Register FalconEventCollector

Register-FalconEventCollector

SYNOPSIS

Define Falcon LogScale or Falcon NGSIEM ingestion endpoint and token for logging

DESCRIPTION

Once configured, the Falcon LogScale or Falcon NGSIEM destination can be used by PSFalcon but the module will not send events to until 'Enable' options are chosen. 'Remove-FalconEventCollector' can be used to remove a configured destination and stop the transmission of events.

PARAMETERS

Name	Type	Description	Allowed	PipelineByName
Uri	Uri	Falcon LogScale cloud or Falcon NGSIEM HEC ingestion URI		X
Token	String	Falcon LogScale or Falcon NGSIEM ingestion token		X
Enable	String[]	Define events to send to the collector	`responses` `requests`	X

SYNTAX

Register-FalconEventCollector [-Uri] <Uri> [-Token] <String> [[-Enable] <String[]>] [<CommonParameters>]

USAGE

Configure a Falcon LogScale collector

The Enable parameter is optional and will configure PSFalcon to send requests or responses to Falcon LogScale as they occur.

The Token parameter expects your Falcon LogScale ingest token.

Register-FalconEventCollector -Uri https://cloud.community.humio.com -Token <string> -Enable responses, requests

Set a Falcon LogScale collector during your authorization request

Request-FalconToken -ClientId <string> -ClientSecret <string> -Collector @{ uri = 'string'; token = 'string' }

2024-09-03: PSFalcon v2.2.7

Using PSFalcon
Commands and Permissions
Examples
- Code Examples
- Samples
CrowdStrike SDKs
- PSFalcon - PowerShell
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust

Provide feedback

Saved searches

Use saved searches to filter your results more quickly