Skip to content

Firewall Management

Jump to bottom
bk-cs edited this page Jun 7, 2021 · 18 revisions

Managing firewall rule groups

Creating firewall rule groups

The -Rules parameter accepts a PowerShell array of rule objects which are converted to Json before submission.

$Rules = @(
    @{
        name = 'Block IP'
        description = 'Block outbound to example.com IP address'
        platform_ids = @( "0" )
        enabled = $true
        action = "DENY"
        direction = "OUT"
        address_family = "IP4"
        protocol = "*"
        fields = @(
            @{
                name = "network_location"
                type = "set"
                values = @( "ANY" )
            }
        )
        local_address = @(
            @{
                address = "*"
                netmask = 0
            }
        )
        remote_address = @(
            @{
                address = "93.184.216.34"
                netmask = 32
            }
        )
    }
)
New-FalconFirewallGroup -Name 'test rule group' -Enabled $true -Description 'describing a rule group' -Rules $Rules

Finding rule IDs in a firewall rule group

Get-FalconFirewallGroup -Ids <id>, <id>

Updating firewall rule groups



Deleting firewall rule groups


Remove-FalconFirewallGroup -Ids <id>, <id>


Updating firewall rule precedence within a rule group




Managing firewall policies


Creating firewall policies


New-FalconFirewallPolicy -PlatformName Windows -Name 'Test Policy' -Description 'Firewall test policy'


Updating firewall policies


Edit-FalconFirewallPolicy -Id <id> -Name 'Test Policy 1 Name Changed'


Copying firewall policies


New-FalconFirewallPolicy -PlatformName Windows -Name 'Cloned Test Policy' -Description 'Firewall test cloned policy' -CloneId <id>


Enabling firewall policies


Invoke-FalconFirewallPolicyAction -Name enable -Id <id>


Disabling firewall policies


Invoke-FalconFirewallPolicyAction -Name disable -Id <id>


Deleting firewall policies


Remove-FalconFirewallPolicy -Ids <id>, <id>


Managing firewall policy precedence


NOTE: All policy ids (with the exception of platform_default) must be supplied in desired precedence order.


Set-FalconFirewallPrecedence -PlatformName Windows -Ids <id>, <id>


See CrowdStrike API Documentation.


              


              

                

                  

                    


                  

                

              

          



  
          

            

              

                

                  

                    

                  

                

              


            
Clone this wiki locally