Get FalconHorizonIoa - CrowdStrike/psfalcon GitHub Wiki

Get-FalconHorizonIoa

SYNOPSIS

Search for Falcon Horizon Indicators of Attack

DESCRIPTION

Requires 'CSPM registration: Read'.

PARAMETERS

Name Type Description Min Max Allowed Pipeline PipelineByName
CloudPlatform String Cloud platform aws
azure
AccountId String Cloud account identifier X
AwsAccountId String AWS account identifier X
AzureSubscriptionId String Azure subscription identifier X
AzureTenantId String Azure tenant identifier X
ResourceId String[] Resource identifier
ResourceUuid String[] Resource UUID
Severity String Indicator of Attack severity High
Medium
Informational
Service String Cloud service ACM
ACR
Any
App Engine
AppService
BigQuery
Cloud Load Balancing
Cloud Logging
Cloud SQL
Cloud Storage
CloudFormation
CloudTrail
CloudWatch Logs
Cloudfront
Compute Engine
Config
Disk
DynamoDB
EBS
EC2
ECR
EFS
EKS
ELB
EMR
Elasticache
GuardDuty
IAM
Identity
KMS
KeyVault
Kinesis
Kubernetes
Lambda
LoadBalancer
Monitor
NLB/ALB
NetworkSecurityGroup
PostgreSQL
RDS
Redshift
S3
SES
SNS
SQLDatabase
SQLServer
SQS
SSM
Serverless Application Repository
StorageAccount
Subscriptions
VPC
VirtualMachine
VirtualNetwork
State String Indicator of Attack state open
closed
Since String Filter events using a duration string (e.g. 24h)
DateTimeSince String Include results that occur after a specific date and time (RFC3339)
Limit Int32 Maximum number of results per request 1 1000
NextToken String Pagination token to retrieve the next set of results
All Switch Repeat requests until all available results are retrieved
Total Switch Display total result count instead of results

SYNTAX

Get-FalconHorizonIoa [-CloudPlatform] <String> [[-AccountId] <String>] [[-AwsAccountId] <String>] [[-AzureSubscriptionId] <String>] [[-AzureTenantId] <String>] [[-ResourceId] <String[]>] [[-ResourceUuid] <String[]>] [[-Severity] <String>] [[-Service] <String>] [[-State] <String>] [[-Since] <String>] [[-DateTimeSince] <String>] [[-Limit] <Int32>] [-NextToken <String>] [-All] [-Total] [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

GET /detects/entities/ioa/v1

falconpy

GetBehaviorDetections

USAGE

List information about IOAs

Get-FalconHorizonIoa [-Detailed] [-All]

2023-11-27: PSFalcon v2.2.6

⚠️ **GitHub.com Fallback** ⚠️