Confirm FalconCommand
Verify the status of a Real-time Response 'read-only' command issued to a single-host session
Confirms the status of an executed 'read-only' command. The single-host Real-time Response APIs require that commands be confirmed to 'acknowledge' that they have been processed as part of your API-based workflow. Failing to confirm after commands can lead to unexpected results.
A 'sequence_id' value of 0 is added if the parameter is not specified.
Requires 'Real time response: Read'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| SequenceId | Int32 | Sequence identifier | |||||
| CloudRequestId | String | Command request identifier | X | X |
Confirm-FalconCommand [[-SequenceId] <Int32>] [-CloudRequestId] <String> [-WhatIf] [-Confirm] [<CommonParameters>]GET /real-time-response/entities/command/v1
NOTE: This step is important! Without retrieving the results from an issued command, a single-host Real-time Response session may not reflect that actions have taken place. For instance, If you cd and don't confirm, you'll stay in your current directory.
Confirm-FalconCommand -CloudRequestId $Command.cloud_request_idSee Invoke-FalconCommand.
2023-04-25: PSFalcon v2.2.5
