New FalconNgsDataConnection - CrowdStrike/psfalcon GitHub Wiki

New-FalconNgsDataConnection

SYNOPSIS

Create a Falcon NGSIEM data connection

DESCRIPTION

Requires 'NGSIEM Data Connections API: Write'.

PARAMETERS

Name Type Description Min Max Allowed Pipeline PipelineByName
ConnectorId String Data connector identifier X
Name String Data connection name 1 50 X
Parser String Parser name X
Description String Data connection description 1 500 X
ConnectorType String Data connector type PULL
PUSH 		X
VendorName String Vendor name X
VendorProductName String Vendor product name X
HostEnrichment Boolean Enable host enrichment [default: false] X
UserEnrichment Boolean Enable user enrichment [default: false] X
ConfigId String Configuration identifier X
Config Object An object containing external data source connection settings ('auth', 'name', 'params') X
LogSource String[] Log sources to collect (when using ConnectorType 'PULL') X

SYNTAX

New-FalconNgsDataConnection [-ConnectorId] <String> [-Name] <String> [-Parser] <String> [[-Description] <String>] [[-ConnectorType] <String>] [[-VendorName] <String>] [[-VendorProductName] <String>] [[-HostEnrichment] <Boolean>] [[-UserEnrichment] <Boolean>] [[-ConfigId] <String>] [[-Config] <Object>] [[-LogSource] <String[]>] [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

POST /ngsiem/entities/connections/v1

USAGE

Create a data connection

New-FalconNgsDataConnection -ConnectorId <id> -Name '1Password Device Trust' -Parser 1password-devicetrust -Description 'Ingest 1Password Device Trust event data' -VendorName '1Password' -VendorProductName '1Password DEvice Trust' -HostEnrichment $true -UserEnrichment $true

Get-FalconNgsDataConnector -Filter "name:'1password'" | New-FalconNgsDataConnection -Parser 1password-devicetrust

2025-12-23: PSFalcon v2.3.0

⚠️ **GitHub.com Fallback** ⚠️