Invoke FalconAdminCommand - CrowdStrike/psfalcon Wiki

Invoke-FalconAdminCommand

SYNOPSIS

Issue a Real-time Response admin command to an existing single-host or batch session

DESCRIPTION

Requires 'Real Time Response (Admin): Write'.

PARAMETERS

Name Type Min Max Allowed Pipeline PipelineByName Description
Command String cat
cd
clear
cp
csrutil
cswindiag
encrypt
env
eventlog backup
eventlog export
eventlog list
eventlog view
filehash
get
getsid
help
history
ifconfig
ipconfig
kill
ls
map
memdump
mkdir
mount
mv
netstat
ps
put
put-and-run
reg delete
reg load
reg query
reg set
reg unload
restart
rm
run
runscript
shutdown
umount
unmap
update history
update install
update list
update install
users
xmemdump
zip
Real-time Response command
Argument String Arguments to include with the command
Timeout Int32 30 600 Length of time to wait for a result, in seconds
OptionalHostId String[] Restrict execution to specific host identifiers
SessionId String X Session identifier
BatchId String X Batch session identifier
Wait Switch Use 'Confirm-FalconAdminCommand' or 'Confirm-FalconGetFile' to retrieve command results

SYNTAX

Invoke-FalconAdminCommand [-Command] <String> [[-Argument] <String>] [[-Timeout] <Int32>] [[-OptionalHostId] <String[]>] -BatchId <String> -Wait] [-WhatIf] [-Confirm] [<CommonParameters>]
Invoke-FalconAdminCommand [-Command] <String> [[-Argument] <String>] -SessionId <String> [-Wait] [-WhatIf] [-Confirm] [<CommonParameters>]

Generated 20220922 using PSFalcon v2.2.3

⚠️ **GitHub.com Fallback** ⚠️