Get FalconQueue - CrowdStrike/psfalcon GitHub Wiki
Create a report of Real-time Response commands in the offline queue
Creates a CSV of pending Real-time Response commands and their related session information. By default, sessions within the offline queue expire 7 days after creation. Sessions can have additional commands appended to them to extend their expiration time.
Additional host information can be appended to the results using the 'Include' parameter.
Requires 'Real time response: Read', 'Real time response: Write' and 'Real time response (admin): Write'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Days | Int32 | Number of days worth of sessions to retrieve [default: 7] | |||||
| Include | String[] | Include additional properties |
agent_versioncidexternal_ipfirst_seenhost_hidden_statushostnamelast_seenlocal_ipmac_addressos_buildos_versionplatform_nameproduct_typeproduct_type_descreduced_functionality_modeserial_numbersystem_manufacturersystem_product_nametags
|
||||
| HostId | String[] | Host identifier | X | X |
Get-FalconQueue [[-Days] <Int32>] [[-Include] <String[]>] [[-HostId] <String[]>] [-WhatIf] [-Confirm] [<CommonParameters>]POST /real-time-response/entities/queued-sessions/GET/v1
Get-FalconQueue will create a CSV file with information about sessions that have pending queued commands or have been created in the last 7 days (by default).
Get-FalconQueue [-Days]2023-05-09: PSFalcon v2.2.5
