Export FalconConfig - CrowdStrike/psfalcon Wiki

Export-FalconConfig

SYNOPSIS

Create an archive containing Falcon configuration files

DESCRIPTION

Uses various PSFalcon commands to gather and export groups, policies and exclusions as a collection

PARAMETERS

Name Type Min Max Allowed Pipeline PipelineByName Description
Select String[] HostGroup
IoaGroup
FirewallGroup
DeviceControlPolicy
FirewallPolicy
PreventionPolicy
ResponsePolicy
SensorUpdatePolicy
Ioc
IoaExclusion
MlExclusion
Script
SvExclusion
Selected items to export from your current CID, or leave unspecified to export all available items
Force Switch Overwrite an existing file when present

SYNTAX

Export-FalconConfig [[-Select] <String[]>] [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]

USAGE

Export all configurations

The Export-FalconConfig command gathers configurable items from your Falcon environment and exports them as a ZIP archive. The following example will create a file called FalconConfig_<FileDateTime>.zip in your current directory containing all the available configurations.

Export-FalconConfig

NOTE: Users are not included in the export/import process because they are unique and cannot be duplicated.

Export specific configurations

Similar to the regular command, a zip file will be created, but in this example it will only include HostGroup, FirewallGroup (including Firewall Rules) and FirewallPolicy items.

Export-FalconConfig -Select HostGroup, FirewallGroup, FirewallPolicy

Generated 20220922 using PSFalcon v2.2.3

⚠️ **GitHub.com Fallback** ⚠️