-
Notifications
You must be signed in to change notification settings - Fork 69
Import FalconConfig
Import items from a 'FalconConfig' archive into your Falcon environment
Creates groups, policies, exclusions, rules and scripts within a 'FalconConfig' archive within your authenticated Falcon environment.
Anything that already exists will be ignored and no existing items will be modified unless the relevant switch parameters are included.
Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
---|---|---|---|---|---|---|---|
Path | String | FalconConfig archive path | |||||
AssignExisting | Switch | Assign existing host groups with identical names to imported items | |||||
ModifyDefault | String[] | Modify specified 'platform_default' policies to match import |
DeviceControlPolicy PreventionPolicy ResponsePolicy SensorUpdatePolicy
|
||||
ModifyExisting | String[] | Modify existing specified items to match import |
DeviceControlPolicy FileVantagePolicy FileVantageRuleGroup FirewallGroup FirewallPolicy HostGroup IoaExclusion IoaGroup Ioc MlExclusion PreventionPolicy ResponsePolicy Script SensorUpdatePolicy SvExclusion
|
Import-FalconConfig [-Path] <String> [-AssignExisting] [-ModifyDefault <String[]>] [-ModifyExisting <String[]>] [-WhatIf] [-Confirm] [<CommonParameters>]
Using the Import-FalconConfig
command, you can re-create any items that are present in the export but are not
present in your authenticated Falcon environment. Import-FalconConfig
loads the files within the ZIP, checks
them against the existing items in the target environment, and creates any items that are not present.
Import-FalconConfig -Path .\FalconConfig_<FileDateTime>.zip
NOTE: Unless AssignExisting
is included, items that depend on the existence of a specific host group will
not be created. For example, if you attempt to import a Machine Learning Exclusion that is assigned to the host
group "Example Group" and "Example Group" already exists in your environment, the exclusion will not be created.
If it is possible to create the item without the dependency (like a policy without assigned host groups), it will be created.
Including the AssignExisting
parameter when running Import-FalconConfig
will cause existing host groups to be
assigned to created items when they match groups that would have been created as part of the import.
Import-FalconConfig -Path .\FalconConfig_<FileDateTime>.zip -AssignExisting
If AssignExisting
is not specified, existing items will not be assigned to created items when using
Import-FalconConfig
.
The ModifyExisting
parameter forces the Import-FalconConfig
command to analyze and modify a list of selected
items based on your target import.
Import-FalconConfig -Path .\FalconConfig_<FileDateTime>.zip -ModifyExisting PreventionPolicy, SensorUpdatePolicy
If ModifyExisting
is not specified, existing items will not be modified when using Import-FalconConfig
.
ModifyDefault
works similarly to ModifyExisting
, but allows Import-FalconConfig
to modify
platform_default
policies based on your target import.
Import-FalconConfig -Path .\FalconConfig_<FileDateTime>.zip -ModifyDefault PreventionPolicy
If ModifyDefault
is not specified, platform_default
policies will not be modified when using
Import-FalconConfig
.
See Export-FalconConfig.
2024-09-03: PSFalcon v2.2.7
- Using PSFalcon
-
Commands and Permissions
- Configuration Import/Export
- Container Security
- Detection and Prevention Policies
- Discover for Cloud and Containers
- Discover
- Event Streams
- Falcon Complete Dashboards
- Falcon Complete Message Center
- Falcon Data Replicator
- Falcon Intelligence
- Falcon Intelligence Recon
- Falcon OverWatch Dashboards
- Falcon Sandbox
- FileVantage
- Firewall Management
- Flight Control
- Horizon
- Host and Host Group Management
- Identity Protection
- Image Assessment
- Incident and Detection Monitoring
- Installation Tokens
- Kubernetes Protection
- MalQuery
- Mobile Host Enrollment
- On-Demand Scanning
- Quarantine
- Real-time Response
- Real-time Response Policy
- Scheduled Reports and Searches
- Sensor Download
- Sensor Update Policy
- Spotlight
- Tailored Intelligence
- Third-party ingestion
- USB Device Control Policy
- Users and Roles
- Zero Trust Assessment
- Examples
-
CrowdStrike SDKs
- PSFalcon - PowerShell
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust