-
Notifications
You must be signed in to change notification settings - Fork 81
Third party ingestion
bk-CS edited this page Oct 11, 2022
·
16 revisions

| Command | Permission |
|---|---|
| Register-FalconEventCollector | |
| Send-FalconEvent | |
| Send-FalconWebhook | |
| Show-FalconEventCollector | |
| Show-FalconMap | |
| Unregister-FalconEventCollector |
The -Enable parameter is optional and will configure PSFalcon to send requests or responses to Humio as they occur.
The -Token parameter expects your Humio ingest token.
Register-FalconEventCollector -Uri https://cloud.community.humio.com -Token <string> -Enable responses, requestsShow-FalconEventCollectorOnce a collector has been defined through Register-FalconEventCollector, any [PSCustomObject] can be sent to Humio.
Get-FalconHost -Limit 1 -Detailed | Send-FalconEventSend-FalconEvent -Object ([PSCustomObject]@{ Example = 'my_string' })Unregister-FalconEventCollectorAny [PSCustomObject] can be sent to a Slack webhook.
Get-FalconHost -Limit 1 -Detailed | Send-FalconWebhook -Type Slack -Uri https://hooks.slack.com/services/... Send-FalconWebhook -Type Slack -Uri https://hooks.slack.com/services/... -Object ([PSCustomObject]@{ Example = 'my_string' })Get-FalconIndicator -Filter "type:'hash_sha256'" -Limit 5 | Show-FalconMapShow-FalconMap -Indicator www.google.com, 8.8.8.8
- Using PSFalcon
-
Commands by Permission
- Actors (Falcon Intelligence)
- Alerts
- API integrations
- App Logs
- Assets
- CAO Hunting
- Case Templates
- Cases
- Channel File Control Settings
- Cloud Security API Assets
- Configuration Assessment
- Content Update Policies
- Correlation Rules
- CSPM registration
- Custom IOA rules
- Device Content
- Device control policies
- Event streams
- Falcon Complete Dashboards
- Falcon Container Image
- Falcon Data Replicator
- Falcon FileVantage
- Falcon FileVantage Content
- Firewall management
- Flight Control
- Host groups
- Host Migration
- Hosts
- Identity Protection Entities
- Identity Protection GraphQL
- Identity Protection Policy Rules
- Incidents
- Indicators (Falcon Intelligence)
- Installation tokens
- Installation token settings
- IOA Exclusions
- IOC Manager APIs
- IOCs
- IT Automation - Policies
- IT Automation - Task Executions
- IT Automation - Tasks
- IT Automation - User Groups
- Kubernetes Protection
- Machine Learning exclusions
- MalQuery
- Malware Families (Falcon Intelligence)
- Message Center
- Mobile Enrollment
- Monitoring rules (Falcon Intelligence Recon)
- NGSIEM
- NGSIEM Dashboards
- NGSIEM Lookup Files
- NGSIEM Parsers
- NGSIEM Saved Queries
- On demand scans (ODS)
- OverWatch Dashboard
- Prevention Policies
- Quarantined Files
- QuickScan Pro
- Real time response
- Real time response (admin)
- Reports (Falcon Intelligence)
- Response policies
- Rules (Falcon Intelligence)
- Sample uploads
- Sandbox (Falcon Intelligence)
- Scheduled Reports
- Sensor Download
- Sensor update policies
- Sensor Usage
- Sensor Visibility Exclusions
- Snapshot
- Snapshot Scanner Image Download
- Tailored Intelligence
- Threatgraph
- User management
- Vulnerabilities
- Vulnerabilities (Falcon Intelligence)
- Workflow
- Zero Trust Assessment
- Other Commands
- Examples
-
CrowdStrike SDKs
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust