Exporting 'PreventionPolicy'...
VERBOSE: [Invoke-Endpoint] GET https://api.us-2.crowdstrike.com/policy/combined/prevention/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>-2e1e47980082
VERBOSE: [Read-Meta] pagination_offset: 7, pagination_total: 7
VERBOSE: [Invoke-Endpoint] GET https://api.us-2.crowdstrike.com/policy/combined/prevention/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>-9ca64fad61d7
VERBOSE: [Read-Meta] pagination_offset: 1, pagination_total: 1
VERBOSE: [Invoke-Loop] retrieved results
VERBOSE: [Invoke-Endpoint] GET https://api.us-2.crowdstrike.com/policy/combined/prevention/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>-7fb8c29e45ef
VERBOSE: [Read-Meta] pagination_offset: 1, pagination_total: 1
VERBOSE: [Invoke-Loop] retrieved results
VERBOSE: [Invoke-Endpoint] GET https://api.us-2.crowdstrike.com/policy/combined/prevention/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>-245b0392de22
VERBOSE: [Read-Meta] pagination_offset: 1, pagination_total: 1
VERBOSE: [Invoke-Loop] retrieved results
VERBOSE: [Invoke-Endpoint] GET https://api.us-2.crowdstrike.com/policy/combined/prevention/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>-9ace-f080bdf4a704
VERBOSE: [Read-Meta] pagination_offset: 1, pagination_total: 1
VERBOSE: [Invoke-Loop] retrieved results
VERBOSE: [Invoke-Endpoint] GET https://api.us-2.crowdstrike.com/policy/combined/prevention/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>16b9f206c835
VERBOSE: [Read-Meta] pagination_offset: 1, pagination_total: 1
VERBOSE: [Invoke-Loop] retrieved results
VERBOSE: [Invoke-Endpoint] GET https://api.us-2.crowdstrike.com/policy/combined/prevention/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>42f35de8
VERBOSE: [Read-Meta] pagination_offset: 1, pagination_total: 1
VERBOSE: [Invoke-Loop] retrieved results
VERBOSE: [Invoke-Endpoint] GET https://api.us-2.crowdstrike.com/policy/combined/prevention/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>f8a3fa0e8eba
VERBOSE: [Read-Meta] pagination_offset: 1, pagination_total: 1
VERBOSE: [Invoke-Loop] retrieved results
In the other CID, it only gets as far as Exporting DeviceControlPolicy be for showing the same sort of behaviour. So I know it's not specific to prevention policies. This has been tested with an API which has every privilege available and it still occurs.
Exporting 'HostGroup'...
VERBOSE: [Invoke-Endpoint] GET https://api.crowdstrike.com/devices/combined/host-groups/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>-4d7da3323338
VERBOSE: [Read-Meta] pagination_offset: 67, pagination_total: 67
Exporting 'IOAGroup'...
VERBOSE: [Invoke-Endpoint] GET https://api.crowdstrike.com/ioarules/queries/rule-groups/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>-8f61a32bfcc8
VERBOSE: [Read-Meta] pagination_offset: 500, pagination_total: 8
VERBOSE: [Invoke-Endpoint] GET https://api.crowdstrike.com/ioarules/entities/rule-groups/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>cb315f261a49
Exporting 'FirewallGroup'...
VERBOSE: [Invoke-Endpoint] GET https://api.crowdstrike.com/fwmgr/queries/rule-groups/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>09dbf958fe0b
Exporting 'DeviceControlPolicy'...
VERBOSE: [Invoke-Endpoint] GET https://api.crowdstrike.com/policy/combined/device-control/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>-8d715ea0a72d
VERBOSE: [Read-Meta] pagination_total: 1
VERBOSE: [Invoke-Loop] retrieved results
VERBOSE: [Invoke-Endpoint] GET https://api.crowdstrike.com/policy/combined/device-control/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>d7e0398ec65b
VERBOSE: [Read-Meta] pagination_total: 1
VERBOSE: [Invoke-Loop] retrieved results
VERBOSE: [Invoke-Endpoint] GET https://api.crowdstrike.com/policy/combined/device-control/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>-9576753d78fc
VERBOSE: [Read-Meta] pagination_total: 1
VERBOSE: [Invoke-Loop] retrieved results
VERBOSE: [Invoke-Endpoint] GET https://api.crowdstrike.com/policy/combined/device-control/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>-b44f883aef0e
VERBOSE: [Read-Meta] pagination_total: 1
VERBOSE: [Invoke-Loop] retrieved results
VERBOSE: [Invoke-Endpoint] GET https://api.crowdstrike.com/policy/combined/device-control/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>-0bda82260eb3
VERBOSE: [Read-Meta] pagination_total: 1
VERBOSE: [Invoke-Loop] retrieved results
VERBOSE: [Invoke-Endpoint] GET https://api.crowdstrike.com/policy/combined/device-control/v1
VERBOSE: [Read-Meta] trace_id: <Obfuscated>10a7edc46bba
VERBOSE: [Read-Meta] pagination_total: 1
VERBOSE: [Invoke-Loop] retrieved results
..and so on.