-
Notifications
You must be signed in to change notification settings - Fork 2
/
psfalcon_run_rtr_script.ps1
17 lines (16 loc) · 1.09 KB
/
psfalcon_run_rtr_script.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# When the script is run, you will be prompted for ClientId and ClientSecret for your CrowdStrike PSFalcon API
Import-Module -Name PSFalcon
#Create a CSV file with column title of Hostname and one Hostname per line, edit 'c:\Temp...' path below to match your CSV file name and location
$hostnames= (import-csv c:\Temp\hostnames.csv).Hostname
$formatted_hostnames = $hostnames | ForEach-Object {"hostname:'$_'"}
$falcon_hosts = $formatted_hostnames | ForEach-Object {get-falconhost -Filter $_}
#Prompts you for the name of the RTR Script to execute
$rtrscriptname = read-host "Enter RTR Script Name"
$commandarguments = "-CloudFile=$rtrscriptname"
#Creates a very basic output file with a true/false completion status, session identifiers, etc; named for the RTR Script you ran, with Date/Time
$ExportName = "$pwd\rtr_$($rtrscriptname -replace ' ','_')_$(Get-Date -Format FileDateTime).csv"
Invoke-FalconRTR -command runscript -arguments $commandarguments -hostids $falcon_hosts | Export-Csv -Path $ExportName
if (Test-Path $ExportName) {
# Display CSV file
Get-ChildItem $ExportName
}