Get FalconScore

Get-FalconScore

SYNOPSIS

Search for CrowdScore values

DESCRIPTION

Requires 'Incidents: Read'.

PARAMETERS

Name	Type	Min	Max	Allowed	Description
Filter	String				Falcon Query Language expression to limit results `timestamp` `score`
Sort	String			`score.asc` `score.desc` `timestamp.asc` `timestamp.desc`	Property and direction to sort results
Limit	Int32	`1`	`2500`		Maximum number of results per request
Offset	Int32				Position to begin retrieving results
All	Switch				Repeat requests until all available results are retrieved
Total	Switch				Display total result count instead of results

SYNTAX

Get-FalconScore [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [-Offset <Int32>] [-All] [-Total] [-WhatIf] [-Confirm] [<CommonParameters>]

SDK Reference

falconpy

CrowdScore

USAGE

Show CrowdScores

Get-FalconScore [-All]

Output the highest score for each available day

# Retrieve all available scores
$Score = Get-FalconScore -All

# Convert 'timestamp' into local [datetime]
$Score | ForEach-Object { $_.timestamp = [datetime]$_.timestamp }

foreach ($Day in ($Score | ForEach-Object { $_.timestamp.ToString('yyyy-MM-dd') } | Select-Object -Unique |
Sort-Object -Descending)) {
    # Output 'max_score' for each 'date'
    [PSCustomObject]@{
        date = $Day
        max_score = ($Score | Where-Object { $_.timestamp.date -eq $Day }).score | Sort-Object -Descending |
            Select-Object -First 1
    }
}

2022-12-12: PSFalcon v2.2.3

Using PSFalcon
Commands by Permission
Other Commands
Examples
- Code Examples
- Samples
CrowdStrike SDKs
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Get FalconScore

Get-FalconScore

SYNOPSIS

DESCRIPTION

PARAMETERS

SYNTAX

SDK Reference

falconpy

USAGE

Show CrowdScores

Output the highest score for each available day

Clone this wiki locally