New FalconNgsParser - CrowdStrike/psfalcon GitHub Wiki
Create a Falcon NGSIEM parser
Requires 'NGSIEM Parsers: Write'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Name | String | Parser name | X | ||||
| Repository | String | Repository name | parsers-repository |
X | |||
| Script | String | Parser script to transform input into events | X | ||||
| TestCase | Object[] | An example event and output | X | ||||
| FieldToRemove | String[] | Event fields to remove before parsing | X | ||||
| FieldToTag | String[] | Event fields to tag during parsing | X |
New-FalconNgsParser [-Name] <String> [-Repository] <String> [-Script] <String> [-TestCase] <Object[]> [[-FieldToRemove] <String[]>] [[-FieldToTag] <String[]>] [-WhatIf] [-Confirm] [<CommonParameters>]POST /ngsiem-content/entities/parsers/v1
2025-08-05: PSFalcon v2.2.9
