<# + .SYNOPSIS + Upload a file for sandbox analysis + + .PARAMETER PATH + The full path to the file to upload + + .PARAMETER COMMENT + A descriptive comment to identify the file for other users + + .PARAMETER CONFIDENTIAL + Defines visibility of this file in Falcon MalQuery [Default: True] +#> + [CmdletBinding()] + [OutputType([psobject])] + param( + [Parameter(Mandatory=$true)] + [string] + $Path, + + [string] + $Comment, + + [boolean] + $Confidential = $true + ) + process{ + $Param = @{ + Uri = '/samples/entities/samples/v2?file_name=' + (Split-Path $Path -Leaf) + + '&is_confidential=' + $Confidential + Method = 'post' + Header = @{ + accept = 'application/json' + 'content-type' = 'application/octet-stream' + } + } + switch ($PSBoundParameters.Keys) { + 'Comment' { $Param.Uri += '&comment=' + $Comment } + 'Verbose' { $Param['Verbose'] = $true } + } + Invoke-FalconAPI @Param + } +} \ No newline at end of file From 734d10b56c97ead2cbdd5d1b33f00e7fae19f014 Mon Sep 17 00:00:00 2001 From: bk-cs <54042976+bk-cs@users.noreply.github.com> Date: Wed, 8 Apr 2020 08:57:39 -0700 Subject: [PATCH 5/8] Update README.md Renamed 'Add-FXSandboxFile' to 'New-FXSample' for consistency --- falconx-sandbox/README.md | 42 +++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/falconx-sandbox/README.md b/falconx-sandbox/README.md index 84746c6..49b1125 100644 --- a/falconx-sandbox/README.md +++ b/falconx-sandbox/README.md @@ -1,22 +1,3 @@ -# Add-FXSandboxFile - IN_DEVELOPMENT -Upload a file for sandbox analysis - -## API References -**[Documentation](https://falcon.crowdstrike.com/support/documentation/92/falcon-x-apis#submit-a-file-for-analysis)**, **[Swagger](https://assets.falcon.crowdstrike.com/support/api/swagger.html#/falconx-sandbox/UploadSampleV2)** - -## Parameters - -`-Path`: The full path to the file to upload - -`-Comment`: A descriptive comment to identify the file for other users - -`-Confidential`: Defines visibility of this file in Falcon MalQuery [Default: True] - -## Example -```powershell -PS> Add-FXSandboxFile -Path -``` - # Get-FXReportId Find sandbox reports @@ -96,6 +77,25 @@ Get your current Falcon X quota status PS> Get-FXQuota ``` +# New-FXSample - IN_DEVELOPMENT +Upload a file for sandbox analysis + +## API References +**[Documentation](https://falcon.crowdstrike.com/support/documentation/92/falcon-x-apis#submit-a-file-for-analysis)**, **[Swagger](https://assets.falcon.crowdstrike.com/support/api/swagger.html#/falconx-sandbox/UploadSampleV2)** + +## Parameters + +`-Path`: The full path to the file to upload + +`-Comment`: A descriptive comment to identify the file for other users + +`-Confidential`: Defines visibility of this file in Falcon MalQuery [Default: True] + +## Example +```powershell +PS> New-FXSample -Path +``` + # Receive-FXArtifact Download IOC packs, PCAP files, and other analysis artifacts @@ -115,7 +115,7 @@ Download IOC packs, PCAP files, and other analysis artifacts PS> Receive-FXArtifact -Id -Output ``` -# Submit-FXSandboxFile +# Submit-FXSample Submit an uploaded file or a URL for sandbox analysis. Time required for analysis varies but is usually less than 15 minutes @@ -128,5 +128,5 @@ usually less than 15 minutes ## Example ```powershell -PS> Submit-FXSandboxFile -Sandbox @(@{}) +PS> Submit-FXSample -Sandbox @(@{}) ``` \ No newline at end of file From e33dd28dc9ab02475f81c390451429d86af7c621 Mon Sep 17 00:00:00 2001 From: bk-cs <54042976+bk-cs@users.noreply.github.com> Date: Wed, 8 Apr 2020 08:58:00 -0700 Subject: [PATCH 6/8] Create Submit-FXSample.psm1 Renamed 'Submit-FXSandboxFile' to 'Submit-FXSample' for consistency --- falconx-sandbox/Submit-FXSample.psm1 | 29 ++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 falconx-sandbox/Submit-FXSample.psm1 diff --git a/falconx-sandbox/Submit-FXSample.psm1 b/falconx-sandbox/Submit-FXSample.psm1 new file mode 100644 index 0000000..65cfbea --- /dev/null +++ b/falconx-sandbox/Submit-FXSample.psm1 @@ -0,0 +1,29 @@ +function Submit-FXSample { + <# + .SYNOPSIS + Submit an uploaded file or a URL for sandbox analysis. Time required for analysis + varies but is usually less than 15 minutes + + .PARAMETER SANDBOX + An array of Sandbox submission properties + #> + [CmdletBinding()] + [OutputType([psobject])] + param( + [Parameter(Mandatory=$true)] + [array] + $Sandbox + ) + process{ + $Param = @{ + Uri = '/falconx/entities/submissions/v1' + Method = 'post' + Header = @{ accept = 'application/json' } + Body = @{ sandbox = $Sandbox } | ConvertTo-Json -Depth 8 + } + switch ($PSBoundParameters.Keys) { + 'Verbose' { $Param['Verbose'] = $true } + } + Invoke-FalconAPI @Param + } +} \ No newline at end of file From 32674ce9538e068bedd20fd1fec3ff036afbef4b Mon Sep 17 00:00:00 2001 From: bk-cs <54042976+bk-cs@users.noreply.github.com> Date: Wed, 8 Apr 2020 08:58:09 -0700 Subject: [PATCH 7/8] Delete Submit-FXSandboxFile.psm1 Renamed to 'Submit-FXSample' for consistency --- falconx-sandbox/Submit-FXSandboxFile.psm1 | 29 ----------------------- 1 file changed, 29 deletions(-) delete mode 100644 falconx-sandbox/Submit-FXSandboxFile.psm1 diff --git a/falconx-sandbox/Submit-FXSandboxFile.psm1 b/falconx-sandbox/Submit-FXSandboxFile.psm1 deleted file mode 100644 index 15b0d7d..0000000 --- a/falconx-sandbox/Submit-FXSandboxFile.psm1 +++ /dev/null @@ -1,29 +0,0 @@ -function Submit-FXSandboxFile { - <# - .SYNOPSIS - Submit an uploaded file or a URL for sandbox analysis. Time required for analysis - varies but is usually less than 15 minutes - - .PARAMETER SANDBOX - An array of Sandbox submission properties - #> - [CmdletBinding()] - [OutputType([psobject])] - param( - [Parameter(Mandatory=$true)] - [array] - $Sandbox - ) - process{ - $Param = @{ - Uri = '/falconx/entities/submissions/v1' - Method = 'post' - Header = @{ accept = 'application/json' } - Body = @{ sandbox = $Sandbox } | ConvertTo-Json -Depth 8 - } - switch ($PSBoundParameters.Keys) { - 'Verbose' { $Param['Verbose'] = $true } - } - Invoke-FalconAPI @Param - } -} \ No newline at end of file From 2f847c928faf49d084b5a51c57be7d4572b5a33a Mon Sep 17 00:00:00 2001 From: bk-cs <54042976+bk-cs@users.noreply.github.com> Date: Wed, 8 Apr 2020 08:58:42 -0700 Subject: [PATCH 8/8] Update PSFalcon.psd1 Updated to compensate for renames: 'Add-FXSandboxFile' to 'New-FXSample' 'Submit-FXSandboxFile' to 'Submit-FXSample' --- PSFalcon.psd1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/PSFalcon.psd1 b/PSFalcon.psd1 index 70a4fec..b20bb46 100644 --- a/PSFalcon.psd1 +++ b/PSFalcon.psd1 @@ -97,14 +97,14 @@ NestedModules = @( '.\device-control-policies\Set-FDCPrecedence.psm1', # falconx-sandbox - '.\falconx-sandbox\Add-FXSandboxFile.psm1', '.\falconx-sandbox\Get-FXReportId.psm1', '.\falconx-sandbox\Get-FXReportInfo.psm1', '.\falconx-sandbox\Get-FXSubmissionId.psm1', '.\falconx-sandbox\Get-FXSubmissionInfo.psm1', '.\falconx-sandbox\Get-FXQuota.psm1', + '.\falconx-sandbox\New-FXSample.psm1', '.\falconx-sandbox\Receive-FXArtifact.psm1', - '.\falconx-sandbox\Submit-FXSandboxFile.psm1', + '.\falconx-sandbox\Submit-FXSample.psm1', # host-group '.\host-group\Add-CsGroupMember.psm1', @@ -253,14 +253,14 @@ FunctionsToExport = @( 'Set-FDCPrecedence', # falconx-sandbox - 'Add-FXSandboxFile', 'Get-FXReportId', 'Get-FXReportInfo', 'Get-FXSubmissionId', 'Get-FXSubmissionInfo', 'Get-FXQuota', + 'New-FXSample', 'Receive-FXArtifact', - 'Submit-FXSandboxFile', + 'Submit-FXSample', # host-group 'Add-CsGroupMember',