Merge pull request #17 from ndergal1/ndergal/fix/replace-psfalcon-wit…

…h-api-calls Replace psfalcon with api calls
CrowdStrike · Jan 13, 2025 · c0826c9 · c0826c9
2 parents 994fe15 + 8510820
commit c0826c9
Showing 1 changed file with 159 additions and 15 deletions.
diff --git a/scripts/New-FcsAzureAccount.ps1 b/scripts/New-FcsAzureAccount.ps1
@@ -22,6 +22,51 @@ param(
     [string]$UseExistingAppRegistration
 )
 
+# Falcon variables
+switch ($Env:FALCON_CLOUD_REGION) {
+    US-1 {
+        $FALCON_API_BASE_URL = "api.crowdstrike.com"
+    }
+    US-2 {
+        $FALCON_API_BASE_URL = "api.us-2.crowdstrike.com"
+    }
+    EU-1 {
+        $FALCON_API_BASE_URL = "api.eu-1.crowdstrike.com"
+    }
+    Default {
+        $FALCON_API_BASE_URL = "api.crowdstrike.com"
+    }
+}
+
+# Get CrowdStrike API Access Token
+function Get-FalconAPIAccessToken {
+    param (
+        [Parameter(Mandatory = $true)]
+        [string]$ClientId,
+
+        [Parameter(Mandatory = $true)]
+        [string]$ClientSecret
+    )
+    try {
+        $Params = @{
+            Uri     = "https://${FALCON_API_BASE_URL}/oauth2/token"
+            Method  = "POST"
+            Headers = @{
+                "Content-Type" = "application/x-www-form-urlencoded"
+            }
+            Body    = @{
+                client_id     = $ClientId
+                client_secret = $ClientSecret
+            }
+        }
+        return ((Invoke-WebRequest @Params).Content | ConvertFrom-Json).access_token
+    }
+    catch [System.Exception] {
+        Write-Error "An exception was caught: $($_.Exception.Message)"
+        break
+    }
+}
+
 function Set-AzureAppRegistrationCertificate {
     param(
         [Parameter(Mandatory = $true)]
@@ -64,43 +109,142 @@ function Set-AzureAppRegistrationCertificate {
             New-AzADAppCredential -ApplicationId $ClientId -CertValue $ClientCertificate -ErrorAction Stop
         }
     }
-    catch [System.Exception] { 
+    catch [System.Exception] {
         Write-Error "An exception was caught: $($_.Exception.Message)"
         break
-    } 
+    }
     finally {
         Disconnect-AzAccount
     }
 }
 
-try {
-    $DeploymentScriptOutputs = @{}
+function New-FalconCloudAzureAccount {
+    param (
+        [Parameter(Mandatory = $true)]
+        [string]$AccessToken,
 
-    # Check if the PSFalcon module is available
-    if (!(Get-Module -Name PSFalcon)) {
-        if (!(Get-Module -ListAvailable -Name PSFalcon)) {
-            Install-Module -Name PSFalcon -Force
+        [Parameter(Mandatory = $true)]
+        [string]$TenantId,
+
+        [Parameter(Mandatory = $true)]
+        [string]$SubscriptionId,
+
+        [Parameter(Mandatory = $true)]
+        [string]$ClientId,
+
+        [Parameter(Mandatory = $true)]
+        [string]$AccountType,
+
+        [Parameter(Mandatory = $true)]
+        [int32]$YearsValid
+    )
+    try {
+        $Uri     = "https://${FALCON_API_BASE_URL}/cloud-connect-cspm-azure/entities/account/v1"
+        $Method  = "POST"
+        $Headers = @{
+                "Authorization" = "Bearer ${AccessToken}"
+            }
+        $Body = @{
+            "resources" = @(
+                @{
+                    "account_type" = $accountType
+                    "client_id" = $clientId
+                    "subscription_id" = $subscriptionId
+                    "tenant_id" = $tenantId
+                    "years_valid" = $yearsValid
+                }
+            )
+        }
+        # Create CSPM account
+        Invoke-RestMethod -Method POST -Uri $uri -Headers $headers -ContentType 'application/json' -Body (ConvertTo-Json $body)
+    }
+    catch [System.Exception] {
+        Write-Error "An exception was caught: $($_.Exception.Message)"
+        break
+    }
+}
+
+function New-FalconCloudAzureGroup {
+    param (
+        [Parameter(Mandatory = $true)]
+        [string]$AccessToken,
+
+        [Parameter(Mandatory = $true)]
+        [string]$TenantId,
+
+        [Parameter(Mandatory = $true)]
+        [string]$DefaultSubscriptionId
+    )
+    try {
+        $Uri     = "https://${FALCON_API_BASE_URL}/cloud-connect-cspm-azure/entities/management-group/v1"
+        $Method  = "POST"
+        $Headers = @{
+            "Authorization" = "Bearer ${AccessToken}"
+        }
+        $Body = @{
+            "resources" = @(
+                @{
+                    "default_subscription_id" = $defaultSubscriptionId
+                    "tenant_id" = $tenantId
+                }
+            )
+        }
+        # Create CSPM account
+        Invoke-RestMethod -Method POST -Uri $uri -Headers $headers -ContentType 'application/json' -Body (ConvertTo-Json @body)
+    }
+    catch [System.Exception] {
+        Write-Error "An exception was caught: $($_.Exception.Message)"
+        break
+    }
+}
+
+function Get-FalconCloudAzureCertificate {
+    param (
+        [Parameter(Mandatory = $true)]
+        [string]$AccessToken,
+
+        [Parameter(Mandatory = $true)]
+        [string]$TenantId
+    )
+    try {
+        $Params = @{
+            Uri     = "https://${FALCON_API_BASE_URL}/cloud-connect-cspm-azure/entities/download-certificate/v1"
+            Method  = "GET"
+            Headers = @{
+                "Authorization" = "Bearer ${AccessToken}"
+                "Content-Type" = "application/x-www-form-urlencoded"
+            }
+            Body    = @{
+                tenant_id = $tenantId
+            }
         }
-        Import-Module -Name PSFalcon
+        return ((Invoke-WebRequest @Params).Content | ConvertFrom-Json)
+    }
+    catch [System.Exception] {
+        Write-Error "An exception was caught: $($_.Exception.Message)"
+        break
     }
+}
+
+try {
+    $DeploymentScriptOutputs = @{}
 
-    # Request Falcon API access token
-    Request-FalconToken -ClientId $Env:FALCON_CLIENT_ID -ClientSecret $Env:FALCON_CLIENT_SECRET -Cloud $($Env:FALCON_CLOUD_REGION.ToLower())
+    $AccessToken = $(Get-FalconAPIAccessToken -ClientId ${Env:FALCON_CLIENT_ID} -ClientSecret ${Env:FALCON_CLIENT_SECRET})
 
     # Register Azure account in Falcon Cloud Security
-    New-FalconCloudAzureAccount -TenantId $AzureTenantId -SubscriptionId $AzureSubscriptionId -ClientId $Env:AZURE_CLIENT_ID -AccountType $AzureAccountType -YearsValid $AzureYearsValid
+    New-FalconCloudAzureAccount -AccessToken $AccessToken -TenantId $AzureTenantId -SubscriptionId $AzureSubscriptionId -ClientId $Env:AZURE_CLIENT_ID -AccountType $AzureAccountType -YearsValid $AzureYearsValid
 
     # Register Azure Management Group in Falcon Cloud Security
     if ($TargetScope -eq 'ManagementGroup') {
-        New-FalconCloudAzureGroup -TenantId $AzureTenantId -DefaultSubscriptionId $AzureSubscriptionId 
+        New-FalconCloudAzureGroup -AccessToken $AccessToken -TenantId $AzureTenantId -DefaultSubscriptionId $AzureSubscriptionId
     }
 
     # Get Falcon Azure Application certificate
-    $azurePublicCertificate = (Get-FalconCloudAzureCertificate -TenantId $AzureTenantId).public_certificate
+    $azurePublicCertificate = (Get-FalconCloudAzureCertificate -AccessToken $AccessToken -TenantId $AzureTenantId).public_certificate
 
     # Add certificate to existing Azure Application Registration
     if([System.Convert]::ToBoolean($UseExistingAppRegistration)) {
-        Set-AzureAppRegistrationCertificate -TenantId $AzureTenantId -SubscriptionId $AzureSubscriptionId -ClientId ${Env:AZURE_CLIENT_ID} -ClientSecret ${Env:AZURE_CLIENT_SECRET} -ClientCertificate $azurePublicCertificate
+        Set-AzureAppRegistrationCertificate -AccessToken $AccessToken -TenantId $AzureTenantId -SubscriptionId $AzureSubscriptionId -ClientId ${Env:AZURE_CLIENT_ID} -ClientSecret ${Env:AZURE_CLIENT_SECRET} -ClientCertificate $azurePublicCertificate
     }
 
     $DeploymentScriptOutputs['public_certificate'] = $azurePublicCertificate