Skip to content

Invoke FalconQuarantineAction

Jump to bottom
bk-CS edited this page Oct 11, 2022 · 22 revisions

Invoke-FalconQuarantineAction

SYNOPSIS

Perform actions on quarantined files

DESCRIPTION

Requires 'Quarantined Files: Write'.

PARAMETERS

Name Type Min Max Allowed Pipeline PipelineByName Description
Action String release
unrelease
delete 		Action to perform
Filter String Falcon Query Language statement
Query String Match phrase prefix
Comment String Audit log comment
Id String[] X X Quarantined file identifier

SYNTAX

Invoke-FalconQuarantineAction [-Action] <String> [[-Comment] <String>] [-Id] <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-FalconQuarantineAction [-Action] <String> -Filter <String> [[-Query] <String>] [[-Comment] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

USAGE

Delete specific quarantined files

Invoke-FalconQuarantineAction -Action delete -Id <id>, <id>

Release quarantined files using a filtered search

Invoke-FalconQuarantineAction -Action release -Filter "device.hostname:'EXAMPLE-PC'"

See Test-FalconQuarantineAction.

2022-10-10: PSFalcon v2.2.3

Clone this wiki locally