[ BUG ] `Id` does not match pattern when using `Get-FalconAsset`

[brushenas]

Please see the case earlier open #390

Here you go again, the problem is coming back. Here is a screenshot of the 'Get-FalconAsset' command one without '-Detailed' parameter and the other one with this parameter.

PS C:> $filter hostname:'AL210682'

PS C:> Get-FalconAsset -Filter $filter a3b5c66368d547e69420c4a71e7d16dc_ATAjBFm4P6dFz7G1S1z73p_oB7-jvtTfevEVORgIOoVsPg PS C>

PS C> Get-FalconAsset -Filter $filter -Detailed

Invoke-Falcon: C:\Users\XXXXXXXXX\Documents\PowerShell\Modules\PSFalcon\2.2.6\public\discover.ps1:132:7 Line | 132 | Invoke-Falcon @param -UserInput $PSBoundParameters | ~~~~~~~~~~ | Cannot validate argument on parameter 'Id'. The argument | "a3b5c66368d547e69420c4a71e7d16dc_ATAjBFm4P6dFz7G1S1z73p_oB7-jvtTfevEVORgIOoVsPg" does not match the "^[a-fA-F0-9]{32}\w+$" | pattern. Supply an argument that matches "^[a-fA-F0-9]{32}\w+$" and try the command again.

PS C:>

[bk-cs]

I've modified Get-FalconAsset to stop checking incoming Id values against the existing pattern, which will fix the problem in the next release. If you'd like to resolve it for your local module before release, you can replace public\discover.ps1 using the steps outlined below.

Import-Module -Name PSFalcon
$ModulePath = (Show-FalconModule).ModulePath
(Invoke-WebRequest -Uri https://raw.githubusercontent.com/CrowdStrike/psfalcon/8eaeaf6325486519bdca77dc0728bc58edfb8270/public/discover.ps1 -UseBasicParsing).Content > (Join-Path (Join-Path $ModulePath public) discover.ps1)

Please try updating your local copy, reload PowerShell, re-import PSFalcon and let me know if this solves your issue.

[brushenas]

Hello bk_cs

This is working now. Thank you very much for fixing the issue.

Regards Behruz

[Minty123]

I stumbled over the same issue. Glad to see there's already an issue for it! :-) From what I can see, the only difference is the unexpected hyphen, which is fixed by using: [ValidatePattern('^[a-fA-F0-9]{32}_[\w-]+$')]

My errors disappeared with this as well without disabling the validation altogether. Might be worth to test?

[bk-cs]

I stumbled over the same issue. Glad to see there's already an issue for it! :-) From what I can see, the only difference is the unexpected hyphen, which is fixed by using: [ValidatePattern('^[a-fA-F0-9]{32}_[\w-]+$')]

My errors disappeared with this as well without disabling the validation altogether. Might be worth to test?

Good tip, thanks! I didn't catch the hyphen in my initial testing.

My concern is that id values will change again if there are additional (as yet unknown) asset types that are ingested by Falcon Exposure Management in the future. There's little value in having the ValidatePattern attribute set if there's a risk of that happening since the API will error if the id is incorrect. Since I don't have control over what the id values look like, it's safer me to remove the pattern entirely if there's a chance it will change.

[bk-cs]

This fix is included in the 2.2.7 release.