Import FalconConfig - CrowdStrike/psfalcon GitHub Wiki
Import items from a 'FalconConfig' archive into your Falcon environment
Creates groups, policies, exclusions, rules and scripts within a 'FalconConfig' archive within your authenticated Falcon environment.
Anything that already exists will be ignored and no existing items will be modified unless the relevant parameters are included.
If using 'Select', any dependencies are added based on your input and whether or not the 'AssignExisting' switch is included.
'Sensor Download: Read' permission is required for CID comparison in Flight Control environments, and 'Read' and 'Write' permissions are required for all items being imported.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Path | String | FalconConfig archive path | |||||
| Select | String[] | Import selected files from archive |
ContentPolicyDeviceControlPolicyFileVantagePolicyFileVantageRuleGroupFirewallGroupFirewallLocationFirewallPolicyHostGroupIoaExclusionIoaGroupIocMlExclusionPreventionPolicyResponsePolicyScriptSensorUpdatePolicySvExclusion
|
||||
| AssignExisting | Switch | Assign existing host groups with identical names to imported items | |||||
| ModifyDefault | String[] | Modify default policies to match import. Use 'All' for all possible values (or all values in 'Select') |
AllContentPolicyDeviceControlPolicyPreventionPolicyResponsePolicySensorUpdatePolicy
|
||||
| ModifyExisting | String[] | Modify existing items to match import. Use 'All' for all possible values (or all values in 'Select') |
AllContentPolicyDeviceControlPolicyFileVantagePolicyFileVantageRuleGroupFirewallGroupFirewallLocationFirewallPolicyHostGroupIoaExclusionIoaGroupIocMlExclusionPreventionPolicyResponsePolicyScriptSensorUpdatePolicySvExclusion
|
Import-FalconConfig [-Path] <String> [-Select <String[]>] [-AssignExisting] [-ModifyDefault <String[]>] [-ModifyExisting <String[]>] [-WhatIf] [-Confirm] [<CommonParameters>]Using the Import-FalconConfig command, you can re-create any items that are present in the export but are not
present in your authenticated Falcon environment. Import-FalconConfig loads the files within the ZIP, checks
them against the existing items in the target environment, and creates any items that are not present.
Import-FalconConfig -Path .\FalconConfig_<FileDateTime>.zipNOTE: Unless AssignExisting is included, items that depend on the existence of a specific host group will
not be created. For example, if you attempt to import a Machine Learning Exclusion that is assigned to the host
group "Example Group" and "Example Group" already exists in your environment, the exclusion will not be created.
If it is possible to create the item without the dependency (like a policy without assigned host groups), it will be created.
Including the AssignExisting parameter when running Import-FalconConfig will cause existing host groups to be
assigned to created items when they match groups that would have been created as part of the import.
Import-FalconConfig -Path .\FalconConfig_<FileDateTime>.zip -AssignExistingIf AssignExisting is not specified, existing items will not be assigned to created items when using
Import-FalconConfig.
The ModifyExisting parameter forces the Import-FalconConfig command to analyze and modify a list of selected
items based on your target import.
Import-FalconConfig -Path .\FalconConfig_<FileDateTime>.zip -ModifyExisting PreventionPolicy, SensorUpdatePolicyIf ModifyExisting is not specified, existing items will not be modified when using Import-FalconConfig.
ModifyDefault works similarly to ModifyExisting, but allows Import-FalconConfig to modify
platform_default policies based on your target import.
Import-FalconConfig -Path .\FalconConfig_<FileDateTime>.zip -ModifyDefault PreventionPolicyIf ModifyDefault is not specified, platform_default policies will not be modified when using
Import-FalconConfig.
See Export-FalconConfig.
2025-09-19: PSFalcon v2.2.9
