Get FalconAsset - CrowdStrike/psfalcon GitHub Wiki
Search for assets in Falcon Discover
Requires 'Falcon Discover: Read' and 'Falcon Discover IoT: Read'.
Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
---|---|---|---|---|---|---|---|
Id | String[] | Asset identifier | X | X | |||
Filter | String |
Falcon Query Language expression to limit resultsaccount_enabled ad_user_account_control agent_version aid assigned_to bios_manufacturer bios_version cid city classification confidence country cpu_manufacturer creation_timestamp current_local_ip data_providers data_providers_count department descriptions discoverer_aids discoverer_count discoverer_platform_names discoverer_product_type_descs discoverer_tags email entity_type external_ip field_metadata first_discoverer_aid first_discoverer_ip first_seen_timestamp fqdn groups hostname id internet_exposure kernel_version last_discoverer_aid last_seen_timestamp local_ip_addresses local_ips_count location mac_addresses machine_domain managed_by network_interfaces network_interfaces.interface_alias network_interfaces.interface_description network_interfaces.local_ip network_interfaces.mac_address network_interfaces.network_prefix number_of_disk_drives object_guid object_sid os_is_eol os_service_pack os_version ou owned_by physical_core_count platform_name processor_package_count product_type product_type_desc reduced_functionality_mode servicenow_id site_name state system_manufacturer system_product_name system_serial_number tags used_for Account: account_name account_type admin_privileges cid first_seen_timestamp id last_failed_login_hostname last_failed_login_timestamp last_failed_login_type last_successful_login_host_city last_successful_login_host_country last_successful_login_hostname last_successful_login_remote_ip last_successful_login_timestamp last_successful_login_type login_domain password_last_set_timestamp user_sid username IoT: device_family device_class device_type device_mode business_criticality line_of_business virtual_zone subnet purdue_level vlan local_ip_addresses mac_addresses physical_connections_count data_providers Login: account_id account_name account_type admin_privileges aggregation_time_interval aid cid failure_description host_city host_country host_id hostname id is_suspicious local_ip login_domain login_event_count login_status login_timestamp login_type remote_ip user_sid username
|
|||||
Sort | String | Property and direction to sort results | |||||
Limit | Int32 | Maximum number of results per request | 1 |
100 |
|||
Include | String[] | Include additional properties | login_event |
||||
Offset | Int32 | Position to begin retrieving results | |||||
Detailed | Switch | Retrieve detailed information | |||||
All | Switch | Repeat requests until all available results are retrieved | |||||
Total | Switch | Display total result count instead of results | |||||
Account | Switch | Search for user account assets | |||||
Application | Switch | Search for applications | |||||
IoT | Switch | Search for IoT assets | |||||
Login | Switch | Search for login events |
Get-FalconAsset [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [[-Include] <String[]>] [-Offset <Int32>] [-Detailed] [-All] [-Total] [-WhatIf] [-Confirm] [<CommonParameters>]
Get-FalconAsset -Id <String[]> -Login [-WhatIf] [-Confirm] [<CommonParameters>]
Get-FalconAsset -Id <String[]> -IoT [-WhatIf] [-Confirm] [<CommonParameters>]
Get-FalconAsset -Id <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]
Get-FalconAsset -Id <String[]> -Application [-WhatIf] [-Confirm] [<CommonParameters>]
Get-FalconAsset -Id <String[]> -Account [-WhatIf] [-Confirm] [<CommonParameters>]
Get-FalconAsset [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [-Offset <Int32>] [-Detailed] [-All] [-Total] -Login [-WhatIf] [-Confirm] [<CommonParameters>]
Get-FalconAsset [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [-Offset <Int32>] [-Detailed] [-All] [-Total] -IoT [-WhatIf] [-Confirm] [<CommonParameters>]
Get-FalconAsset [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [-Offset <Int32>] [-Detailed] [-All] [-Total] -Application [-WhatIf] [-Confirm] [<CommonParameters>]
Get-FalconAsset [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [[-Include] <String[]>] [-Offset <Int32>] [-Detailed] [-All] [-Total] -Account [-WhatIf] [-Confirm] [<CommonParameters>]
GET /discover/entities/accounts/v1
GET /discover/entities/applications/v1
GET /discover/entities/hosts/v1
GET /discover/entities/iot-hosts/v1
GET /discover/entities/logins/v1
GET /discover/queries/accounts/v1
GET /discover/queries/applications/v1
GET /discover/queries/hosts/v1
GET /discover/queries/iot-hosts/v1
GET /discover/queries/logins/v1
query_hosts
get_logins
get_iot_hosts
get_hosts
get_applications
get_accounts
query_logins
query_iot_hosts
query_applications
query_accounts
Get-FalconAsset -Filter "entity_type:'unmanaged'+network_interfaces.local_ip:'192.168.25.0/24'" [-Detailed] [-All]
Get-FalconAsset -Filter "entity_type:'managed'+product_type_desc:'Workstation'+platform_name:'Windows'+last_seen_timestamp:>'now-7d'" [-Detailed] [-All]
Get-FalconAsset -Id <id>, <id>
2024-02-08: PSFalcon v2.2.6