Edit FalconFirewallGroup
Modify Falcon Firewall Management rule groups
All fields (plus 'rulegroup_version' and 'tracking') are required when making a rule group change. PSFalcon adds missing values automatically using data from your existing rule group.
'DiffOperation' array objects must contain 'from', 'op', 'path' and 'value' properties. Accepted 'op' values are 'add', 'remove' and 'replace'.
When adding a rule to a rule group,the required rule fields must be included along with a 'temp_id' (in both the rule properties and in precedence order within 'rule_ids') to establish proper placement of the rule within the rule group. Simlarly, the value 'null' must be placed within 'rule_versions' in precedence order.
Requires 'Firewall management: Write'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| DiffOperation | Object[] | An array of hashtables containing rule or rule group changes | |||||
| Comment | String | Audit log comment | |||||
| RuleId | String[] | Firewall rule 'family' value(s) from the existing rule group [or 'temp_id' for each new rule] | |||||
| RuleVersion | String[] | Firewall rule version value(s) from the existing rule group [or 'null' for each new rule] | |||||
| Id | String | Rule group identifier | X | X | |||
| Validate | Switch | Toggle to perform validation, instead of modifying rule group |
Edit-FalconFirewallGroup [-DiffOperation] <Object[]> [[-Comment] <String>] [[-RuleId] <String[]>] [[-RuleVersion] <String[]>] [-Id] <String> [-WhatIf] [-Confirm] [<CommonParameters>]Edit-FalconFirewallGroup [-DiffOperation] <Object[]> [[-Comment] <String>] [[-RuleId] <String[]>] [[-RuleVersion] <String[]>] [-Id] <String> -Validate [-WhatIf] [-Confirm] [<CommonParameters>]PATCH /fwmgr/entities/rule-groups/v1
PATCH /fwmgr/entities/rule-groups/validation/v1
update_rule_group
update_rule_group_validation
Edit-FalconFirewallGroup -Id <id> -DiffOperation @{ op = 'replace'; path = '/enabled'; value = $true }$DiffOperation = @(
@{
op = 'add'
path = '/rules/0'
value = @{
temp_id = '1'
name = 'First rule in a group'
description = 'Example'
platform_ids = @('0')
enabled = $false
action = 'ALLOW'
direction = 'IN'
address_family = 'NONE'
protocol = '6'
fields = @(
@{
name = 'network_location'
type = 'set'
values = @( 'ANY' )
}
)
local_address = @(@{ address = '*'; netmask = 0 })
remote_address = @(@{ address = '*'; netmask = 0 })
}
}
)
$Group = Get-FalconFirewallGroup -Id <id>
$Rule = Get-FalconFirewallRule -Id $Group.rule_ids
$RuleId = @('1') + $Group.rule_ids
$RuleVersion = @('null') + $Rule.version
Edit-FalconFirewallGroup -Id $Group.id -DiffOperation $DiffOperation -RuleId $RuleId -RuleVersion $RuleVersionEdit-FalconFirewallGroup -Id <id> -DiffOperation @{ op = 'replace'; path = '/name'; value = 'my new name' }$Group = Get-FalconFirewallGroup -Filter "name:'my_group'" -Detailed
$Rule = Get-FalconFirewallRule -Id $Group.rule_ids
$Family = ($Rule | Where-Object { $_.name -eq 'my target rule' }).family
$Index = $Group.rule_ids.IndexOf($Family)
Edit-FalconFirewallGroup -Id $Group.id -DiffOperation @{ op = 'replace'; path = "/rules/$Index/name"; value = 'my new rule name' }2024-09-03: PSFalcon v2.2.7
