Start FalconScan - CrowdStrike/psfalcon GitHub Wiki

Start-FalconScan

SYNOPSIS

Start an on-demand scan

DESCRIPTION

Requires 'On-demand scans (ODS): Write'.

PARAMETERS

Name Type Description Min Max Allowed Pipeline PipelineByName
FilePath String[] File path(s) to scan
SensorDetection String On-sensor machine-learning detection level disabled
cautious
moderate
aggressive
extra_aggressive
SensorPrevention String On-sensor machine-learning prevention level disabled
cautious
moderate
aggressive
extra_aggressive
CloudDetection String Cloud-based machine-learning detection level disabled
cautious
moderate
aggressive
extra_aggressive
CloudPrevention String Cloud-based machine-learning prevention level disabled
cautious
moderate
aggressive
extra_aggressive
CloudPupDetection String Cloud-based machine-learning PUP detection level disabled
cautious
moderate
aggressive
extra_aggressive
CloudPupPrevention String Cloud-based machine-learning PUP prevention level disabled
cautious
moderate
aggressive
extra_aggressive
CpuPriority String Maximum CPU utilization up_to_1
up_to_25
up_to_50
up_to_75
up_to_100
ScanExclusion String[] File path(s) to exclude, in glob syntax
ScanInclusion String[] File path(s) to include, in glob syntax
Quarantine Boolean Quarantine malicious files
MaxFileSize Int32 Maximum file size, in MB
Notification Boolean
MaxDuration Int32 Allowable scan duration, in hours 0 24
PauseDuration Int32 Allowable pause duration, in hours 0 24
Description String On-demand scan description
GroupId String[] Host Group identifier
Id String[] Host identifier X X

SYNTAX

Start-FalconScan [-FilePath] <String[]> [-SensorDetection] <String> [-SensorPrevention] <String> [-CloudDetection] <String> [-CloudPrevention] <String> [-CloudPupDetection] <String> [-CloudPupPrevention] <String> [-CpuPriority] <String> [[-ScanExclusion] <String[]>] [[-ScanInclusion] <String[]>] [[-Quarantine] <Boolean>] [[-MaxFileSize] <Int32>] [[-Notification] <Boolean>] [[-MaxDuration] <Int32>] [[-PauseDuration] <Int32>] [[-Description] <String>] [-GroupId <String[]>] [-Id <String[]>] [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

POST /ods/entities/scans/v1

falconpy

create_scan

USAGE

2025-09-19: PSFalcon v2.2.9

⚠️ **GitHub.com Fallback** ⚠️