Receive FalconRule - CrowdStrike/psfalcon GitHub Wiki
Download the most recent or a specific Falcon Intelligence ruleset
Requires 'Rules (Falcon Intelligence): Read'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Type | String | Ruleset type, used to retrieve the latest ruleset |
common-event-formatcql-changelogcql-mastercql-updatenetwitnesssnort-suricata-changelogsnort-suricata-mastersnort-suricata-updateyara-changelogyara-masteryara-update
|
||||
| IfNoneMatch | String | Download the latest rule set only if it doesn't a matching 'tags' value | |||||
| IfModifiedSince | String | Restrict results to those modified after a provided date (HTTP, ANSIC or RFC850 format) | |||||
| Path | String | Destination path | |||||
| Id | Int32 | Ruleset identifier, used for a specific ruleset | X | X | |||
| Force | Switch | Overwrite an existing file when present |
Receive-FalconRule [-Path] <String> [-Id] <Int32> [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]Receive-FalconRule [-Type] <String> [[-IfNoneMatch] <String>] [[-IfModifiedSince] <String>] [-Path] <String> [-WhatIf] [-Confirm] [<CommonParameters>]GET /intel/entities/rules-files/v1
GET /intel/entities/rules-latest-files/v1
GetIntelRuleFile
GetLatestIntelRuleFile
Receive-FalconRule -Type yara-master -Path .\yara-master.zipReceive-FalconRule -Id <id> -Path .ules.zip2025-09-19: PSFalcon v2.2.9
