Invoke FalconCommand - CrowdStrike/psfalcon Wiki

Invoke-FalconCommand

SYNOPSIS

Issue a Real-time Response read-only command to an existing single-host or batch session

DESCRIPTION

Requires 'Real Time Response: Read'.

PARAMETERS

Name Type Min Max Allowed Pipeline PipelineByName Description
Command String cat
cd
clear
csrutil
env
eventlog backup
eventlog export
eventlog list
eventlog view
filehash
getsid
help
history
ifconfig
ipconfig
ls
mount
netstat
ps
reg query
users
Real-time Response command
Argument String Arguments to include with the command
OptionalHostId String[] Restrict execution to specific host identifiers
Timeout Int32 30 600 Length of time to wait for a result, in seconds
SessionId String X Session identifier
BatchId String X Batch session identifier
Wait Switch Use 'Confirm-FalconCommand' to retrieve single-host command results

SYNTAX

Invoke-FalconCommand [-Command] <String> [[-Argument] <String>] [[-OptionalHostId] <String[]>] [[-Timeout] <Int32>] -BatchId <String> [-Wait] -WhatIf] [-Confirm] [<CommonParameters>]
Invoke-FalconCommand [-Command] <String> [[-Argument] <String>] -SessionId <String> [-Wait] [-WhatIf] [-Confirm] [<CommonParameters>]

Generated 20220922 using PSFalcon v2.2.3

⚠️ **GitHub.com Fallback** ⚠️