Updating Commands.json;[skip ci]

TheJumpCloud · Sep 11, 2023 · 0d80cec · 0d80cec
1 parent e6299d5
commit 0d80cec
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/PowerShell/JumpCloud Commands Gallery/commands.json b/PowerShell/JumpCloud Commands Gallery/commands.json
@@ -130,7 +130,7 @@
     "type": "mac",
     "command": "#!/bin/bash\nCSBaseAddress=\"\"\nCSClientID=\"\"\nCSClientSecret=\"\"\n\n# Installation Token (Only use if you have Require Tokens enabled for your organization)\n# https://falcon.us-2.crowdstrike.com/documentation/page/f8a0f751/host-and-host-group-management#x7be77b4\n\nCSInstallToken=\"\"\n\n############### Do Not Edit Below This Line ###############\n\n# API Base URL and the various endpoints we need\noauthtoken=\"$CSBaseAddress/oauth2/token\"\n\n# Define which version we want to get.\n# 0 means latest. 1 is N-1, 2 is N-2 and so on.\nversion=\"0\"\n\n# Now define the API query we need\nsensorlist=\"$CSBaseAddress/sensors/combined/installers/v1?offset=$version&limit=1&filter=platform%3A%22mac%22\"\nsensordl=\"$CSBaseAddress/sensors/entities/download-installer/v1\"\n\n# Request bearer access token using the API\ntoken=$( /usr/bin/curl -s -X POST \"$oauthtoken\" -H \"accept: application/json\" -H \"Content-Type: application/x-www-form-urlencoded\" -d \"client_id=$CSClientID&client_secret=$CSClientSecret\" )\n\n# Extract the bearer token from the json output above\nBEARER_REGEX_PATTERN='\\\"access_token\\\":\\ \\\"(.+)\\\",'\n\nif [[ $token =~ $BEARER_REGEX_PATTERN ]]; then\n    bearer=\"${BASH_REMATCH[1]}\"\n    echo \"Connected to CrowdStrike\"\nelse\n    echo \"Could not find bearer token\"\n    exit 1\nfi\n\n# Work out the CrowdStrike installer, grab the SHA256 hash and use that to download that installer\nsensorv=$( /usr/bin/curl -s -X GET \"$sensorlist\" -H \"accept: application/json\" -H \"authorization: Bearer $bearer\" )\n\nSHA256_REGEX_PATTERN='\\\"sha256\\\":\\ \"([^\"]*)\"'\n\nif [[ $sensorv =~ $SHA256_REGEX_PATTERN ]]; then\n    sensorsha=\"${BASH_REMATCH[1]}\"\nelse\n    echo \"Could not find sha256 hash\"\n    exit 1\nfi\n\n# Create Temp Folder\nfileName=\"FalconSensor.pkg\"\nDATE=$(date '+%Y-%m-%d-%H-%M-%S')\nTempFolder=\"Download-$DATE\"\nmkdir /tmp/$TempFolder\necho \"Creating /tmp/$TempFolder...\"\n\n# Navigate to Temp Folder\ncd /tmp/$TempFolder\n\n# Download the client.\necho \"Beginning CrowdStrike Sensor Download...\"\ndownload=$( /usr/bin/curl -H \"Accept: application/octet-stream\" -H \"Authorization: bearer $bearer\" -o \"$fileName\" \"$sensordl?id=$sensorsha\")\nres=$?\n\nif [[ \"$res\" != \"0\" ]]; then\n    echo \"Download failed with: $res\"\n    echo \"Cleaning up files...\"\n    rm -r /tmp/$TempFolder\n    echo \"Deleted /tmp/$TempFolder\"\n    exit 1\nfi\n\ninstaller -verboseR -package \"/tmp/$TempFolder/$fileName\" -target /\n\n# Validate the install and license status\nif [[ \"$CSInstallToken\" != \"\" ]]; then\n    sudo /Applications/Falcon.app/Contents/Resources/falconctl provisioning-token $CSInstallToken\nfi\n\nstats=$(/Applications/Falcon.app/Contents/Resources/falconctl stats > /dev/null 2>&1)\nstatsStatus=$?\nif [[ $statsStatus == 0 ]]; then\n    echo \"License was applied successfully\"\nelse\n    echo \"License was not applied, please verify that the CrowdStrike Falcon MDM Settings profile is applied to this device\"\n    exit 1\nfi\n\n# Remove Temp Folder and download\nrm -r /tmp/$TempFolder\necho \"Deleted /tmp/$TempFolder\"",
     "link": "https://github.com/TheJumpCloud/support/blob/master/PowerShell/JumpCloud%20Commands%20Gallery/Mac%20Commands/Mac%20-%20Install%20CrowdStrike%20Falcon%20Agent.md",
-    "description": "This command will download and install the CrowdStrike Falcon Agent to the device if it isn't already installed. The command will leverage CrowdStrike's API to find and download the latest version of the Falcon Agent onto the local machine.\n\nIn order to use this command, follow the instructions from the [Installing the CrowdStrike Falcon Agent KB](https://support.jumpcloud.com/s/article/Installing-the-Crowdstrike-Falcon-Agent)\n\n[Richard Purves' blog post on Downloading Crowdstrike](https://richard-purves.com/2022/05/03/downloading-crowdstrike-via-api-for-fun-and-profit/) inspired this command template.\n\nSpecifically for this command:\n\n1. Create a CrowdStrike API Client with the \"SENSOR DOWNLOAD\" Read scope and make note of the ClientID and ClientSecret. Refer to CrowdStrike's article [Getting Access to the CrowdStrike API](https://www.crowdstrike.com/blog/tech-center/get-access-falcon-apis/) for further information\n2. Set the 3 variables (CSBaseAddress, CSClientID, CSClientSecret) to their respective values for your CrowdStrike API Client\n3. Extend the command timeout to a value that makes sense in your environment. The suggested command timeout for an environment with average network speeds on devices with average computing power is 10 minutes. Note that the command may timeout with a 124 error code in the command result window if not extended, but the script will continue to run."
+    "description": "This command will download and install the CrowdStrike Falcon Agent to the device if it isn't already installed. The command will leverage CrowdStrike's API to find and download the latest version of the Falcon Agent onto the local machine.\n\nIn order to use this command, follow the instructions from the [Installing the CrowdStrike Falcon Agent KB](https://support.jumpcloud.com/s/article/Installing-the-Crowdstrike-Falcon-Agent)\n\n[Richard Purves' blog post on Downloading Crowdstrike](https://richard-purves.com/2022/05/03/downloading-crowdstrike-via-api-for-fun-and-profit/) inspired this command template.\n\nSpecifically for this command:\n\n1. Create a CrowdStrike API Client with the \"SENSOR DOWNLOAD\" Read scope and make note of the ClientID and ClientSecret. Refer to CrowdStrike's article [Getting Access to the CrowdStrike API](https://www.crowdstrike.com/blog/tech-center/get-access-falcon-apis/) for further information\n2. Set the 3 variables (CSBaseAddress, CSClientID, CSClientSecret) to their respective values for your CrowdStrike API Client\n    1. If you have Require Token enabled for your CrowdStrike org, set the CSInstallToken variable with your installation token\n3. Extend the command timeout to a value that makes sense in your environment. The suggested command timeout for an environment with average network speeds on devices with average computing power is 10 minutes. Note that the command may timeout with a 124 error code in the command result window if not extended, but the script will continue to run."
   },
   {
     "name": "Mac - Install JumpCloud Password Manager App | v1.2 JCCG",
@@ -333,7 +333,7 @@
     "type": "windows",
     "command": "$CSBaseAddress = \"\"\n$CSClientID = \"\"\n$CSClientSecret = \"\"\n\n# Installation Token (Only use if you have Require Tokens enabled for your organization)\n# https://falcon.us-2.crowdstrike.com/documentation/page/f8a0f751/host-and-host-group-management#x7be77b4\n\n$CSInstallToken=\"\"\n\n############### Do Not Edit Below This Line ###############\nfunction Connect-CrowdStrike {\n    param(\n        [Parameter(Position = 1)]\n        [ValidateSet('https://api.crowdstrike.com', 'https://api.us-2.crowdstrike.com',\n            'https://api.eu-1.crowdstrike.com', 'https://api.laggar.gcw.crowdstrike.com')]\n        [string] $CSBaseAddress,\n\n        [Parameter(Position = 2)]\n        [ValidatePattern('\\w{32}')]\n        [string] $CSClientId,\n\n        [Parameter(Position = 3)]\n        [ValidatePattern('\\w{40}')]\n        [string] $CSClientSecret\n    )\n    begin {\n        $ApiBody = @{\n            \"client_id\"     = $CSClientId\n            \"client_secret\" = $CSClientSecret\n        }\n        $Headers = @{\n            \"Accept\"       = \"application/json\";\n            \"Content-Type\" = \"application/x-www-form-urlencoded\"\n        }\n        $global:CSBaseAddress = $CSBaseAddress\n    }\n    process {\n        $Response = Invoke-WebRequest -Uri \"$CSBaseAddress/oauth2/token\" -Method Post -Headers $Headers -Body $ApiBody -UseBasicParsing\n\n        if ($Response.headers.\"X-Ratelimit-Remaining\" -le 0) {\n            Write-Host \"Too many requests are being made to CrowdStrike services...\"\n            exit 429\n        }\n        if ($Response.StatusCode -eq 201) {\n            Write-Host \"Successfully authenticated; Access Token created\"\n            $CrowdStrikeAccessToken = [regex]::Matches($Response.Content, '\"(?<name>access_token)\": \"(?<access_token>.*)\",')[0].Groups['access_token'].Value\n            $global:CrowdStrikeAccessToken = $CrowdStrikeAccessToken\n        }\n    }\n}\nfunction Get-CrowdStrikeCcid {\n    begin {\n        $CrowdStrikeAuthHeader = @{\n            \"Authorization\" = \"bearer $CrowdStrikeAccessToken\"\n            \"Accept\"        = \"application/json\"\n        }\n    }\n    process {\n        $Response = Invoke-WebRequest -Uri \"$CSBaseAddress/sensors/queries/installers/ccid/v1\" -method Get -Headers $CrowdStrikeAuthHeader -UseBasicParsing\n\n        if ($Response.headers.\"X-Ratelimit-Remaining\" -le 0) {\n            Write-Host \"Too many requests are being made to CrowdStrike services...\"\n            exit 429\n        }\n\n        $Ccid = [regex]::Matches($Response, '(?<ccid>\\w{32}-\\w{2})')[0].Groups['ccid'].Value\n    }\n    end {\n        return $Ccid\n    }\n}\n\nfunction Get-CrowdStrikeSensorInstaller {\n    param (\n        [Parameter(Position = 1)]\n        [ValidateSet('windows')]\n        [string] $operatingSystem\n    )\n    begin {\n        $CrowdStrikeAuthHeader = @{\n            \"Authorization\" = \"bearer $CrowdStrikeAccessToken\"\n            \"Accept\"        = \"application/json\"\n        }\n    }\n    process {\n        $Response = Invoke-WebRequest -Uri \"$CSBaseAddress/sensors/combined/installers/v1\" -method Get -Headers $CrowdStrikeAuthHeader -UseBasicParsing\n\n        if ($Response.headers.\"X-Ratelimit-Remaining\" -le 0) {\n            Write-Host \"Too many requests are being made to CrowdStrike services...\"\n            exit 429\n        }\n\n        $Installers = $Response.Content | ConvertFrom-Json\n        $Installers = $Installers.Resources | Group-Object platform\n\n        switch ($operatingSystem) {\n            windows {\n                $WindowsInstallers = $Installers | Where-Object Name -eq 'windows'\n                $SortedInstallers = $WindowsInstallers.Group | Sort-Object release_date -Descending\n            }\n        }\n        $LatestInstaller = $SortedInstallers | Select-Object -First 1\n    }\n    end {\n        return $LatestInstaller\n    }\n}\n\ntry {\n    Write-Host \"Connecting to CrowdStrike Tenant...\"\n    Connect-CrowdStrike -CSBaseAddress $CSBaseAddress -CSClientId $CSClientId -CSClientSecret $CSClientSecret\n} catch {\n    Write-Error \"Unable to connect to CrowdStrike...\"\n    exit 1\n}\n\nWrite-Host \"Gathering CCID information...\"\n$CID = Get-CrowdStrikeCcid\n\nWrite-Host \"Finding latest Windows installer...\"\n$LatestInstaller = Get-CrowdStrikeSensorInstaller -operatingSystem 'windows'\n\n$installerURL = \"$CSBaseAddress/sensors/entities/download-installer/v1?id=$($LatestInstaller.sha256)\"\n$CrowdStrikeAuthHeader = @{\n    \"Authorization\" = \"bearer $CrowdStrikeAccessToken\"\n    \"Accept\"        = \"application/octet-stream\"\n}\n\n$installerTempLocation = \"C:\\Windows\\Temp\\CSFalconAgentInstaller.exe\"\n\nif (Get-Service \"CSFalconService\" -ErrorAction SilentlyContinue) {\n    Write-Host \"Falcon Agent already installed, nothing to do.\"\n    exit 0\n}\nWrite-Host \"Falcon Agent not installed.\"\n\nWrite-Host \"Downloading Falcon Agent installer now.\"\ntry {\n    $ProgressPreference = 'SilentlyContinue'\n    Invoke-WebRequest -Headers $CrowdStrikeAuthHeader -Uri $installerURL -UseBasicParsing -OutFile $installerTempLocation\n} catch {\n    Write-Error \"Unable to download Falcon Agent installer.\"\n    exit 1\n}\nWrite-Host \"Finished downloading Falcon Agent installer.\"\n\nWrite-Host \"Installing Falcon Agent now, this may take a few minutes.\"\ntry {\n    $args = @(\"/install\", \"/quiet\", \"/norestart\", \"CID=$CID\")\n    if ($CSInstallToken){\n        $args += \"ProvToken=$CSInstallToken\"\n    }\n    $installerProcess = Start-Process -FilePath $installerTempLocation -Wait -PassThru -ArgumentList $args\n} catch {\n    Write-Error \"Failed to run Falcon Agent installer.\"\n    exit 1\n}\nWrite-Host \"Falcon Agent installer returned $($installerProcess.ExitCode).\"\n\nexit $installerProcess.ExitCode",
     "link": "https://github.com/TheJumpCloud/support/blob/master/PowerShell/JumpCloud%20Commands%20Gallery/Windows%20Commands/Windows%20-%20Install%20CrowdStrike%20Falcon%20Agent.md",
-    "description": "This command will download and install the CrowdStrike Falcon Agent to the device if it isn't already installed. The command will leverage CrowdStrike's API to find and download the latest version of the Falcon Agent onto the local machine.\n\nFollow the instructions from the [Installing the CrowdStrike Falcon Agent KB](https://support.jumpcloud.com/s/article/Installing-the-Crowdstrike-Falcon-Agent#InstallWindows)\n\nIn order to use this command:\n\n1. Create a CrowdStrike API Client with the \"SENSOR DOWNLOAD\" Read scope and make note of the ClientID and ClientSecret Refer to CrowdStrike's article [Getting Access to the CrowdStrike API](https://www.crowdstrike.com/blog/tech-center/get-access-falcon-apis/) for further information\n2. Set the 3 variables (CSBaseAddress, CSClientID, CSClientSecret) to their respective values for your CrowdStrike API Client\n3. Extend the command timeout to a value that makes sense in your environment. The suggested command timeout for an environment with average network speeds on devices with average computing power is 10 minutes. Note that the command may timeout with a 124 error code in the command result window if not extended, but the script will continue to run."
+    "description": "This command will download and install the CrowdStrike Falcon Agent to the device if it isn't already installed. The command will leverage CrowdStrike's API to find and download the latest version of the Falcon Agent onto the local machine.\n\nFollow the instructions from the [Installing the CrowdStrike Falcon Agent KB](https://support.jumpcloud.com/s/article/Installing-the-Crowdstrike-Falcon-Agent#InstallWindows)\n\nIn order to use this command:\n\n1. Create a CrowdStrike API Client with the \"SENSOR DOWNLOAD\" Read scope and make note of the ClientID and ClientSecret Refer to CrowdStrike's article [Getting Access to the CrowdStrike API](https://www.crowdstrike.com/blog/tech-center/get-access-falcon-apis/) for further information\n2. Set the 3 variables (CSBaseAddress, CSClientID, CSClientSecret) to their respective values for your CrowdStrike API Client\n    1. If you have Require Token enabled for your CrowdStrike org, set the CSInstallToken variable with your installation token\n3. Extend the command timeout to a value that makes sense in your environment. The suggested command timeout for an environment with average network speeds on devices with average computing power is 10 minutes. Note that the command may timeout with a 124 error code in the command result window if not extended, but the script will continue to run."
   },
   {
     "name": "Windows - Install JumpCloud Password Manager App | v1.2 JCCG",