Event Streams

Start an event stream

Get-FalconStream -AppId psfalcon

Refresh an active event stream

Update-FalconStream -AppId psfalcon -Partition 0

Capture a sample of events from a stream

Open-FalconStream

NOTE: This is a custom command included with PSFalcon. Over a few minutes, Open-FalconStream will output an event stream to a Json file in the local directory. It currently only works on Windows and will open a secondary session when executed. You can close the session to write the Json to disk.

See CrowdStrike API Documentation.

Using PSFalcon
Commands by Permission
Other Commands
Examples
- Code Examples
- Samples
CrowdStrike SDKs
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Event Streams

Start an event stream

Refresh an active event stream

Capture a sample of events from a stream

Clone this wiki locally