Get-FalconActor

SYNOPSIS

Search for Falcon Intelligence threat actors

DESCRIPTION

Requires 'Actors (Falcon Intelligence): Read'.

PARAMETERS

Name	Type	Description	Min	Max	Allowed	Pipeline	PipelineByName
Id	String[]	Threat actor identifier				X	X
Filter	String	Falcon Query Language expression to limit results `actor_type` `capability` `capability.value` `created_date` `description` `ecrime_kill_chain.attribution` `ecrime_kill_chain.crimes` `ecrime_kill_chain.customers` `ecrime_kill_chain.marketing` `ecrime_kill_chain.monetization` `ecrime_kill_chain.services_offered` `ecrime_kill_chain.services_used` `ecrime_kill_chain.technical_tradecraft` `ecrime_kill_chain.victims` `first_activity_date` `group` `group.value` `id` `kill_chain.actions_and_objectives` `kill_chain.actions_on_objectives` `kill_chain.command_and_control` `kill_chain.delivery` `kill_chain.exploitation` `kill_chain.installation` `kill_chain.objectives` `kill_chain.reconnaissance` `kill_chain.weaponization` `known_as` `last_activity_date` `last_modified_date` `motivations` `motivations.value` `name` `origins` `origins.value` `region` `region.value` `short_description` `target_countries` `target_countries.value` `target_industries` `target_industries.value`
Query	String	Perform a generic substring search across available fields
Sort	String	Property and direction to sort results			`name\|asc` `name\|desc` `target_countries\|asc` `target_countries\|desc` `target_industries\|asc` `target_industries\|desc` `type\|asc` `type\|desc` `created_date\|asc` `created_date\|desc` `last_activity_date\|asc` `last_activity_date\|desc` `last_modified_date\|asc` `last_modified_date\|desc`
Limit	Int32	Maximum number of results per request	`1`	`5000`
Field	String[]	Specific fields to return, or a predefined collection name surrounded by two underscores [default: basic]
Include	String	Include additional information			`tactic_and_technique`
Offset	Int32	Position to begin retrieving results
Detailed	Switch	Retrieve detailed information
All	Switch	Repeat requests until all available results are retrieved
Total	Switch	Display total result count instead of results

SYNTAX

Get-FalconActor [[-Filter] <String>] [[-Query] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [[-Include] <String>] [-Offset <Int32>] [-All] [-Total] [-WhatIf] [-Confirm] [<CommonParameters>]

Get-FalconActor -Id <String[]> [[-Field] <String[]>] [-WhatIf] [-Confirm] [<CommonParameters>]

Get-FalconActor [[-Filter] <String>] [[-Query] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [[-Field] <String[]>] [[-Include] <String>] [-Offset <Int32>] -Detailed [-All] [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

GET /intel/combined/actors/v1
GET /intel/entities/actors/v1
GET /intel/queries/actors/v1

falconpy

QueryIntelActorIds
GetIntelActorEntities
QueryIntelActorEntities

USAGE

Search for a list of actor IDs

Get-FalconActor -Filter "target_countries:'united states'+target_countries:'canada'+target_industries:'government'" [-All]

Search for actors using a specific ID

Get-FalconActor -Id <id>, <id>

Search for detailed actor information

Get-FalconActor -Filter "target_countries:'united states'+target_countries:'canada'+target_industries:'government'" -Limit 1 -Detailed

2025-09-19: PSFalcon v2.2.9

Get FalconActor - CrowdStrike/psfalcon GitHub Wiki

Get-FalconActor

SYNOPSIS

DESCRIPTION

PARAMETERS

SYNTAX

REFERENCE

Endpoints

falconpy

USAGE

Search for a list of actor IDs

Search for actors using a specific ID

Search for detailed actor information

⚠️ GitHub.com Fallback ⚠️

Get FalconActor - CrowdStrike/psfalcon GitHub Wiki

Get-FalconActor

SYNOPSIS

DESCRIPTION

PARAMETERS

SYNTAX

REFERENCE

Endpoints

falconpy

USAGE

Search for a list of actor IDs

Search for actors using a specific ID

Search for detailed actor information

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️