Create sample get-all-exclusions-multi-output.ps1

[David-M-Berry]

PSFalcon Script: get-all-exclusions-multi-output.ps1

• [x] Enhancement
• [x] Documentation

Added a sample powershell script to gather all exclusions configured (SVEs, ML Exclusions and IOA exclusions).

This will also allow a user to choose a format such as 'CSV', 'JSON' or 'Text' via the -Output parameter.

Additional parameters that can be used are -ClientId, -ClientSecret, -Hostname (API Hostname) and -Cloud (US-1, US-2, etc). US-1 is the default if no other is chosen.

Added features and functionality

This is a new sample PSFalcon script

Other

Example script execution.

.\get-all-exclusions-multi-output.ps1 -OutputFormat 'CSV'
.\get-all-exclusions-multi-output.ps1 -OutputFormat 'Text'
.\get-all-exclusions-multi-output.ps1 -OutputFormat 'JSON'

Once the script execution is complete you will have one file for each exclusion type.

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a----         6/25/2024   7:16 PM          70738 IoaExclusions.json
-a----         6/25/2024   7:16 PM          83156 MlExclusions.json
-a----         6/25/2024   7:16 PM          11906 SvExclusions.json

You can also pass the API client parameters on the command line.

PS C:\Users\dberry\Documents> .\get-all-exclusions-multi-output.ps1 -ClientId '1234567890abcdef1234567890abcdef' -ClientSecret 'abcdefghijklmnopqrstuvwxyz1234567890abcdefg' -OutputFormat 'Text'

cmdlet get-ioa-exclusions.ps1 at command pipeline position 1
Supply values for the following parameters:
OutputFormat: Text
Requesting Falcon token...
Retrieving ML exclusions...

Additional parameters that can be used are -Hostname (API Hostname) and -Cloud (US-1, US-2, etc).

US-1 is the default if no other is chosen.

[bk-cs]

Thanks for the sample! Can you redo it on the dev branch? I don't commit directly to master until a new release is published.

[David-M-Berry]

This was for the 'dev' branch?

[bk-cs]

Sorry, I obviously missed that. 🤣