-
Notifications
You must be signed in to change notification settings - Fork 67
Receive FalconRule
bk-cs edited this page Nov 30, 2023
·
20 revisions
Download the most recent ruleset, or a specific ruleset
Requires 'Rules (Falcon Intelligence): Read'.
Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
---|---|---|---|---|---|---|---|
Type | String | Ruleset type, used to retrieve the latest ruleset |
common-event-format netwitness snort-suricata-changelog snort-suricata-master snort-suricata-update yara-changelog yara-master yara-update
|
||||
IfNoneMatch | String | Download the latest rule set only if it doesn't a matching 'tags' value | |||||
IfModifiedSince | String | Restrict results to those modified after a provided date (HTTP, ANSIC or RFC850 format) | |||||
Path | String | Destination path | |||||
Id | Int32 | Ruleset identifier, used for a specific ruleset | X | X | |||
Force | Switch | Overwrite an existing file when present |
Receive-FalconRule [-Path] <String> [-Id] <Int32> [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]
Receive-FalconRule [-Type] <String> [[-IfNoneMatch] <String>] [[-IfModifiedSince] <String>] [-Path] <String> [-WhatIf] [-Confirm] [<CommonParameters>]
GET /intel/entities/rules-files/v1
GET /intel/entities/rules-latest-files/v1
GetIntelRuleFile
GetLatestIntelRuleFile
Receive-FalconRule -Type yara-master -Path .\yara-master.zip
Receive-FalconRule -Id <id> -Path .
ules.zip
2023-11-27: PSFalcon v2.2.6
- Using PSFalcon
-
Commands and Permissions
- Configuration Import/Export
- Container Security
- Detection and Prevention Policies
- Discover for Cloud and Containers
- Discover
- Event Streams
- Falcon Complete Dashboards
- Falcon Complete Message Center
- Falcon Data Replicator
- Falcon Intelligence
- Falcon Intelligence Recon
- Falcon OverWatch Dashboards
- Falcon Sandbox
- FileVantage
- Firewall Management
- Flight Control
- Horizon
- Host and Host Group Management
- Identity Protection
- Image Assessment
- Incident and Detection Monitoring
- Installation Tokens
- Kubernetes Protection
- MalQuery
- Mobile Host Enrollment
- On-Demand Scanning
- Quarantine
- Real-time Response
- Real-time Response Policy
- Scheduled Reports and Searches
- Sensor Download
- Sensor Update Policy
- Spotlight
- Tailored Intelligence
- Third-party ingestion
- USB Device Control Policy
- Users and Roles
- Zero Trust Assessment
- Examples
-
CrowdStrike SDKs
- PSFalcon - PowerShell
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust