Invoke FalconHostAction - CrowdStrike/psfalcon GitHub Wiki

Invoke-FalconHostAction

SYNOPSIS

Perform actions on hosts

DESCRIPTION

Requires 'Hosts: Write', plus related permission(s) for 'Include' selection(s).

PARAMETERS

Name Type Description Min Max Allowed Pipeline PipelineByName
Name String Action to perform contain
detection_suppress
detection_unsuppress
hide_host
lift_containment
lift_filesystem_containment_all
unhide_host
Include String[] Include additional properties agent_version
cid
external_ip
filesystem_containment_status
first_seen
host_hidden_status
hostname
last_seen
local_ip
mac_address
os_build
os_version
platform_name
product_type
product_type_desc
reduced_functionality_mode
serial_number
system_manufacturer
system_product_name
tags
Id String[] Host identifier X X

SYNTAX

Invoke-FalconHostAction [-Name] <String> [[-Include] <String[]>] [-Id] <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

POST /devices/entities/devices-actions/v2

falconpy

PerformActionV2

USAGE

Containing or lifting containment on hosts

Invoke-FalconHostAction -Name contain -Id <id>, <id>
Invoke-FalconHostAction -Name lift_containment -Id <id>, <id>

See Network contain a device by Hostname.

See Network contain a list of Hostnames from a CSV file.

Deleting and restoring hosts

Invoke-FalconHostAction -Name hide_host -Id <id>, <id>
Invoke-FalconHostAction -Name unhide_host -Id <id>, <id>

2025-09-19: PSFalcon v2.2.9

⚠️ **GitHub.com Fallback** ⚠️