-
Notifications
You must be signed in to change notification settings - Fork 81
Start FalconScan
bk-cs edited this page Jan 17, 2023
·
4 revisions
Start an on-demand scan
Requires 'On-demand scans (ODS): Write'.
| Name | Type | Min | Max | Allowed | Pipeline | PipelineByName | Description |
|---|---|---|---|---|---|---|---|
| FilePath | String[] | File path(s) to scan | |||||
| SensorDetection | String |
disabledcautiousmoderateaggressiveextra_aggressive
|
On-sensor machine-learning detection level | ||||
| SensorPrevention | String |
disabledcautiousmoderateaggressiveextra_aggressive
|
On-sensor machine-learning prevention level | ||||
| CloudDetection | String |
disabledcautiousmoderateaggressiveextra_aggressive
|
Cloud-based machine-learning detection level | ||||
| CloudPrevention | String |
disabledcautiousmoderateaggressiveextra_aggressive
|
Cloud-based machine-learning prevention level | ||||
| ScanExclusion | String[] | File path(s) to exclude, in glob syntax | |||||
| Quarantine | Boolean | Quarantine malicious files | |||||
| MaxFileSize | Int32 | Maximum file size, in MB | |||||
| CpuPriority | String |
up_to_1up_to_25up_to_50up_to_75up_to_100
|
Maximum CPU utilization | ||||
| Notification | Boolean | ||||||
| MaxDuration | Int32 | 0 |
24 |
Allowable scan duration, in hours | |||
| PauseDuration | Int32 | 0 |
24 |
Allowable pause duration, in hours | |||
| Description | String | On-demand scan description | |||||
| GroupId | String[] | Host Group identifier | |||||
| Id | String[] | X | X | Host identifier |
Start-FalconScan [-FilePath] <String[]> [-SensorDetection] <String> [-SensorPrevention] <String> [-CloudDetection] <String> [-CloudPrevention] <String> [[-ScanExclusion] <String[]>] [[-Quarantine] <Boolean>] [[-MaxFileSize] <Int32>] [[-CpuPriority] <String>] [[-Notification] <Boolean>] [[-MaxDuration] <Int32>] [[-PauseDuration] <Int32>] [[-Description] <String>] [-GroupId <String[]>] [-Id <String[]>] [-WhatIf] [-Confirm] [<CommonParameters>]2023-01-17: PSFalcon v2.2.4

- Using PSFalcon
-
Commands by Permission
- Actors (Falcon Intelligence)
- Alerts
- API integrations
- App Logs
- Assets
- CAO Hunting
- Case Templates
- Cases
- Channel File Control Settings
- Cloud Security API Assets
- Configuration Assessment
- Content Update Policies
- Correlation Rules
- CSPM registration
- Custom IOA rules
- Device Content
- Device control policies
- Event streams
- Falcon Complete Dashboards
- Falcon Container Image
- Falcon Data Replicator
- Falcon FileVantage
- Falcon FileVantage Content
- Firewall management
- Flight Control
- Host groups
- Host Migration
- Hosts
- Identity Protection Entities
- Identity Protection GraphQL
- Identity Protection Policy Rules
- Incidents
- Indicators (Falcon Intelligence)
- Installation tokens
- Installation token settings
- IOA Exclusions
- IOC Manager APIs
- IOCs
- IT Automation - Policies
- IT Automation - Task Executions
- IT Automation - Tasks
- IT Automation - User Groups
- Kubernetes Protection
- Machine Learning exclusions
- MalQuery
- Malware Families (Falcon Intelligence)
- Message Center
- Mobile Enrollment
- Monitoring rules (Falcon Intelligence Recon)
- NGSIEM
- NGSIEM Dashboards
- NGSIEM Lookup Files
- NGSIEM Parsers
- NGSIEM Saved Queries
- On demand scans (ODS)
- OverWatch Dashboard
- Prevention Policies
- Quarantined Files
- QuickScan Pro
- Real time response
- Real time response (admin)
- Reports (Falcon Intelligence)
- Response policies
- Rules (Falcon Intelligence)
- Sample uploads
- Sandbox (Falcon Intelligence)
- Scheduled Reports
- Sensor Download
- Sensor update policies
- Sensor Usage
- Sensor Visibility Exclusions
- Snapshot
- Snapshot Scanner Image Download
- Tailored Intelligence
- Threatgraph
- User management
- Vulnerabilities
- Vulnerabilities (Falcon Intelligence)
- Workflow
- Zero Trust Assessment
- Other Commands
- Examples
-
CrowdStrike SDKs
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust