Register FalconEventCollector - CrowdStrike/psfalcon GitHub Wiki
Define Falcon LogScale ingestion endpoint and token for logging
Once configured, the Falcon LogScale destination can be used by PSFalcon but the module will not send events to Falcon LogScale until 'Enable' options are chosen. 'Remove-FalconEventCollector' can be used to remove a configured destination and stop the transmission of events.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Uri | Uri | Falcon LogScale cloud | X | ||||
| Token | String | Falcon LogScale ingestion token | X | ||||
| Enable | String[] | Define events to send to the collector |
responsesrequests
|
X |
Register-FalconEventCollector [-Uri] <Uri> [-Token] <String> [[-Enable] <String[]>] [<CommonParameters>]The Enable parameter is optional and will configure PSFalcon to send requests or responses to Falcon
LogScale as they occur.
The Token parameter expects your Falcon LogScale ingest token.
Register-FalconEventCollector -Uri https://cloud.community.humio.com -Token <string> -Enable responses, requestsRequest-FalconToken -ClientId <string> -ClientSecret <string> -Collector @{ uri = 'string'; token = 'string' }2023-11-27: PSFalcon v2.2.6
