Get-FalconIocProcess

SYNOPSIS

Search for processes involving a custom indicator on a specific host

DESCRIPTION

Requires 'IOCs: Read'.

PARAMETERS

Name	Type	Description	Min	Max	Allowed	Pipeline
Id	String[]	Process identifier				X
Type	String	Indicator type			`domain` `ipv4` `ipv6` `md5` `sha256`
Value	String	Indicator value
HostId	String	Host identifier				X
Limit	String	Maximum number of results per request	`1`	`100`
Offset	Int32	Position to begin retrieving results
Detailed	Switch	Retrieve detailed information
All	Switch	Repeat requests until all available results are retrieved

SYNTAX

Get-FalconIocProcess [-Type] <String> [-Value] <String> [-HostId] <String> [[-Limit] <String>] [-Offset <Int32>] [-Detailed] [-All] [-WhatIf] [-Confirm] [<CommonParameters>]

Get-FalconIocProcess -Id <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

GET /indicators/queries/processes/v1
GET /processes/entities/processes/v1

falconpy

ProcessesRanOn
entities_processes

USAGE

Finding process IDs of an IOC found on a host

Get-FalconIocProcess -Type <string> -Value <string> -HostId <id> [-Detailed]

Getting process details

Get-FalconIocProcess -Id <id>, <id>

2023-04-25: PSFalcon v2.2.5

Get FalconIocProcess - CrowdStrike/psfalcon GitHub Wiki

Get-FalconIocProcess

SYNOPSIS

DESCRIPTION

PARAMETERS

SYNTAX

REFERENCE

Endpoints

falconpy

USAGE

Finding process IDs of an IOC found on a host

Getting process details

⚠️ GitHub.com Fallback ⚠️

Get FalconIocProcess - CrowdStrike/psfalcon GitHub Wiki

Get-FalconIocProcess

SYNOPSIS

DESCRIPTION

PARAMETERS

SYNTAX

REFERENCE

Endpoints

falconpy

USAGE

Finding process IDs of an IOC found on a host

Getting process details

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️