Get FalconIocProcess - CrowdStrike/psfalcon GitHub Wiki
Search for processes involving a custom indicator on a specific host
Requires 'IOCs: Read'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Id | String[] | Process identifier | X | ||||
| Type | String | Indicator type |
domainipv4ipv6md5sha256
|
||||
| Value | String | Indicator value | |||||
| HostId | String | Host identifier | X | ||||
| Limit | String | Maximum number of results per request | 1 |
100 |
|||
| Offset | Int32 | Position to begin retrieving results | |||||
| Detailed | Switch | Retrieve detailed information | |||||
| All | Switch | Repeat requests until all available results are retrieved |
Get-FalconIocProcess [-Type] <String> [-Value] <String> [-HostId] <String> [[-Limit] <String>] [-Offset <Int32>] [-Detailed] [-All] [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconIocProcess -Id <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]GET /indicators/queries/processes/v1
GET /processes/entities/processes/v1
ProcessesRanOn
entities_processes
Get-FalconIocProcess -Type <string> -Value <string> -HostId <id> [-Detailed]Get-FalconIocProcess -Id <id>, <id>2023-04-25: PSFalcon v2.2.5
