Get FalconQueue

Get-FalconQueue

SYNOPSIS

Create a report of Real-time Response commands in the offline queue

DESCRIPTION

Creates a CSV of pending Real-time Response commands and their related session information. By default, sessions within the offline queue expire 7 days after creation. Sessions can have additional commands appended to them to extend their expiration time.

Additional host information can be appended to the results using the 'Include' parameter.

Requires 'Real Time Response: Read', 'Real Time Response: Write' and 'Real Time Response (Admin): Write'.

PARAMETERS

Name	Type	Min	Max	Allowed	Pipeline	PipelineByName	Description
Days	Int32						Days worth of results to retrieve [default: 7]
Include	String[]			`agent_version` `cid` `external_ip` `first_seen` `host_hidden_status` `hostname` `last_seen` `local_ip` `mac_address` `os_build` `os_version` `platform_name` `product_type` `product_type_desc` `reduced_functionality_mode` `serial_number` `system_manufacturer` `system_product_name` `tags`			Include additional properties

SYNTAX

Get-FalconQueue [[-Days] <Int32>] [[-Include] <String[]>] [<CommonParameters>]

USAGE

2022-10-31: PSFalcon v2.2.3

Using PSFalcon
Commands and Permissions
Examples
- Code Examples
- Samples
CrowdStrike SDKs
- PSFalcon - PowerShell
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust

Provide feedback

Saved searches

Use saved searches to filter your results more quickly