TheJumpCloud · gweinjc · Feb 18, 2025 · Feb 18, 2025 · Feb 18, 2025 · Feb 18, 2025
@@ -1,6 +1,6 @@
 #### Name
 
-Windows - Install CrowdStrike Falcon Agent | v2.1 JCCG
+Windows - Install CrowdStrike Falcon Agent | v2.2 JCCG
 
 #### commandType
 
@@ -97,20 +97,19 @@ function Get-CrowdStrikeSensorInstaller {
         }
     }
     process {
-        $Response = Invoke-WebRequest -Uri "$CSBaseAddress/sensors/combined/installers/v1" -method Get -Headers $CrowdStrikeAuthHeader -UseBasicParsing
+        $Response = Invoke-WebRequest -Uri "$CSBaseAddress/sensors/combined/installers/v1?filter=platform:%27windows%27" -method Get -Headers $CrowdStrikeAuthHeader -UseBasicParsing
 
         if ($Response.headers."X-Ratelimit-Remaining" -le 0) {
             Write-Host "Too many requests are being made to CrowdStrike services..."
             exit 429
         }
 
         $Installers = $Response.Content | ConvertFrom-Json
-        $Installers = $Installers.Resources | Group-Object platform
 
         switch ($operatingSystem) {
             windows {
-                $WindowsInstallers = $Installers | Where-Object Name -eq 'windows'
-                $SortedInstallers = $WindowsInstallers.Group | Sort-Object version -Descending
+                $WindowsInstallers = $Installers.resources
+                $SortedInstallers = $WindowsInstallers | Sort-Object version -Descending
             }
         }
         if ($Windows7Sensor -eq $true) {

@@ -357,9 +357,9 @@
     "description": "This command will return the Window Defender Exclusion settings\n\nThe command Get-MpPreference is only available in the 64-bit environment and the JumpCloud agent operates in the 32-bit environment which is why sysnative is used."
   },
   {
-    "name": "Windows - Install CrowdStrike Falcon Agent | v2.1 JCCG",
+    "name": "Windows - Install CrowdStrike Falcon Agent | v2.2 JCCG",
     "type": "windows",
-    "command": "$CSBaseAddress = \"\"\n$CSClientID = \"\"\n$CSClientSecret = \"\"\n\n# Installation Token (Only use if you have Require Tokens enabled for your organization)\n# https://falcon.us-2.crowdstrike.com/documentation/page/f8a0f751/host-and-host-group-management#x7be77b4\n\n$CSInstallToken=\"\"\n\n# Mark $true if this install is for Windows 7 machines\n$Windows7Sensor = $false\n\n############### Do Not Edit Below This Line ###############\nfunction Connect-CrowdStrike {\n    param(\n        [Parameter(Position = 1)]\n        [ValidateSet('https://api.crowdstrike.com', 'https://api.us-2.crowdstrike.com',\n            'https://api.eu-1.crowdstrike.com', 'https://api.laggar.gcw.crowdstrike.com')]\n        [string] $CSBaseAddress,\n\n        [Parameter(Position = 2)]\n        [ValidatePattern('\\w{32}')]\n        [string] $CSClientId,\n\n        [Parameter(Position = 3)]\n        [ValidatePattern('\\w{40}')]\n        [string] $CSClientSecret\n    )\n    begin {\n        $ApiBody = @{\n            \"client_id\"     = $CSClientId\n            \"client_secret\" = $CSClientSecret\n        }\n        $Headers = @{\n            \"Accept\"       = \"application/json\";\n            \"Content-Type\" = \"application/x-www-form-urlencoded\"\n        }\n        $global:CSBaseAddress = $CSBaseAddress\n    }\n    process {\n        $Response = Invoke-WebRequest -Uri \"$CSBaseAddress/oauth2/token\" -Method Post -Headers $Headers -Body $ApiBody -UseBasicParsing\n\n        if ($Response.headers.\"X-Ratelimit-Remaining\" -le 0) {\n            Write-Host \"Too many requests are being made to CrowdStrike services...\"\n            exit 429\n        }\n        if ($Response.StatusCode -eq 201) {\n            Write-Host \"Successfully authenticated; Access Token created\"\n            $CrowdStrikeAccessToken = [regex]::Matches($Response.Content, '\"(?<name>access_token)\": \"(?<access_token>.*)\",')[0].Groups['access_token'].Value\n            $global:CrowdStrikeAccessToken = $CrowdStrikeAccessToken\n        }\n    }\n}\nfunction Get-CrowdStrikeCcid {\n    begin {\n        $CrowdStrikeAuthHeader = @{\n            \"Authorization\" = \"bearer $CrowdStrikeAccessToken\"\n            \"Accept\"        = \"application/json\"\n        }\n    }\n    process {\n        $Response = Invoke-WebRequest -Uri \"$CSBaseAddress/sensors/queries/installers/ccid/v1\" -method Get -Headers $CrowdStrikeAuthHeader -UseBasicParsing\n\n        if ($Response.headers.\"X-Ratelimit-Remaining\" -le 0) {\n            Write-Host \"Too many requests are being made to CrowdStrike services...\"\n            exit 429\n        }\n\n        $Ccid = [regex]::Matches($Response, '(?<ccid>\\w{32}-\\w{2})')[0].Groups['ccid'].Value\n    }\n    end {\n        return $Ccid\n    }\n}\n\nfunction Get-CrowdStrikeSensorInstaller {\n    param (\n        [Parameter(Position = 1)]\n        [ValidateSet('windows')]\n        [string] $operatingSystem\n    )\n    begin {\n        $CrowdStrikeAuthHeader = @{\n            \"Authorization\" = \"bearer $CrowdStrikeAccessToken\"\n            \"Accept\"        = \"application/json\"\n        }\n    }\n    process {\n        $Response = Invoke-WebRequest -Uri \"$CSBaseAddress/sensors/combined/installers/v1\" -method Get -Headers $CrowdStrikeAuthHeader -UseBasicParsing\n\n        if ($Response.headers.\"X-Ratelimit-Remaining\" -le 0) {\n            Write-Host \"Too many requests are being made to CrowdStrike services...\"\n            exit 429\n        }\n\n        $Installers = $Response.Content | ConvertFrom-Json\n        $Installers = $Installers.Resources | Group-Object platform\n\n        switch ($operatingSystem) {\n            windows {\n                $WindowsInstallers = $Installers | Where-Object Name -eq 'windows'\n                $SortedInstallers = $WindowsInstallers.Group | Sort-Object version -Descending\n            }\n        }\n        if ($Windows7Sensor -eq $true) {\n            $LatestInstaller = $SortedInstallers | Where-Object os -eq \"Windows 7\" | Select -First 1\n        } else {\n            $LatestInstaller = $SortedInstallers | Where-Object os -eq \"Windows\"| Select-Object -First 1\n        }\n    }\n    end {\n        return $LatestInstaller\n    }\n}\n\ntry {\n    Write-Host \"Connecting to CrowdStrike Tenant...\"\n    Connect-CrowdStrike -CSBaseAddress $CSBaseAddress -CSClientId $CSClientId -CSClientSecret $CSClientSecret\n} catch {\n    Write-Error \"Unable to connect to CrowdStrike...\"\n    exit 1\n}\n\nWrite-Host \"Gathering CCID information...\"\n$CID = Get-CrowdStrikeCcid\n\nWrite-Host \"Finding latest Windows installer...\"\n$LatestInstaller = Get-CrowdStrikeSensorInstaller -operatingSystem 'windows'\n\n$installerURL = \"$CSBaseAddress/sensors/entities/download-installer/v1?id=$($LatestInstaller.sha256)\"\n$CrowdStrikeAuthHeader = @{\n    \"Authorization\" = \"bearer $CrowdStrikeAccessToken\"\n    \"Accept\"        = \"application/octet-stream\"\n}\n\n$installerTempLocation = \"C:\\Windows\\Temp\\CSFalconAgentInstaller.exe\"\n\nif (Get-Service \"CSFalconService\" -ErrorAction SilentlyContinue) {\n    Write-Host \"Falcon Agent already installed, nothing to do.\"\n    exit 0\n}\nWrite-Host \"Falcon Agent not installed.\"\n\nWrite-Host \"Downloading Falcon Agent v$($LatestInstaller.version) installer now.\"\ntry {\n    $ProgressPreference = 'SilentlyContinue'\n    Invoke-WebRequest -Headers $CrowdStrikeAuthHeader -Uri $installerURL -UseBasicParsing -OutFile $installerTempLocation\n} catch {\n    Write-Error \"Unable to download Falcon Agent v$($LatestInstaller.version) installer.\"\n    exit 1\n}\nWrite-Host \"Finished downloading Falcon Agent v$($LatestInstaller.version) installer.\"\n\nWrite-Host \"Installing Falcon Agent v$($LatestInstaller.version) now, this may take a few minutes.\"\ntry {\n    $args = @(\"/install\", \"/quiet\", \"/norestart\", \"CID=$CID\")\n    if ($CSInstallToken){\n        $args += \"ProvToken=$CSInstallToken\"\n    }\n    $installerProcess = Start-Process -FilePath $installerTempLocation -Wait -PassThru -ArgumentList $args\n} catch {\n    Write-Error \"Failed to run Falcon Agent installer.\"\n    exit 1\n}\nWrite-Host \"Falcon Agent installer returned $($installerProcess.ExitCode).\"\n\nexit $installerProcess.ExitCode",
+    "command": "$CSBaseAddress = \"\"\n$CSClientID = \"\"\n$CSClientSecret = \"\"\n\n# Installation Token (Only use if you have Require Tokens enabled for your organization)\n# https://falcon.us-2.crowdstrike.com/documentation/page/f8a0f751/host-and-host-group-management#x7be77b4\n\n$CSInstallToken=\"\"\n\n# Mark $true if this install is for Windows 7 machines\n$Windows7Sensor = $false\n\n############### Do Not Edit Below This Line ###############\nfunction Connect-CrowdStrike {\n    param(\n        [Parameter(Position = 1)]\n        [ValidateSet('https://api.crowdstrike.com', 'https://api.us-2.crowdstrike.com',\n            'https://api.eu-1.crowdstrike.com', 'https://api.laggar.gcw.crowdstrike.com')]\n        [string] $CSBaseAddress,\n\n        [Parameter(Position = 2)]\n        [ValidatePattern('\\w{32}')]\n        [string] $CSClientId,\n\n        [Parameter(Position = 3)]\n        [ValidatePattern('\\w{40}')]\n        [string] $CSClientSecret\n    )\n    begin {\n        $ApiBody = @{\n            \"client_id\"     = $CSClientId\n            \"client_secret\" = $CSClientSecret\n        }\n        $Headers = @{\n            \"Accept\"       = \"application/json\";\n            \"Content-Type\" = \"application/x-www-form-urlencoded\"\n        }\n        $global:CSBaseAddress = $CSBaseAddress\n    }\n    process {\n        $Response = Invoke-WebRequest -Uri \"$CSBaseAddress/oauth2/token\" -Method Post -Headers $Headers -Body $ApiBody -UseBasicParsing\n\n        if ($Response.headers.\"X-Ratelimit-Remaining\" -le 0) {\n            Write-Host \"Too many requests are being made to CrowdStrike services...\"\n            exit 429\n        }\n        if ($Response.StatusCode -eq 201) {\n            Write-Host \"Successfully authenticated; Access Token created\"\n            $CrowdStrikeAccessToken = [regex]::Matches($Response.Content, '\"(?<name>access_token)\": \"(?<access_token>.*)\",')[0].Groups['access_token'].Value\n            $global:CrowdStrikeAccessToken = $CrowdStrikeAccessToken\n        }\n    }\n}\nfunction Get-CrowdStrikeCcid {\n    begin {\n        $CrowdStrikeAuthHeader = @{\n            \"Authorization\" = \"bearer $CrowdStrikeAccessToken\"\n            \"Accept\"        = \"application/json\"\n        }\n    }\n    process {\n        $Response = Invoke-WebRequest -Uri \"$CSBaseAddress/sensors/queries/installers/ccid/v1\" -method Get -Headers $CrowdStrikeAuthHeader -UseBasicParsing\n\n        if ($Response.headers.\"X-Ratelimit-Remaining\" -le 0) {\n            Write-Host \"Too many requests are being made to CrowdStrike services...\"\n            exit 429\n        }\n\n        $Ccid = [regex]::Matches($Response, '(?<ccid>\\w{32}-\\w{2})')[0].Groups['ccid'].Value\n    }\n    end {\n        return $Ccid\n    }\n}\n\nfunction Get-CrowdStrikeSensorInstaller {\n    param (\n        [Parameter(Position = 1)]\n        [ValidateSet('windows')]\n        [string] $operatingSystem\n    )\n    begin {\n        $CrowdStrikeAuthHeader = @{\n            \"Authorization\" = \"bearer $CrowdStrikeAccessToken\"\n            \"Accept\"        = \"application/json\"\n        }\n    }\n    process {\n        $Response = Invoke-WebRequest -Uri \"$CSBaseAddress/sensors/combined/installers/v1?filter=platform:%27windows%27\" -method Get -Headers $CrowdStrikeAuthHeader -UseBasicParsing\n\n        if ($Response.headers.\"X-Ratelimit-Remaining\" -le 0) {\n            Write-Host \"Too many requests are being made to CrowdStrike services...\"\n            exit 429\n        }\n\n        $Installers = $Response.Content | ConvertFrom-Json\n\n        switch ($operatingSystem) {\n            windows {\n                $WindowsInstallers = $Installers.resources\n                $SortedInstallers = $WindowsInstallers | Sort-Object version -Descending\n            }\n        }\n        if ($Windows7Sensor -eq $true) {\n            $LatestInstaller = $SortedInstallers | Where-Object os -eq \"Windows 7\" | Select -First 1\n        } else {\n            $LatestInstaller = $SortedInstallers | Where-Object os -eq \"Windows\"| Select-Object -First 1\n        }\n    }\n    end {\n        return $LatestInstaller\n    }\n}\n\ntry {\n    Write-Host \"Connecting to CrowdStrike Tenant...\"\n    Connect-CrowdStrike -CSBaseAddress $CSBaseAddress -CSClientId $CSClientId -CSClientSecret $CSClientSecret\n} catch {\n    Write-Error \"Unable to connect to CrowdStrike...\"\n    exit 1\n}\n\nWrite-Host \"Gathering CCID information...\"\n$CID = Get-CrowdStrikeCcid\n\nWrite-Host \"Finding latest Windows installer...\"\n$LatestInstaller = Get-CrowdStrikeSensorInstaller -operatingSystem 'windows'\n\n$installerURL = \"$CSBaseAddress/sensors/entities/download-installer/v1?id=$($LatestInstaller.sha256)\"\n$CrowdStrikeAuthHeader = @{\n    \"Authorization\" = \"bearer $CrowdStrikeAccessToken\"\n    \"Accept\"        = \"application/octet-stream\"\n}\n\n$installerTempLocation = \"C:\\Windows\\Temp\\CSFalconAgentInstaller.exe\"\n\nif (Get-Service \"CSFalconService\" -ErrorAction SilentlyContinue) {\n    Write-Host \"Falcon Agent already installed, nothing to do.\"\n    exit 0\n}\nWrite-Host \"Falcon Agent not installed.\"\n\nWrite-Host \"Downloading Falcon Agent v$($LatestInstaller.version) installer now.\"\ntry {\n    $ProgressPreference = 'SilentlyContinue'\n    Invoke-WebRequest -Headers $CrowdStrikeAuthHeader -Uri $installerURL -UseBasicParsing -OutFile $installerTempLocation\n} catch {\n    Write-Error \"Unable to download Falcon Agent v$($LatestInstaller.version) installer.\"\n    exit 1\n}\nWrite-Host \"Finished downloading Falcon Agent v$($LatestInstaller.version) installer.\"\n\nWrite-Host \"Installing Falcon Agent v$($LatestInstaller.version) now, this may take a few minutes.\"\ntry {\n    $args = @(\"/install\", \"/quiet\", \"/norestart\", \"CID=$CID\")\n    if ($CSInstallToken){\n        $args += \"ProvToken=$CSInstallToken\"\n    }\n    $installerProcess = Start-Process -FilePath $installerTempLocation -Wait -PassThru -ArgumentList $args\n} catch {\n    Write-Error \"Failed to run Falcon Agent installer.\"\n    exit 1\n}\nWrite-Host \"Falcon Agent installer returned $($installerProcess.ExitCode).\"\n\nexit $installerProcess.ExitCode",
     "link": "https://github.com/TheJumpCloud/support/blob/master/PowerShell/JumpCloud%20Commands%20Gallery/Windows%20Commands/Windows%20-%20Install%20CrowdStrike%20Falcon%20Agent.md",
     "description": "This command will download and install the CrowdStrike Falcon Agent to the device if it isn't already installed. The command will leverage CrowdStrike's API to find and download the latest version of the Falcon Agent onto the local machine.\n\nFollow the instructions from the [Installing the CrowdStrike Falcon Agent KB](https://support.jumpcloud.com/s/article/Installing-the-Crowdstrike-Falcon-Agent#InstallWindows)\n\nIn order to use this command:\n\n1. Create a CrowdStrike API Client with the \"SENSOR DOWNLOAD\" Read scope and make note of the ClientID and ClientSecret Refer to CrowdStrike's article [Getting Access to the CrowdStrike API](https://www.crowdstrike.com/blog/tech-center/get-access-falcon-apis/) for further information\n2. Set the 3 variables (CSBaseAddress, CSClientID, CSClientSecret) to their respective values for your CrowdStrike API Client\n    1. If you have Require Token enabled for your CrowdStrike org, set the CSInstallToken variable with your installation token\n    2. If you're looking to install the Windows 7 sensor, set the Windows7Sensor variable to $true\n3. Extend the command timeout to a value that makes sense in your environment. The suggested command timeout for an environment with average network speeds on devices with average computing power is 10 minutes. Note that the command may timeout with a 124 error code in the command result window if not extended, but the script will continue to run."
   },