Get FalconHorizonIom - CrowdStrike/psfalcon GitHub Wiki

Get-FalconHorizonIom

SYNOPSIS

Search for Falcon Horizon Indicators of Misconfiguration

DESCRIPTION

Requires 'CSPM registration: Read'.

PARAMETERS

Name Type Description Min Max Allowed Pipeline PipelineByName
Id String[] Horizon Indicator of Misconfiguration identifier X X
Filter String Falcon Query Language expression to limit results

account_id
account_name
agent_id
attack_types
azure_subscription_id
cloud_provider
cloud_service_keyword
custom_policy_id
is_managed
policy_id
policy_type
region
resource_id
scan_time
severity
severity_string
status
use_current_scan_ids
Sort String Property and direction to sort results account_name.asc
account_name.desc
account_id.asc
account_id.desc
attack_types.asc
attack_types.desc
azure_subscription_id.asc
azure_subscription_id.desc
cloud_provider.asc
cloud_provider.desc
cloud_service_keyword.asc
cloud_service_keyword.desc
status.asc
status.desc
is_managed.asc
is_managed.desc
policy_id.asc
policy_id.desc
policy_type.asc
policy_type.desc
resource_id.asc
resource_id.desc
region.asc
region.desc
scan_time.asc
scan_time.desc
severity.asc
severity.desc
severity_string.asc
severity_string.desc
timestamp.asc
timestamp.desc
Limit Int32 Maximum number of results per request 1 1000
Offset Int32 Position to begin retrieving results
NextToken String Pagination token to retrieve the next set of results
Detailed Switch Retrieve detailed information
All Switch Repeat requests until all available results are retrieved
Total Switch Display total result count instead of results

SYNTAX

Get-FalconHorizonIom [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [-Offset <Int32>] [-NextToken <String>] [-Detailed] [-All] [-Total] [-WhatIf] [-Confirm] [<CommonParameters>]
Get-FalconHorizonIom -Id <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

GET /detects/entities/iom/v2
GET /detects/queries/iom/v2

falconpy

GetConfigurationDetectionIDsV2
GetConfigurationDetectionEntities

USAGE

Retrieve events using a filtered search

Get-FalconHorizonIom -Filter "cloud_provider:'azure'+region:'eastus'+severity=1" [-Detailed] [-All]

2023-11-27: PSFalcon v2.2.6

⚠️ **GitHub.com Fallback** ⚠️