Get FalconHorizonIoaEvent

Get-FalconHorizonIoaEvent

SYNOPSIS

Retrieve Falcon Horizon Indicator of Attack events

DESCRIPTION

Requires 'CSPM registration: Read'.

PARAMETERS

Name	Type	Description	Min	Max	Allowed	PipelineByName
PolicyId	Int32	Policy identifier				X
CloudPlatform	String	Cloud platform			`aws` `azure` `gcp`
AwsAccountId	String	AWS account identifier				X
AzureSubscriptionId	String	Azure subscription identifier				X
AzureTenantId	String	Azure tenant identifier				X
UserId	String[]	User identifier
State	String	Event state
Limit	Int32	Maximum number of results per request	`1`	`500`
Offset	Int32	Position to begin retrieving results
All	Switch	Repeat requests until all available results are retrieved
Total	Switch	Display total result count instead of results

SYNTAX

Get-FalconHorizonIoaEvent [-PolicyId] <Int32> [[-CloudPlatform] <String>] [[-AwsAccountId] <String>] [[-AzureSubscriptionId] <String>] [[-AzureTenantId] <String>] [[-UserId] <String[]>] [[-State] <String>] [[-Limit] <Int32>] [-Offset <Int32>] [-All] [-Total] [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

GET /ioa/entities/events/v1

falconpy

GetIOAEvents

USAGE

Retrieve events using a filtered search

Get-FalconHorizonIoaEvent -Filter "cloud_provider:'aws'" [-Detailed] [-All]

2023-04-25: PSFalcon v2.2.5

Using PSFalcon
Commands and Permissions
Examples
- Code Examples
- Samples
CrowdStrike SDKs
- PSFalcon - PowerShell
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Get FalconHorizonIoaEvent

Get-FalconHorizonIoaEvent

SYNOPSIS

DESCRIPTION

PARAMETERS

SYNTAX

REFERENCE

Endpoints

falconpy

USAGE

Retrieve events using a filtered search

Clone this wiki locally