Get FalconHorizonIoa - CrowdStrike/psfalcon Wiki

Get-FalconHorizonIoa

SYNOPSIS

Search for Falcon Horizon Indicators of Attack

DESCRIPTION

Requires 'CSPM Registration: Read'.

PARAMETERS

Name Type Min Max Allowed Pipeline PipelineByName Description
CloudPlatform String aws
azure
Cloud platform
AwsAccountId String X AWS account identifier
AzureSubscriptionId String X Azure subscription identifier
AzureTenantId String X Azure tenant identifier
Severity String High
Medium
Informational
Indicator of Attack severity
Region String Cloud platform region
Service String ACM
ACR
Any
App Engine
AppService
BigQuery
Cloud Load Balancing
Cloud Logging
Cloud SQL
Cloud Storage
CloudFormation
CloudTrail
CloudWatch Logs
Cloudfront
Compute Engine
Config
Disk
DynamoDB
EBS
EC2
ECR
EFS
EKS
ELB
EMR
Elasticache
GuardDuty
IAM
Identity
KMS
KeyVault
Kinesis
Kubernetes
Lambda
LoadBalancer
Monitor
NLB/ALB
NetworkSecurityGroup
PostgreSQL
RDS
Redshift
S3
SES
SNS
SQLDatabase
SQLServer
SQS
SSM
Serverless Application Repository
StorageAccount
Subscriptions
VPC
VirtualMachine
VirtualNetwork
Cloud service
State String open
closed
Indicator of Attack state
DateTimeSince String Include results that occur after a specific date and time (RFC3339)
Limit Int32 1 5000 Maximum number of results per request
NextToken String Pagination token to retrieve the next set of results
All Switch Repeat requests until all available results are retrieved
Total Switch Display total result count instead of results

SYNTAX

Get-FalconHorizonIoa [[-CloudPlatform] <String>] [[-AwsAccountId] <String>] [[-AzureSubscriptionId] <String>] [[-AzureTenantId] <String>] [-Severity] <String>] [[-Region] <String>] [[-Service] <String>] [[-State] <String>] [[-DateTimeSince] <String>] [[-Limit] <Int32>] [-NextToken 
<String>] [-All] [-Total] [-WhatIf] [-Confirm] [<CommonParameters>]

Generated 20220922 using PSFalcon v2.2.3

⚠️ **GitHub.com Fallback** ⚠️