New FalconItTask - CrowdStrike/psfalcon GitHub Wiki
Create Falcon for IT tasks
Requires 'IT Automation - Tasks: Write'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Name | String | Task name | X | ||||
| Description | String | Task description | X | ||||
| TaskType | String | Task type |
queryremediation
|
X | |||
| AccessType | String | Task access type |
PublicShared
|
X | |||
| Target | String | Falcon Query Language expression to define target hosts | X | ||||
| Parameter | Object[] | Task | X | ||||
| Query | Object | Query | X | ||||
| Remediation | Object | Remediation | X | ||||
| Trigger | Object[] | Trigger condition | X | ||||
| Verification | Object[] | Verification condition | X | ||||
| OsQuery | String | OsQuery statement | X | ||||
| TaskGroupId | String | Task group identifier | X | ||||
| UserGroupId | String[] | User group identifier (for 'Shared' AccessType) | X | ||||
| UserId | String[] | User identifier (for 'Shared' AccessType) | X | ||||
| OutputParser | Object | Column and delimiter values to parse result output | X |
New-FalconItTask [-Name] <String> [[-Description] <String>] [[-TaskType] <String>] [[-AccessType] <String>] [[-Target] <String>] [[-Parameter] <Object[]>] [[-Query] <Object>] [[-Remediation] <Object>] [[-Trigger] <Object[]>] [[-Verification] <Object[]>] [[-OsQuery] <String>] [[-TaskGroupId] <String>] [[-UserGroupId] <String[]>] [[-UserId] <String[]>] [[-OutputParser] <Object>] [-WhatIf] [-Confirm] [<CommonParameters>]POST /it-automation/entities/tasks/v1
New-FalconItTask -Name 'it automation' -description 'test' -TaskType query -AccessType Public -Query @{ windows = @{ content = 'pwd'; language = 'powershell' }}New-FalconItTask -Name 'Test 870769' -Description 'query with parameters' -TaskType query -AccessType Public -TaskParameter @{ key = 'file_path';label = 'Enter the file path'; input_type = 'text' },@{ key = 'file_pattern'; label = 'Enter a file pattern (ex: *.log)'; input_type = 'text' } -Query @{ windows = @{ action_type = 'script'; content = 'Get-ChildItem -Path "{{.file_path}}" -Filter "{{.file_pattern}}" -Force | Select-Object Name, LastWriteTime, Length'; language = 'powershell' }}New-FalconItTask -Name 'Automated Task Example' -Description 'Automated task with trigger and verification criteria' -TaskType remediation -AccessType Public -Remediation @{ windows = @{ content = 'echo "This script executes only if below trigger condition evaluation is successful"'; language = 'powershell'; action_type = 'script' }} -Trigger @{ statements = @(@{ task_id = 'cf8...e63'; key = 'running'; data_comparator = 'Equals'; data_type = 'StringType'; value = 'false' };@{ task_id = 'ca0...1ae'; key = 'script_output'; data_comparator = 'LessThan'; data_type = 'SemverType'; value = '11.6.7' }); operator = 'AND' } -Verification @{ statements = @(@{ task_id 'cf8...e63'; key = 'running'; data_comparator = 'Equals'; data_type = 'StringType'; value = 'true' }); operator = 'AND' } -Target "platform_name:!'Linux'+platform_name:!'Mac'"New-FalconItTask -Name 'Multi-column task example' -Description 'Script task with multi-column' -Target "platform_name:'Windows'" -TaskType query -AccessType Public -Query @{ windows = @{ action_type = 'script'; content = 'echo "a,b"'; language = 'powershell' }} -OutputParser @{ default_group_by = $false; delimiter = ","; columns = @(@{ name = 'c1' },@{ name = 'c2' })}New-FalconItTask -Name 'test rem with file v2' -Description 'test rem with file' -Target "platform_name:'Windows'" -TaskType remediation -AccessType Public -Remediation @{ windows = @{ action_type = 'command'; content = 'cmd /c echo "Hello, World!"'; file_ids = @('5ff...647_eb4...b8f') }}2025-08-04: PSFalcon v2.2.9
