Firewall Management

Managing firewall rule groups

Creating firewall rule groups

Firewall rules can be added at the time of group creation, or added after the group is created using Edit-FalconFirewallGroup. The -Rules parameter accepts a PowerShell array of rule objects which are converted to Json before submission.

$Rules = @(
    @{
        name = 'Block IP'
        description = 'Block outbound to example.com IP address'
        platform_ids = @( "0" )
        enabled = $true
        action = "DENY"
        direction = "OUT"
        address_family = "IP4"
        protocol = "*"
        fields = @(
            @{
                name = "network_location"
                type = "set"
                values = @( "ANY" )
            }
        )
        local_address = @(
            @{
                address = "*"
                netmask = 0
            }
        )
        remote_address = @(
            @{
                address = "93.184.216.34"
                netmask = 32
            }
        )
    }
)
New-FalconFirewallGroup -Name 'test rule group' -Enabled $true -Description 'describing a rule group' -Rules $Rules

Finding rule IDs in a firewall rule group

Get-FalconFirewallGroup -Ids <id>, <id>

Updating firewall rule groups

Edit-FalconFirewallGroup -PolicyId <id> 

Deleting firewall rule groups

Remove-FalconFirewallGroup -Ids <id>, <id>

Updating firewall rule precedence within a rule group

Managing firewall policies

Creating firewall policies

Updating firewall policies

Copying firewall policies

Enabling firewall policies

Disabling firewall policies

Deleting firewall policies

Managing firewall policy precedence

See CrowdStrike API Documentation.