PowerFGT
psfalcon
Our great sponsors
PowerFGT | psfalcon | |
---|---|---|
3 | 169 | |
99 | 317 | |
- | 2.2% | |
9.1 | 9.2 | |
10 days ago | 1 day ago | |
PowerShell | PowerShell | |
Apache License 2.0 | The Unlicense |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PowerFGT
- FortiGate - Checking for external access and security vulnerabilities
-
check-ha-synchronization-status with ansible / rest API
Are you running Analyzer (or Manager+Analyzer) too? why not pull from there? if not you can always script from PS https://github.com/FortiPower/PowerFGT if you are ok with Powershell. PowerFGT utilizes the REST API. might want to look at what they did and see how they are using the REST API. though the PowerFGT and PowerMGT Projects are getting pretty big now. your best bet is just use syslog or snmp traps unless your running some wonky HA setup (not directly connected L3 HA).
- FortiOS Rest API Documentation
psfalcon
-
Migrate child cid to parent cid
Rather than using flight control, you could consider doing a import/export of your configuration, then mass uninstall and reinstall each individual existing CID into your new single CID. The parent would really only help with policy inheritence/detection rollup/rbac which you would no longer need after converting to a single instance.
-
Get Falcon Scanning Results Via API
Try using PSFalcon and Get-FalconDetection to see what's in a detection record.
- Filter issue with Get-FalconAsset
- Identity API for PSfalcon or FalconPY
-
Change sensor grouping tags via API
Add-FalconSensorTag Get-FalconSensorTag Remove-FalconSensorTag
- API for removing VDIs older than 24 hours
-
Create IOA Falconpy
There's an example of required fields under the New-FalconIoaRule wiki page, along with the values for disposition_id.
-
APIs for Operational stuffs
https://github.com/CrowdStrike/falconpy/tree/main/samples https://github.com/CrowdStrike/psfalcon/tree/master/samples
-
Status of API batch RTR commands when queued offline
Check out Get-FalconQueue. It goes through a few steps:
-
Invoke-FalconDeploy Behavior Change
Could you open an issue and include a PowerShell transcript with $VerbosePreference = 'Continue'?
What are some alternatives?
Rapid7Nexpose - The most feature complete PowerShell module available for the Rapid7 Nexpose/InsightVM APIv3
falconpy - The CrowdStrike Falcon SDK for Python
Posh-ACME - PowerShell module and ACME client to create certificates from Let's Encrypt (or other ACME CA)
swagger-ui - Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.
graylog-fortigate-cef - A Graylog content pack containing a stream and dashboards for Fortinet Fortigate CEF logs
rtr - Real-time Response scripts and schema
z - Save time typing out directory paths in PowerShell by jumping around instead.
BulkStrike - BulkStrike enables the usage of CrowdStrike Real Time Response (RTR) to bulk execute commands on multiple machines.
AdminToolbox - Repository for the AdminToolbox PowerShell Modules
PSKoans - A simple, fun, and interactive way to learn the PowerShell language through Pester unit testing.
fortinet-azure-solutions - A set of Azure Templates for getting you started in Azure with Fortinet solutions. This repository is a place for beta releases and work on the latest templates to be published on github.com/fortinet or custom templates.
SnipeitPS - Powershell API Wrapper for Snipe-it