-
Notifications
You must be signed in to change notification settings - Fork 69
Get FalconIntel
bk-cs edited this page Apr 28, 2023
·
22 revisions
Search for intelligence reports
Requires 'Reports (Falcon Intelligence): Read'.
Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
---|---|---|---|---|---|---|---|
Id | String[] | Report identifier | X | X | |||
Filter | String |
Falcon Query Language expression to limit resultsactors actors.name created_date description id last_modified_date motivations motivations.value name short_description sub_type sub_type.value tags tags.value target_countries target_countries.value target_industries target_industries.value type type.value
|
|||||
Query | String | Perform a generic substring search across available fields | |||||
Sort | String | Property and direction to sort results |
name|asc name|desc target_countries|asc target_countries|desc target_industries|asc target_industries|desc type|asc type|desc created_date|asc created_date|desc last_modified_date|asc last_modified_date|desc
|
||||
Limit | Int32 | Maximum number of results per request | 1 |
5000 |
|||
Field | String[] | Specific fields, or a predefined collection name surrounded by two underscores [default: basic] | |||||
Offset | Int32 | Position to begin retrieving results | |||||
Detailed | Switch | Retrieve detailed information | |||||
All | Switch | Repeat requests until all available results are retrieved | |||||
Total | Switch | Display total result count instead of results |
Get-FalconIntel [[-Filter] <String>] [[-Query] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [-Offset <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]
Get-FalconIntel -Id <String[]> [[-Field] <String[]>] [-All] [-Total] [-WhatIf] [-Confirm] [<CommonParameters>]
Get-FalconIntel [[-Filter] <String>] [[-Query] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [[-Field] <String[]>] [-Offset <Int32>] -Detailed [-All] [-WhatIf] [-Confirm] [<CommonParameters>]
GET /intel/combined/reports/v1
GET /intel/entities/reports/v1
GET /intel/queries/reports/v1
QueryIntelReportIds
GetIntelReportEntities
QueryIntelReportEntities
Get-FalconIntel -Filter "target_countries:'united states'+target_industries:'government'"
Get-FalconIntel -Id <id>, <id>
Get-FalconIntel -Filter "target_countries:'afghanistan'" -Limit 1 -Detailed
2023-04-25: PSFalcon v2.2.5
- Using PSFalcon
-
Commands and Permissions
- Configuration Import/Export
- Container Security
- Detection and Prevention Policies
- Discover for Cloud and Containers
- Discover
- Event Streams
- Falcon Complete Dashboards
- Falcon Complete Message Center
- Falcon Data Replicator
- Falcon Intelligence
- Falcon Intelligence Recon
- Falcon OverWatch Dashboards
- Falcon Sandbox
- FileVantage
- Firewall Management
- Flight Control
- Horizon
- Host and Host Group Management
- Identity Protection
- Image Assessment
- Incident and Detection Monitoring
- Installation Tokens
- Kubernetes Protection
- MalQuery
- Mobile Host Enrollment
- On-Demand Scanning
- Quarantine
- Real-time Response
- Real-time Response Policy
- Scheduled Reports and Searches
- Sensor Download
- Sensor Update Policy
- Spotlight
- Tailored Intelligence
- Third-party ingestion
- USB Device Control Policy
- Users and Roles
- Zero Trust Assessment
- Examples
-
CrowdStrike SDKs
- PSFalcon - PowerShell
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust