Get FalconCloudIoaEvent
Retrieve Falcon Cloud Security Indicator of Attack events
Requires 'CSPM registration: Read'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| PolicyId | Int32 | Policy identifier | X | ||||
| CloudPlatform | String | Cloud platform |
awsazuregcp
|
||||
| AwsAccountId | String | AWS account identifier | X | ||||
| AzureSubscriptionId | String | Azure subscription identifier | X | ||||
| AzureTenantId | String | Azure tenant identifier | X | ||||
| UserId | String[] | User identifier | |||||
| State | String | Event state | |||||
| Limit | Int32 | Maximum number of results per request | 1 |
500 |
|||
| Offset | Int32 | Position to begin retrieving results | |||||
| All | Switch | Repeat requests until all available results are retrieved | |||||
| Total | Switch | Display total result count instead of results |
Get-FalconCloudIoaEvent [-PolicyId] <Int32> [[-CloudPlatform] <String>] [[-AwsAccountId] <String>] [[-AzureSubscriptionId] <String>] [[-AzureTenantId] <String>] [[-UserId] <String[]>] [[-State] <String>] [[-Limit] <Int32>] [-Offset <Int32>] [-All] [-Total] [-WhatIf] [-Confirm] [<CommonParameters>]GET /ioa/entities/events/v1
2024-09-03: PSFalcon v2.2.7
