Event Streams

Start an event stream

Get-FalconStream -AppId psfalcon

Refresh an active event stream

Update-FalconStream -ActionName refresh_active_stream_session -AppId psfalcon -Partition 0

Capture a sample of events from a stream

Open-FalconStream

NOTE: Over a few minutes, this command will output an event stream to a Json file in the local directory. It currently only works on Windows, and will open a secondary session when executed.

CrowdStrike API Documentation

Using PSFalcon
Commands by Permission
Other Commands
Examples
- Code Examples
- Samples
CrowdStrike SDKs
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Event Streams

Start an event stream

Refresh an active event stream

Capture a sample of events from a stream

Clone this wiki locally