Invoke FalconItTask - CrowdStrike/psfalcon GitHub Wiki
Initiate an existing Falcon for IT task, or create and run a task on target hosts
Requires 'IT Automation - Task Executions: Write'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Id | String | Task identifier | |||||
| Target | String | Falcon Query Language expression to define target hosts | |||||
| Query | Object | Query | |||||
| OsQuery | String | OsQuery statement | |||||
| ExecutionArg | Object | Key/value pairs to define arguments during execution of an existing task | |||||
| Trigger | Object[] | Trigger condition | |||||
| DiscoverOffline | Boolean | Discover offline hosts | |||||
| DiscoverNew | Boolean | Discover new hosts | |||||
| Guardrail | Object | Execution guardrails and limits | |||||
| Distribute | Boolean | Distribute task | |||||
| OutputParser | Object | Specifies columns and delimiter for parsing script execution results | |||||
| ExpirationInterval | String | Interval before task expires. Once expired, new and offline hosts won't be targeted |
Invoke-FalconItTask [-Id] <String> [-Target] <String> [[-ExecutionArg] <Object>] [[-Trigger] <Object[]>] [[-DiscoverOffline] <Boolean>] [[-DiscoverNew] <Boolean>] [[-Guardrail] <Object>] [[-Distribute] <Boolean>] [[-ExpirationInterval] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-FalconItTask [-Target] <String> [[-Query] <Object>] [[-OsQuery] <String>] [[-DiscoverOffline] <Boolean>] [[-DiscoverNew] <Boolean>] [[-Guardrail] <Object>] [[-Distribute] <Boolean>] [[-OutputParser] <Object>] [[-ExpirationInterval] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]POST /it-automation/entities/live-query-execution/v1
POST /it-automation/entities/task-executions/v1
Invoke-FalconItTask -Target "platform_name:'Windows'" -Query @{ windows = @{ content = 'pwd'; language = 'powershell' }}Invoke-FalconItTask -Target "platform_name:'Windows'" -Query @{ windows = @{ content = 'echo "a,b"'; language = 'powershell' }} -OutputParser @{ default_group_by = $false; delimiter = ","; columns = @(@{ name = 'c1' },@{ name = 'c2' })}Invoke-FalconItTask -Id <id> -Target "platform_name:'Windows'" -DiscoverOffline $false -DiscoverNew $false -Guardrail @{ run_time_limit_millis = 300000 } -Distribute $true -ExpirationInterval 1hInvoke-FalconItTask -Id <id> -Target "platform_name:'Windows'" -DiscoverOffline $true -DiscoverNew $false -Guardrail @{ run_time_limit_millis = 300000 } -Distribute $true -ExpirationInterval 1h -ExecutionArg @{ file_path = 'C:\temp'; file_pattern = '*.log' }Invoke-FalconItTask -Id <id> -Target "platform_name:!'Linux'+platform_name:!'Mac'" -Trigger @{ statements = @(@{ task_id = <id>; key = 'script_output'; data_comparator = 'Equals'; data_type = 'StringType'; value = 'installed' }); operator = 'AND' }
_2025-08-04: PSFalcon v2.2.9_