Receive FalconArtifact - CrowdStrike/psfalcon GitHub Wiki

Receive-FalconArtifact

SYNOPSIS

Download an artifact from a Falcon Intelligence Sandbox report

DESCRIPTION

Artifact identifier values can be retrieved for specific Falcon Intelligence Sandbox reports using 'Get-FalconReport'.

Requires 'Sandbox (Falcon Intelligence): Read'.

PARAMETERS

Name Type Description Min Max Allowed Pipeline PipelineByName
Path String Destination path
Id String Artifact identifier X X
Force Switch Overwrite an existing file when present

SYNTAX

Receive-FalconArtifact [-Path] <String> [-Id] <String> [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

GET /falconx/entities/artifacts/v1

falconpy

GetArtifacts

USAGE

Download a strict IOC pack

$Report = Get-FalconReport -Id <id>
Receive-FalconArtifact -Id $Report.ioc_report_strict_csv_artifact_id -Path .\ioc_report_strict_csv_artifact_id.csv

See Get-FalconReport.

2023-04-25: PSFalcon v2.2.5

⚠️ **GitHub.com Fallback** ⚠️