Skip to content

Get FalconIoc

Jump to bottom
bk-cs edited this page Sep 28, 2022 · 26 revisions

Get-FalconIoc

SYNOPSIS

Search for custom indicators

DESCRIPTION

Requires 'IOC Manager APIs: Read'.

PARAMETERS

Name Type Min Max Allowed Pipeline PipelineByName Description
Id String[] X X Indicator identifier
Filter String Falcon Query Language expression to limit results
Sort String action.asc
action.desc
applied_globally.asc
applied_globally.desc
metadata.av_hits.asc
metadata.av_hits.desc
metadata.company_name.raw.asc
metadata.company_name.raw.desc
created_by.asc
created_by.desc
created_on.asc
created_on.desc
expiration.asc
expiration.desc
expired.asc
expired.desc
metadata.filename.raw.asc
metadata.filename.raw.desc
modified_by.asc
modified_by.desc
modified_on.asc
modified_on.desc
metadata.original_filename.raw.asc
metadata.original_filename.raw.desc
metadata.product_name.raw.asc
metadata.product_name.raw.desc
metadata.product_version.asc
metadata.product_version.desc
severity_number.asc
severity_number.desc
source.asc
source.desc
type.asc
type.desc
value.asc
value.desc 		Property and direction to sort results
Limit Int32 1 2000 Maximum number of results per request
Offset Int32 Position to begin retrieving results
After String Pagination token to retrieve the next set of results
Detailed Switch Retrieve detailed information
All Switch Repeat requests until all available results are retrieved
Total Switch Display total result count instead of results

SYNTAX

Get-FalconIoc [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [-Offset <Int32>] [-After <String>] [-All] [-Total] [-WhatIf] [-Confirm] <CommonParameters>]

Get-FalconIoc -Id <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]

Get-FalconIoc [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [-Offset <Int32>] [-After <String>] -Detailed [-All] [-WhatIf] -Confirm] [<CommonParameters>]

USAGE

Finding domain indicator identifiers

Get-FalconIoc -Filter "type:'domain'

Retrieving details about an indicator by its identifier

Get-FalconIoc -Id <id>, <id>

Retrieving indicator details in large batches

Get-FalconIoc -Filter "type:'domain'+tags:'MalDomain_20201215'+tags:'domains_mac'" -Detailed -All

Generated 20220922 using PSFalcon v2.2.3

Clone this wiki locally