Register FalconEventCollector - CrowdStrike/psfalcon GitHub Wiki
Define Falcon LogScale ingestion endpoint and token for logging
Once configured, the Falcon LogScale destination can be used by PSFalcon but the module will not send events to Falcon LogScale until 'Enable' options are chosen. 'Remove-FalconEventCollector' can be used to remove a configured destination and stop the transmission of events.
Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
---|---|---|---|---|---|---|---|
Uri | Uri | Falcon LogScale cloud | X | ||||
Token | String | Falcon LogScale ingestion token | X | ||||
Enable | String[] | Define events to send to the collector |
responses requests
|
X |
Register-FalconEventCollector [-Uri] <Uri> [-Token] <String> [[-Enable] <String[]>] [<CommonParameters>]
The Enable
parameter is optional and will configure PSFalcon to send requests
or responses
to Falcon
LogScale as they occur.
The Token
parameter expects your Falcon LogScale ingest token.
Register-FalconEventCollector -Uri https://cloud.community.humio.com -Token <string> -Enable responses, requests
Request-FalconToken -ClientId <string> -ClientSecret <string> -Collector @{ uri = 'string'; token = 'string' }
2023-11-27: PSFalcon v2.2.6