Get FalconOverWatchIncident - CrowdStrike/psfalcon GitHub Wiki

Get-FalconOverWatchIncident

SYNOPSIS

Retrieve the total number of Falcon OverWatch incidents across all customers

DESCRIPTION

Requires 'OverWatch Dashboard: Read'.

PARAMETERS

Name Type Description Min Max Allowed Pipeline PipelineByName
Filter String Falcon Query Language expression to limit results

SYNTAX

Get-FalconOverWatchIncident [-Filter] <String> [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

GET /overwatch-dashboards/aggregates/incidents-global-counts/v1

falconpy

AggregatesIncidentsGlobalCounts

USAGE

Getting the total number of Falcon OverWatch incidents for the past 48 hours

Get-FalconOverWatchIncident -Filter "detect_time:>'now-48h'"

2023-04-25: PSFalcon v2.2.5

⚠️ **GitHub.com Fallback** ⚠️