Get FalconKernel - CrowdStrike/psfalcon GitHub Wiki

Get-FalconKernel

SYNOPSIS

Search for Falcon kernel compatibility information for Sensor builds

DESCRIPTION

Requires 'Sensor update policies: Read'.

PARAMETERS

Name Type Description Min Max Allowed Pipeline PipelineByName
Field String Return values for a specific field architecture
base_package_supported_sensor_versions
distro
distro_version
flavor
release
vendor
version
ztl_supported_sensor_versions
Filter String Falcon Query Language expression to limit results
Sort String Property and direction to sort results architecture.asc
architecture.desc
distro.asc
distro.desc
distro_version.asc
distro_version.desc
flavor.asc
flavor.desc
release.asc
release.desc
vendor.asc
vendor.desc
version.asc
version.desc
Limit Int32 Maximum number of results per request 1 500
Offset Int32 Position to begin retrieving results
All Switch Repeat requests until all available results are retrieved
Total Switch Display total result count instead of results

SYNTAX

Get-FalconKernel [[-Filter] <String>] [[-Limit] <Int32>] [-Offset <Int32>] [-All] [-Total] [-WhatIf] [-Confirm] [<CommonParameters>]
Get-FalconKernel [-Field] <String> [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [-Offset <Int32>] [-All] [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

GET /policy/combined/sensor-update-kernels/v1
GET /policy/queries/sensor-update-kernels/{distinct-field}/v1

falconpy

queryCombinedSensorUpdateKernels
querySensorUpdateKernelsDistinct

USAGE

List results of a filtered search

Get-FalconKernel -Filter "vendor:'ubuntu'+distro:'ubuntu20'+flavor:'gcp'+release:*'5.8.*'"

Retrieve distro values

Get-FalconKernel -Field distro -Sort vendor.asc

2023-11-27: PSFalcon v2.2.6

⚠️ **GitHub.com Fallback** ⚠️