Receive FalconMalQuerySample - CrowdStrike/psfalcon GitHub Wiki
Download a sample or sample archive from Falcon MalQuery [password: 'infected']
Requires 'MalQuery: Read'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Path | String | Destination path | |||||
| Id | String | Sha256 hash value or MalQuery sample archive identifier | X | X | |||
| Force | Switch | Overwrite an existing file when present |
Receive-FalconMalQuerySample [-Path] <String> [-Id] <String> [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]GET /malquery/entities/download-files/v1
Receive-FalconMalQuerySample -Id <sha256> -Path .\infected.exe2023-04-25: PSFalcon v2.2.5
