-
Notifications
You must be signed in to change notification settings - Fork 67
Register FalconEventCollector
bk-cs edited this page Sep 3, 2024
·
21 revisions
Define Falcon LogScale or Falcon NGSIEM ingestion endpoint and token for logging
Once configured, the Falcon LogScale or Falcon NGSIEM destination can be used by PSFalcon but the module will not send events to until 'Enable' options are chosen. 'Remove-FalconEventCollector' can be used to remove a configured destination and stop the transmission of events.
Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
---|---|---|---|---|---|---|---|
Uri | Uri | Falcon LogScale cloud or Falcon NGSIEM HEC ingestion URI | X | ||||
Token | String | Falcon LogScale or Falcon NGSIEM ingestion token | X | ||||
Enable | String[] | Define events to send to the collector |
responses requests
|
X |
Register-FalconEventCollector [-Uri] <Uri> [-Token] <String> [[-Enable] <String[]>] [<CommonParameters>]
The Enable
parameter is optional and will configure PSFalcon to send requests
or responses
to Falcon
LogScale as they occur.
The Token
parameter expects your Falcon LogScale ingest token.
Register-FalconEventCollector -Uri https://cloud.community.humio.com -Token <string> -Enable responses, requests
Request-FalconToken -ClientId <string> -ClientSecret <string> -Collector @{ uri = 'string'; token = 'string' }
2024-09-03: PSFalcon v2.2.7
- Using PSFalcon
-
Commands and Permissions
- Configuration Import/Export
- Container Security
- Detection and Prevention Policies
- Discover for Cloud and Containers
- Discover
- Event Streams
- Falcon Complete Dashboards
- Falcon Complete Message Center
- Falcon Data Replicator
- Falcon Intelligence
- Falcon Intelligence Recon
- Falcon OverWatch Dashboards
- Falcon Sandbox
- FileVantage
- Firewall Management
- Flight Control
- Horizon
- Host and Host Group Management
- Identity Protection
- Image Assessment
- Incident and Detection Monitoring
- Installation Tokens
- Kubernetes Protection
- MalQuery
- Mobile Host Enrollment
- On-Demand Scanning
- Quarantine
- Real-time Response
- Real-time Response Policy
- Scheduled Reports and Searches
- Sensor Download
- Sensor Update Policy
- Spotlight
- Tailored Intelligence
- Third-party ingestion
- USB Device Control Policy
- Users and Roles
- Zero Trust Assessment
- Examples
-
CrowdStrike SDKs
- PSFalcon - PowerShell
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust