@@ -34,6 +34,10 @@ CrowdStrike Falcon OAuth2 API Client Id [Required if RemoveHost is $true]
3434CrowdStrike Falcon OAuth2 API Client Secret [Required if RemoveHost is $true]
3535. PARAMETER MemberCid
3636Member CID, used only in multi-CID ("Falcon Flight Control") configurations and with a parent management CID.
37+ . PARAMETER ProxyHost
38+ The proxy host for the sensor to use when communicating with CrowdStrike [default: $null]
39+ . PARAMETER ProxyPort
40+ The proxy port for the sensor to use when communicating with CrowdStrike [default: $null]
3741. PARAMETER Verbose
3842Enable verbose logging
3943. EXAMPLE
@@ -85,8 +89,13 @@ param(
8589 [string ] $FalconClientSecret ,
8690
8791 [Parameter (Position = 11 )]
88- [string ] $MemberCid
92+ [string ] $MemberCid ,
8993
94+ [Parameter (Position = 12 )]
95+ [string ] $ProxyHost ,
96+
97+ [Parameter (Position = 13 )]
98+ [int ] $ProxyPort
9099)
91100begin {
92101 $ScriptName = $MyInvocation.MyCommand.Name
@@ -145,11 +154,11 @@ begin {
145154 return $Output
146155 }
147156
148- function Invoke-FalconAuth ([string ] $BaseUrl , [hashtable ] $Body , [string ] $FalconCloud ) {
157+ function Invoke-FalconAuth ([hashtable ] $WebRequestParams , [ string ] $BaseUrl , [hashtable ] $Body , [string ] $FalconCloud ) {
149158 $Headers = @ {' Accept' = ' application/json' ' Content-Type' = ' application/x-www-form-urlencoded' ' charset' = ' utf-8'
150159 $Headers.Add (' User-Agent' , ' crowdstrike-falcon-scripts/1.1.9'
151160 try {
152- $response = Invoke-WebRequest - Uri " $ ( $BaseUrl ) /oauth2/token" - UseBasicParsing - Method ' POST' - Headers $Headers - Body $Body
161+ $response = Invoke-WebRequest @WebRequestParams - Uri " $ ( $BaseUrl ) /oauth2/token" - UseBasicParsing - Method ' POST' - Headers $Headers - Body $Body
153162 $content = ConvertFrom-Json - InputObject $response.Content
154163 Write-VerboseLog - VerboseInput $content - PreMessage ' Invoke-FalconAuth - $content:'
155164
@@ -185,7 +194,7 @@ begin {
185194 }
186195
187196 $BaseUrl = Get-FalconCloud ($region )
188- $BaseUrl , $Headers = Invoke-FalconAuth - BaseUrl $BaseUrl - Body $Body - FalconCloud $FalconCloud
197+ $BaseUrl , $Headers = Invoke-FalconAuth - WebRequestParams $WebRequestParams - BaseUrl $BaseUrl - Body $Body - FalconCloud $FalconCloud
189198
190199 }
191200 else {
@@ -256,7 +265,7 @@ begin {
256265 # Changes the host visibility status in the CrowdStrike Falcon console
257266 # an action of $hide will hide the host, anything else will unhide the host
258267 # should only be called to hide/unhide a host that is already in the console
259- function Invoke-HostVisibility ([string ] $action ) {
268+ function Invoke-HostVisibility ([hashtable ] $WebRequestParams , [ string ] $action ) {
260269 if ($action -eq ' hide'
261270 $action = ' hide_host'
262271 }
@@ -279,7 +288,7 @@ begin {
279288 $url = " ${baseUrl} /devices/entities/devices-actions/v2?action_name=${action} "
280289
281290 $Headers [' Content-Type' = ' application/json'
282- $response = Invoke-WebRequest - Uri $url - UseBasicParsing - Method ' POST' - Headers $Headers - Body $bodyJson - MaximumRedirection 0
291+ $response = Invoke-WebRequest @WebRequestParams - Uri $url - UseBasicParsing - Method ' POST' - Body $bodyJson - MaximumRedirection 0
283292 $content = ConvertFrom-Json - InputObject $response.Content
284293 Write-VerboseLog - VerboseInput $content - PreMessage ' Invoke-HostVisibility - $content:'
285294
@@ -385,12 +394,38 @@ process {
385394 Write-FalconLog ' GetAID' $Message
386395 }
387396
397+ # Hashtable for common Invoke-WebRequest parameters
398+ $WebRequestParams = @ {}
399+
400+ # Configure proxy based on arguments
401+ $proxy = " "
402+ if ($ProxyHost ) {
403+ Write-Output " Proxy settings detected in arguments, using proxy settings to communicate with the CrowdStrike api"
404+
405+ if ($ProxyHost ) {
406+ $proxy_host = $ProxyHost.Replace (" http://" , " " " https://" , " "
407+ Write-FalconLog - Source " Proxy" - Message " Proxy host ${proxy_host} found in arguments" - stdout $true
408+ }
409+
410+ if ($ProxyPort ) {
411+ Write-FalconLog - Source " Proxy" - Message " Proxy port ${ProxyPort} found in arguments" - stdout $true
412+ $proxy = " http://${proxy_host} :${ProxyPort} "
413+ }
414+ else {
415+ $proxy = " http://${proxy_host} "
416+ }
417+
418+ $proxy = $proxy.Replace (" '" , " " " `" " , " "
419+ Write-FalconLog - Source " Proxy" - Message " Using proxy ${proxy} to communicate with the CrowdStrike Apis" - stdout $true
420+ }
421+
422+ if ($proxy ) {
423+ $WebRequestParams.Add (' Proxy' , $proxy )
424+ }
388425
389426 if ($credsProvided ) {
390- $Headers = @ {' Accept' = ' application/json' ' Content-Type' = ' application/x-www-form-urlencoded' ' charset' = ' utf-8'
391427 $BaseUrl = Get-FalconCloud $FalconCloud
392428
393-
394429 $Body = @ {}
395430 $Body [' client_id' = $FalconClientId
396431 $Body [' client_secret' = $FalconClientSecret
@@ -399,8 +434,9 @@ process {
399434 $Body [' member_cid' = $MemberCid
400435 }
401436
402- $BaseUrl , $Headers = Invoke-FalconAuth - BaseUrl $BaseUrl - Body $Body - FalconCloud $FalconCloud
437+ $BaseUrl , $Headers = Invoke-FalconAuth - WebRequestParams $WebRequestParams - BaseUrl $BaseUrl - Body $Body - FalconCloud $FalconCloud
403438 $Headers [' Content-Type' = ' application/json'
439+ $WebRequestParams.Add (' Headers' , $Headers )
404440 }
405441
406442 if ($RemoveHost ) {
@@ -428,8 +464,7 @@ process {
428464 try {
429465 $url = ' policy/combined/reveal-uninstall-token/v1'
430466
431- $Headers [' Content-Type' = ' application/json'
432- $response = Invoke-WebRequest - Uri " $ ( $baseUrl ) /$ ( $url ) " - UseBasicParsing - Method ' POST' - Headers $Headers - Body $bodyJson - MaximumRedirection 0
467+ $response = Invoke-WebRequest @WebRequestParams - Uri " $ ( $baseUrl ) /$ ( $url ) " - UseBasicParsing - Method ' POST' - Body $bodyJson - MaximumRedirection 0
433468 $content = ConvertFrom-Json - InputObject $response.Content
434469 Write-VerboseLog - VerboseInput $content - PreMessage ' GetToken - $content:'
435470
0 commit comments