Register FalconEventCollector - CrowdStrike/psfalcon GitHub Wiki
Define Falcon LogScale or Falcon NGSIEM ingestion endpoint and token for logging
Once configured, the Falcon LogScale or Falcon NGSIEM destination can be used by PSFalcon but the module will not send events to until 'Enable' options are chosen. 'Remove-FalconEventCollector' can be used to remove a configured destination and stop the transmission of events.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Uri | Uri | Falcon LogScale cloud or Falcon NGSIEM HEC ingestion URI | X | ||||
| Token | String | Falcon LogScale or Falcon NGSIEM ingestion token | X | ||||
| Enable | String[] | Define events to send to the collector |
responsesrequests
|
X |
Register-FalconEventCollector [-Uri] <Uri> [-Token] <String> [[-Enable] <String[]>] [<CommonParameters>]The Enable parameter is optional and will configure PSFalcon to send requests or responses to Falcon
LogScale as they occur.
The Token parameter expects your Falcon LogScale ingest token.
Register-FalconEventCollector -Uri https://cloud.community.humio.com -Token <string> -Enable responses, requestsRequest-FalconToken -ClientId <string> -ClientSecret <string> -Collector @{ uri = 'string'; token = 'string' }2024-09-03: PSFalcon v2.2.7
