Receive FalconNgsLookupFile - CrowdStrike/psfalcon GitHub Wiki

Receive-FalconNgsLookupFile

SYNOPSIS

Download a Falcon NGSIEM lookup file

DESCRIPTION

Requires 'NGSIEM: Read'.

PARAMETERS

Name Type Description Min Max Allowed Pipeline PipelineByName
Repository String Repository name 3pi_parsers
event_search_all
falcon_for_it_view
forensics_view
investigate_view
search-all
Filename String Lookup file name
Path String Destination path [default: .<filename>.csv]
Force Switch Overwrite an existing file when present

SYNTAX

Receive-FalconNgsLookupFile [-Repository] <String> [-Filename] <String> [[-Path] <String>] [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

GET /humio/api/v1/repositories/{repository}/files/{filename}

falconpy

GetLookupV1

USAGE

2025-08-05: PSFalcon v2.2.9

⚠️ **GitHub.com Fallback** ⚠️