Get FalconQueue

Get-FalconQueue

SYNOPSIS

Create a report of Real-time Response commands in the offline queue

DESCRIPTION

Creates a CSV of pending Real-time Response commands and their related session information. By default, sessions within the offline queue expire 7 days after creation. Sessions can have additional commands appended to them to extend their expiration time.

Additional host information can be appended to the results using the 'Include' parameter.

Requires 'Real time response: Read', 'Real time response: Write' and 'Real time response (admin): Write'.

PARAMETERS

Name	Type	Description	Allowed	Pipeline	PipelineByName
Days	Int32	Number of days worth of sessions to retrieve [default: 7]
Include	String[]	Include additional properties	`agent_version` `cid` `external_ip` `first_seen` `host_hidden_status` `hostname` `last_seen` `local_ip` `mac_address` `os_build` `os_version` `platform_name` `product_type` `product_type_desc` `reduced_functionality_mode` `serial_number` `system_manufacturer` `system_product_name` `tags`
HostId	String[]	Host identifier		X	X

SYNTAX

Get-FalconQueue [[-Days] <Int32>] [[-Include] <String[]>] [[-HostId] <String[]>] [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

POST /real-time-response/entities/queued-sessions/GET/v1

falconpy

RTR_ListQueuedSessions

USAGE

Get-FalconQueue will create a CSV file with information about sessions that have pending queued commands or have been created in the last 7 days (by default).

Get-FalconQueue [-Days]

2023-05-09: PSFalcon v2.2.5

Using PSFalcon
Commands by Permission
Other Commands
Examples
- Code Examples
- Samples
CrowdStrike SDKs
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust

Provide feedback

Saved searches

Use saved searches to filter your results more quickly