Skip to content

Get FalconQueue

bk-cs edited this page May 9, 2023 · 17 revisions

Get-FalconQueue

SYNOPSIS

Create a report of Real-time Response commands in the offline queue

DESCRIPTION

Creates a CSV of pending Real-time Response commands and their related session information. By default, sessions within the offline queue expire 7 days after creation. Sessions can have additional commands appended to them to extend their expiration time.

Additional host information can be appended to the results using the 'Include' parameter.

Requires 'Real time response: Read', 'Real time response: Write' and 'Real time response (admin): Write'.

PARAMETERS

Name Type Description Min Max Allowed Pipeline PipelineByName
Days Int32 Number of days worth of sessions to retrieve [default: 7]
Include String[] Include additional properties agent_version
cid
external_ip
first_seen
host_hidden_status
hostname
last_seen
local_ip
mac_address
os_build
os_version
platform_name
product_type
product_type_desc
reduced_functionality_mode
serial_number
system_manufacturer
system_product_name
tags
HostId String[] Host identifier X X

SYNTAX

Get-FalconQueue [[-Days] <Int32>] [[-Include] <String[]>] [[-HostId] <String[]>] [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

POST /real-time-response/entities/queued-sessions/GET/v1

falconpy

RTR_ListQueuedSessions

USAGE

Get-FalconQueue will create a CSV file with information about sessions that have pending queued commands or have been created in the last 7 days (by default).

Get-FalconQueue [-Days]

2023-05-09: PSFalcon v2.2.5

Clone this wiki locally