Get FalconAsset - CrowdStrike/psfalcon GitHub Wiki
Search for assets in Falcon Discover
Requires 'Falcon Discover: Read' and 'Falcon Discover IoT: Read'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Id | String[] | Asset identifier | X | X | |||
| Filter | String |
Falcon Query Language expression to limit resultsaccount_enabledad_user_account_controlagent_versionaidassigned_tobios_manufacturerbios_versioncidcityclassificationconfidencecountrycpu_manufacturercreation_timestampcurrent_local_ipdata_providersdata_providers_countdepartmentdescriptionsdiscoverer_aidsdiscoverer_countdiscoverer_platform_namesdiscoverer_product_type_descsdiscoverer_tagsemailentity_typeexternal_ipfield_metadatafirst_discoverer_aidfirst_discoverer_ipfirst_seen_timestampfqdngroupshostnameidinternet_exposurekernel_versionlast_discoverer_aidlast_seen_timestamplocal_ip_addresseslocal_ips_countlocationmac_addressesmachine_domainmanaged_bynetwork_interfacesnetwork_interfaces.interface_aliasnetwork_interfaces.interface_descriptionnetwork_interfaces.local_ipnetwork_interfaces.mac_addressnetwork_interfaces.network_prefixnumber_of_disk_drivesobject_guidobject_sidos_is_eolos_service_packos_versionouowned_byphysical_core_countplatform_nameprocessor_package_countproduct_typeproduct_type_descreduced_functionality_modeservicenow_idsite_namestatesystem_manufacturersystem_product_namesystem_serial_numbertagsused_forAccount: account_nameaccount_typeadmin_privilegescidfirst_seen_timestampidlast_failed_login_hostnamelast_failed_login_timestamplast_failed_login_typelast_successful_login_host_citylast_successful_login_host_countrylast_successful_login_hostnamelast_successful_login_remote_iplast_successful_login_timestamplast_successful_login_typelogin_domainpassword_last_set_timestampuser_sidusernameExternal: asset_idasset_typeconfidenceconnectivity_statuscriticalitycriticality_descriptioncriticality_timestampcriticality_usernamedata_providersdiscovered_bydns_domain.fqdndns_domain.ispsdns_domain.parent_domaindns_domain.resolved_ipsdns_domain.services.applications.categorydns_domain.services.applications.cpedns_domain.services.applications.namedns_domain.services.applications.vendordns_domain.services.applications.versiondns_domain.services.cloud_providerdns_domain.services.cpesdns_domain.services.first_seendns_domain.services.hosting_providerdns_domain.services.iddns_domain.services.last_seendns_domain.services.platform_namedns_domain.services.portdns_domain.services.protocoldns_domain.services.protocol_portdns_domain.services.statusdns_domain.services.status_codedns_domain.services.transportdns_domain.typefirst_seenidinternet_exposureip.aidip.asnip.cloud_vm.descriptionip.cloud_vm.instance_idip.cloud_vm.lifecycleip.cloud_vm.mac_addressip.cloud_vm.owner_idip.cloud_vm.platformip.cloud_vm.private_ipip.cloud_vm.public_ipip.cloud_vm.regionip.cloud_vm.security_groupsip.cloud_vm.sourceip.cloud_vm.statusip.fqdnsip.ip_addressip.ispip.location.area_codeip.location.cityip.location.country_codeip.location.country_nameip.location.postal_codeip.location.region_codeip.location.region_nameip.location.timezoneip.ptrip.services.applications.categoryip.services.applications.cpeip.services.applications.nameip.services.applications.vendorip.services.applications.versionip.services.cloud_providerip.services.cpesip.services.first_seenip.services.last_seenip.services.platform_nameip.services.portip.services.protocolip.services.protocol_portip.services.statusip.services.status_codeip.services.transportlast_seenmanualperimetersubsidiaries.idsubsidiaries.nametriage.actiontriage.assigned_totriage.descriptiontriage.statustriage.updated_bytriage.updated_timestampIoT: device_familydevice_classdevice_typedevice_modebusiness_criticalityline_of_businessvirtual_zonesubnetpurdue_levelvlanlocal_ip_addressesmac_addressesphysical_connections_countdata_providersLogin: account_idaccount_nameaccount_typeadmin_privilegesaggregation_time_intervalaidcidfailure_descriptionhost_cityhost_countryhost_idhostnameidis_suspiciouslocal_iplogin_domainlogin_event_countlogin_statuslogin_timestamplogin_typeremote_ipuser_sidusername |
|||||
| Sort | String | Property and direction to sort results | |||||
| Limit | Int32 | Maximum number of results per request | |||||
| Include | String[] | Include additional properties |
login_eventbrowser_extensionhost_infoinstall_usagesystem_insightsthird_partyrisk_factors
|
||||
| Offset | Int32 | Position to begin retrieving results | |||||
| After | String | Pagination token to retrieve the next set of results | |||||
| Detailed | Switch | Retrieve detailed information | |||||
| All | Switch | Repeat requests until all available results are retrieved | |||||
| Total | Switch | Display total result count instead of results | |||||
| Account | Switch | Search for user account assets | |||||
| Application | Switch | Search for applications | |||||
| External | Switch | Search for external assets | |||||
| IoT | Switch | Search for IoT assets | |||||
| Login | Switch | Search for login events |
Get-FalconAsset [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [[-Include] <String[]>] [-Offset <Int32>] [-All] [-Total] [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconAsset -Id <String[]> -Login [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconAsset -Id <String[]> -IoT [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconAsset -Id <String[]> -External [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconAsset -Id <String[]> -Application [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconAsset -Id <String[]> -Account [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconAsset -Id <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconAsset [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [-Offset <Int32>] [-Detailed] [-All] [-Total] -Login [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconAsset [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [-After <String>] [-Detailed] [-All] [-Total] -IoT [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconAsset [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [-After <String>] [-Detailed] [-All] [-Total] -External [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconAsset [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [[-Include] <String[]>] [-After <String>] -Detailed [-All] -Application [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconAsset [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [-Offset <Int32>] [-All] [-Total] -Application [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconAsset [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [[-Include] <String[]>] [-Offset <Int32>] [-Detailed] [-All] [-Total] -Account [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconAsset [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [[-Include] <String[]>] [-After <String>] -Detailed [-All] [-WhatIf] [-Confirm] [<CommonParameters>]GET /discover/combined/applications/v1
GET /discover/combined/hosts/v1
GET /discover/entities/accounts/v1
GET /discover/entities/applications/v1
GET /discover/entities/hosts/v1
GET /discover/entities/iot-hosts/v1
GET /discover/entities/logins/v1
GET /discover/queries/accounts/v1
GET /discover/queries/applications/v1
GET /discover/queries/hosts/v1
GET /discover/queries/iot-hosts/v2
GET /discover/queries/logins/v1
GET /fem/entities/external-assets/v1
GET /fem/queries/external-assets/v2
query_hosts
get_logins
get_iot_hosts
get_external_assets
get_applications
get_accounts
get_hosts
query_logins
query_iot_hostsV2
query_external_assets_v2
combined_applications
query_applications
query_accounts
combined_hosts
Get-FalconAsset -Filter "entity_type:'unmanaged'+network_interfaces.local_ip:'192.168.25.0/24'" [-Detailed] [-All]Get-FalconAsset -Filter "entity_type:'managed'+product_type_desc:'Workstation'+platform_name:'Windows'+last_seen_timestamp:>'now-7d'" [-Detailed] [-All]Get-FalconAsset -Id <id>, <id>Get-FalconAsset -Filter "entity_type:'unsupported'+data_providers:'Falcon network scan'" -Detailed -All2025-09-19: PSFalcon v2.2.9
