bk-cs
commented
2 months ago Thank you for the suggestion! Can you redo your pull under the dev branch?
It would also be more effective to use $Hostname in a filtered Get-FalconHost search instead of pulling all host info and then filtering to your specific device. Here's how that would look:
#Requires -Version 5.1
using module @{ModuleName='PSFalcon';ModuleVersion ='2.2'}
<#
.SYNOPSIS
Output host information, but replace identifiers with their relevant 'name' value
.PARAMETER Hostname
Export a specific device by hostname
.NOTES
Fields in the output can be defined by updating the '$Field' variable. Output is returned to the console, but
can be piped to a file.
#>
param(
[string]$Hostname
)
# Fields to include with the export to CSV (host group and policy data is automatically added)
[string[]]$Field = 'device_id','hostname','last_seen','first_seen','local_ip','external_ip','agent_version'
$Field += 'device_policies','groups'
# Retrieve all host information and filter to selected fields
$HostInfo = if ($Hostname) {
Get-FalconHost -Filter "hostname:'$Hostname'" -Detailed | Select-Object $Field
} else {
Get-FalconHost -Detailed -All | Select-Object $Field
}
Added the Hostname param.
The script still runs normally, but if you add the -Hostname "SPECIFICHOSTNAME" you can just get the output for a single host.
Update output-selected-host-info-and-replace-ids-with-names.ps1 to allow specific hostnames
Added features and functionality
Explanation of Changes
This allows the script to accept a hostname as an optional parameter.
This filters the retrieved host information to include only the specified hostname if provided.
Usage
To run the script without filtering by hostname:
To run the script and filter by a specific hostname:
This update ensures that the script can be used to retrieve information for all hosts or for a specific host, based on user input.