search

CrowdStrike / Falcon-Toolkit

Unleash the power of the Falcon Platform at the CLI
MIT License
112 stars 13 forks source link

Host Containment and Uncontainment #124

Closed ChristopherHammond13 closed 6 months ago

ChristopherHammond13 commented 6 months ago

Resolves #103

ChristopherHammond13 commented 6 months ago

This works, but I'm not super happy right now with the CLI syntax.

Valid syntax:

$ falcon containment -f Hostname=a,b,c contain

Invalid syntax:

$ falcon containment contain -f Hostname=a,b,c

The latter will try to contain all systems in the CID. We have a check for this to get confirmation, but it's still too easy to do something bad with a simple syntax difference. Once I figure out a graceful way to handle this, I'll get the PR merged in.