Invoke FalconCommand

Invoke-FalconCommand

SYNOPSIS

Issue a Real-time Response read-only command to an existing single-host or batch session

DESCRIPTION

Sessions can be started using 'Start-FalconSession'. A successfully created session will contain a 'session_id' or 'batch_id' value which can be used with the '-SessionId' or '-BatchId' parameters.

The 'Wait' parameter will use 'Confirm-FalconCommand' to check for command results every 5 seconds for a total of 60 seconds.

Requires 'Real Time Response: Read'.

PARAMETERS

Name	Type	Min	Max	Allowed	PipelineByName	Description
Command	String			`cat` `cd` `clear` `csrutil` `env` `eventlog backup` `eventlog export` `eventlog list` `eventlog view` `filehash` `getsid` `help` `history` `ifconfig` `ipconfig` `ls` `mount` `netstat` `ps` `reg query` `users`		Real-time Response command
Argument	String					Arguments to include with the command
OptionalHostId	String[]					Restrict execution to specific host identifiers
Timeout	Int32	`30`	`600`			Length of time to wait for a result, in seconds
SessionId	String				X	Session identifier
BatchId	String				X	Batch session identifier
Wait	Switch					Use 'Confirm-FalconCommand' to retrieve single-host command results

SYNTAX

Invoke-FalconCommand [-Command] <String> [[-Argument] <String>] [[-OptionalHostId] <String[]>] [[-Timeout] <Int32>] -BatchId <String> [-Wait] [-WhatIf] [-Confirm] [<CommonParameters>]

Invoke-FalconCommand [-Command] <String> [[-Argument] <String>] -SessionId <String> [-Wait] [-WhatIf] [-Confirm] [<CommonParameters>]

SDK Reference

falconpy

BatchCmd,RTR-ExecuteCommand

USAGE

2022-10-21: PSFalcon v2.2.3

Using PSFalcon
Commands and Permissions
Examples
- Code Examples
- Samples
CrowdStrike SDKs
- PSFalcon - PowerShell
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust

Provide feedback

Saved searches

Use saved searches to filter your results more quickly