Skip to content

Commit

Permalink
Update psf-config.ps1
Browse files Browse the repository at this point in the history 
Issue #380

Updated `Compare-ImportData` function to analyze items by each individual `platform` (or `platform_name`) to resolve bug where `FirewallGroup` items were being ignored

Added additional verbose messaging to indicate how items are being compared during import
  • Loading branch information
@bk-cs
bk-cs committed Jan 23, 2024
1 parent 93b8b42 commit 4ba4a56
Showing 1 changed file with 94 additions and 14 deletions.
108 changes: 94 additions & 14 deletions public/psf-config.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,24 +252,101 @@ https://github.com/crowdstrike/psfalcon/wiki/Import-FalconConfig
}
function Compare-ImportData ([string]$Item) {
if ($Config.$Item.Cid) {
# Define properties for comparison between imported and existing items
[string[]]$Compare = @('name','platform','platform_name','type','value').Where({
($Config.$Item.Cid | Get-Member -MemberType NoteProperty).Name -contains $_
})
# Capture non-existing items for future modification
$FilterScript = [scriptblock]::Create((@($Compare).foreach{
"`$Config.$($Item).Cid.$($_) -notcontains `$_.$($_)" }) -join ' -and ')
@($Config.$Item.Import | Where-Object -FilterScript $FilterScript).foreach{ $_ }
if ($ModifyExisting -contains $Item) {
# Capture (non-policy) items to modify
$FilterScript = [scriptblock]::Create((@($Compare).foreach{
"`$Config.$($Item).Cid.$($_) -eq `$_.$($_)" }) -join ' -and ')
$Platform = @{}
@('platform','platform_name').foreach{
if ($Config.$Item.Cid.$_) {
@($Config.$Item.Cid.$_ | Select-Object -Unique).foreach{ $Platform[$_] = @{} }
}
}
if ($Platform.Count -gt 0) {
foreach ($Key in $Platform.Keys) {
# Define properties for comparison between imported and existing items (by platform)
@('Cid','Import').foreach{
$Platform.$Key[$_] = @($Config.$Item.$_).Where({
$_.platform -eq $Key -or $_.platform_name -eq $Key
})
}
[string[]]$Available = ($Platform.$Key.Cid | Get-Member -MemberType NoteProperty |
Select-Object -Unique).Name
[string[]]$Compare = @('name','type','value').Where({ $Available -contains $_ })
Write-Log 'Import-FalconConfig' "Evaluating $Key $Item using '$($Compare -join ',')'"
$FilterScript = [scriptblock]::Create(
(@($Compare).foreach{ "`$Platform.`$Key.Cid -notcontains `$_.$_" }) -join ' -and '
)
@($Platform.$Key.Import | Where-Object -FilterScript $FilterScript).foreach{
# Capture items for import (by platform)
Write-Log 'Import-FalconConfig' "Selecting '$(
if ($_.value) {
if ($_.type) { $_.type,$_.value -join ':' } else { $_.value }
} elseif ($_.precedence -and $Item -eq 'FileVantageRule') {
$_.precedence
} else {
$_.name
}
)' for import"
$_
}
if ($ModifyExisting -contains $Item) {
# Capture (non-policy) items to modify
$FilterScript = [scriptblock]::Create(
(@($Compare).foreach{ "`$Platform.`$Key.Cid eq `$_.$_" }) -join ' -and '
)
@($Platform.$Key.Import | Where-Object -FilterScript $FilterScript).foreach{
Write-Log 'Import-FalconConfig' "Selecting '$(
if ($_.value) {
if ($_.type) { $_.type,$_.value -join ':' } else { $_.value }
} elseif ($_.precedence -and $Item -eq 'FileVantageRule') {
$_.precedence
} else {
$_.name
}
)' for modification"
$Config.$Item.Modify.Add($_)
}
}
}
} else {
# Define properties for comparison between imported and existing items
[string[]]$Available = ($Config.$Item.Cid | Get-Member -MemberType NoteProperty |
Select-Object -Unique).Name
[string[]]$Compare = @('name','type','value').Where({ $Available -contains $_ })
Write-Log 'Import-FalconConfig' "Evaluating $Item using '$($Compare -join ',')'"
$FilterScript = [scriptblock]::Create(
(@($Compare).foreach{ "`$Config.$($Item).Cid.$_ -notcontains `$_.$_" }) -join ' -and '
)
@($Config.$Item.Import | Where-Object -FilterScript $FilterScript).foreach{
$Config.$Item.Modify.Add($_)
# Capture items for import
Write-Log 'Import-FalconConfig' "Selecting '$(
if ($_.value) {
if ($_.type) { $_.type,$_.value -join ':' } else { $_.value }
} elseif ($_.precedence -and $Item -eq 'FileVantageRule') {
$_.precedence
} else {
$_.name
}
)' for import"
$_
}
if ($ModifyExisting -contains $Item) {
# Capture (non-policy) items to modify
$FilterScript = [scriptblock]::Create((@($Compare).foreach{
"`$Config.$($Item).Cid.$($_) -eq `$_.$($_)" }) -join ' -and ')
@($Config.$Item.Import | Where-Object -FilterScript $FilterScript).foreach{
Write-Log 'Import-FalconConfig' "Selecting '$(
if ($_.value) {
if ($_.type) { $_.type,$_.value -join ':' } else { $_.value }
} elseif ($_.precedence -and $Item -eq 'FileVantageRule') {
$_.precedence
} else {
$_.name
}
)' for modification"
$Config.$Item.Modify.Add($_)
}
}
}
} elseif ($Config.$Item.Import) {
# Output all items
# Capture all items for import when none are present in target environment
@($Config.$Item.Import)
}
}
Expand Down Expand Up @@ -1047,6 +1124,8 @@ https://github.com/crowdstrike/psfalcon/wiki/Import-FalconConfig
}
}
end {
$Config
<#
if ($Config.Result | Where-Object { $_.action -ne 'Ignored' }) {
# Output warning for existing policy precedence
foreach ($Item in ($Config.Result | Where-Object { $_.action -eq 'Created' -and $_.type -match 'Policy$' } |
Expand All @@ -1063,5 +1142,6 @@ https://github.com/crowdstrike/psfalcon/wiki/Import-FalconConfig
@($Config.Result).foreach{ try { $_ | Export-Csv $OutputFile -NoTypeInformation -Append } catch { $_ }}
if (Test-Path $OutputFile) { Get-ChildItem $OutputFile | Select-Object FullName,Length,LastWriteTime }
}
#>
}
}

0 comments on commit 4ba4a56

Please sign in to comment.