Replies: 2 comments 4 replies
-
Give this version a try: #Requires -Version 5.1
using module @{ModuleName='PSFalcon';ModuleVersion ='2.2'}
<#
.SYNOPSIS
Search for a Host Group by name, execute a command on the members of the group using Real-time Response and output
results to CSV
.PARAMETER GroupName
Host group name
.PARAMETER Command
Real-time Response command
.PARAMETER Argument
Arguments to include with the command
.PARAMETER QueueOffline
Add non-responsive hosts to the offline queue
#>
param(
[Parameter(Mandatory,Position=1)]
[string]$GroupName,
[Parameter(Mandatory,Position=2)]
[string]$Command,
[Parameter(Position=3)]
[string]$Argument,
[boolean]$QueueOffline
)
# Find group identifier using 'name' filter
$GroupId = Get-FalconHostGroup -Filter "name:'$($GroupName.ToLower())'"
if (!$GroupId) { throw "No host group found matching '$($GroupName.ToLower())'." }
# Set CSV output file name and baseline Invoke-FalconRtr parameters
$OutputFile = Join-Path (Get-Location).Path "$('rtr',($Command -replace ' ','_'),$GroupId -join '_').csv"
$Param = @{ GroupId = $GroupId }
# Add Command/Argument/QueueOffline status
switch ($PSBoundParameters.Keys) {{ $_ -ne 'GroupName' } { $Param[$_] = $PSBoundParameters.$_ }}
# Use 'Invoke-FalconRtr' and output result to CSV
Invoke-FalconRtr @Param | Export-Csv -Path $OutputFile
if (Test-Path $OutputFile) { Get-ChildItem $OutputFile | Select-Object FullName,Length,LastWriteTime } |
Beta Was this translation helpful? Give feedback.
3 replies
-
No, it should look like this: PS> .\run-a-command-against-a-group-of-devices.ps1 -GroupName <group_name> -Command runscript -Argument "-CloudFile='demo'" |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Invoke-FalconRtr by itself works correctly.
Invoke-FalconRtr -command runscript -Argument '-cloudfile=xxxx' -GroupId xxxxxxxxxxx
But when I run the sample script, I get this error
Invoke-FalconRtr : The expression after '&' in a pipeline element produced an object that was not valid. It must result in a command name, a script block,or a CommandInfo object.
At C:\temp\run-a-command-against-a-group-of-devices.ps1:39 char:1
I have the following in the command parameter, is this correct?
runscript -Argument '-cloudfile=xxxx'
To isolate, change the execution part of the script as follows,
#Invoke-FalconRtr @param | Export-Csv -Path $OutputFile
Invoke-FalconRtr runscript $Command -GroupID $GroupId
I entered the following parameters and it worked
-cloudfile=xxxx
So I think the problem is in the [-command:] parameter entry.
Thank you,
Beta Was this translation helpful? Give feedback.
All reactions