Need to pull RTR File

[WilliamTIII]

I was able to use Send-FalconPutFile to upload a file. I want to send a command to a batch of hosts to retrieve that file. I tried to use the format from the V1 set of commands, this previously worked

Send-RtrCommand -Id $Batch.batch_id -Command put -String file.msi

When I use the V2 commands, I wrote it like this. Invoke-FalconAdminCommand -Command put -Arguments file.msi -BatchId $connect.batch_id The error returned is "check your filename. could not find file.msi". I also tried with -Command get. I don't think the -Command part is the problem, I think I need to know how to reference the file. $pwd\ doesn't work

[bk-cs]

It looks like you're referencing the file correctly.

1. Is it possible that the upload of the put file didn't work?
2. Can you confirm that the file is there?

I've seen the API do weird things when working with "Custom Scripts and Files" and effectively not be able to "find" files for scripts, so if you can see it, try deleting it, re-uploading and running again and then let me know if that does not work.

[WilliamTIII]

It looks like the file is case sensitive and I live in Windows-land.

On Fri, Feb 19, 2021 at 6:04 PM bk-cs notifications@github.com wrote:

It looks like you're referencing the file correctly. Is it possible that the upload of the put file didn't work? Can you confirm that the file is there? I've seen the API do weird things when working with "Custom Scripts and Files" and effectively not be able to "find" files for scripts, so if you can see it, try deleting it, re-uploading and running again and then let me know if that does not work.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/CrowdStrike/psfalcon/issues/27#issuecomment-782466379, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJ2BB6UYCY6NQ2U3CSIYM63S734CRANCNFSM4X45RJ4A .

[bk-cs]

Ah, yes, when using many of the APIs you'll find that names (and associated filters) may be case sensitive. If you have an error or unexpected result, it's good practice to try again in lower case to see if that's the cause. Thanks for the follow-up!