Receive FalconCaoQueryArchive - CrowdStrike/psfalcon GitHub Wiki

Receive-FalconCaoQueryArchive

SYNOPSIS

Download an archive containing Falcon Counter Adversary Operations queries

DESCRIPTION

Requires 'CAO Hunting: Read'.

PARAMETERS

Name Type Description Min Max Allowed Pipeline PipelineByName
Path String Destination path
Language String Query language __all__
cql
snort
suricata
yara
Filter String Falcon Query Language expression to limit results
Type String Archive type [default: zip] gzip
zip
Force Switch Overwrite an existing file when present

SYNTAX

Receive-FalconCaoQueryArchive [-Path] <String> [-Language] <String> [[-Filter] <String>] [[-Type] <String>] [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

GET /hunting/entities/archive-exports/v1

falconpy

GetArchiveExport

USAGE

2025-10-24: PSFalcon v2.3.0

⚠️ **GitHub.com Fallback** ⚠️