-
Notifications
You must be signed in to change notification settings - Fork 69
Get FalconQueue
bk-cs edited this page May 9, 2023
·
17 revisions
Create a report of Real-time Response commands in the offline queue
Creates a CSV of pending Real-time Response commands and their related session information. By default, sessions within the offline queue expire 7 days after creation. Sessions can have additional commands appended to them to extend their expiration time.
Additional host information can be appended to the results using the 'Include' parameter.
Requires 'Real time response: Read', 'Real time response: Write' and 'Real time response (admin): Write'.
Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
---|---|---|---|---|---|---|---|
Days | Int32 | Number of days worth of sessions to retrieve [default: 7] | |||||
Include | String[] | Include additional properties |
agent_version cid external_ip first_seen host_hidden_status hostname last_seen local_ip mac_address os_build os_version platform_name product_type product_type_desc reduced_functionality_mode serial_number system_manufacturer system_product_name tags
|
||||
HostId | String[] | Host identifier | X | X |
Get-FalconQueue [[-Days] <Int32>] [[-Include] <String[]>] [[-HostId] <String[]>] [-WhatIf] [-Confirm] [<CommonParameters>]
POST /real-time-response/entities/queued-sessions/GET/v1
Get-FalconQueue
will create a CSV file with information about sessions that have pending queued commands or have been created in the last 7 days (by default).
Get-FalconQueue [-Days]
2023-05-09: PSFalcon v2.2.5
- Using PSFalcon
-
Commands and Permissions
- Configuration Import/Export
- Container Security
- Detection and Prevention Policies
- Discover for Cloud and Containers
- Discover
- Event Streams
- Falcon Complete Dashboards
- Falcon Complete Message Center
- Falcon Data Replicator
- Falcon Intelligence
- Falcon Intelligence Recon
- Falcon OverWatch Dashboards
- Falcon Sandbox
- FileVantage
- Firewall Management
- Flight Control
- Horizon
- Host and Host Group Management
- Identity Protection
- Image Assessment
- Incident and Detection Monitoring
- Installation Tokens
- Kubernetes Protection
- MalQuery
- Mobile Host Enrollment
- On-Demand Scanning
- Quarantine
- Real-time Response
- Real-time Response Policy
- Scheduled Reports and Searches
- Sensor Download
- Sensor Update Policy
- Spotlight
- Tailored Intelligence
- Third-party ingestion
- USB Device Control Policy
- Users and Roles
- Zero Trust Assessment
- Examples
-
CrowdStrike SDKs
- PSFalcon - PowerShell
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust