Get FalconIocProcess
Search for processes involving a custom indicator on a specific host
Requires 'IOCs: Read'.
| Name | Type | Min | Max | Pattern | Allowed | Pipeline | PipelineByName | Description |
|---|---|---|---|---|---|---|---|---|
| Id | String[] | ^pid:[a-fA-F0-9]{32}:\d+$ |
False | Process identifier | ||||
| Type | String |
domainipv4ipv6md5sha256
|
False | False | Indicator type | |||
| Value | String | False | False | Indicator value | ||||
| HostId | String | ^[a-fA-F0-9]{32}$ |
False | Host identifier | ||||
| Limit | String | 1 |
100 |
False | False | Maximum number of results per request | ||
| Offset | Int32 | False | False | Position to begin retrieving results | ||||
| Detailed | Switch | False | False | Retrieve detailed information | ||||
| All | Switch | False | False | Repeat requests until all available results are retrieved |
Get-FalconIocProcess [-Type] <String> [-Value] <String> [-HostId] <String> [[-Limit] <String>] [-Offset <Int32>] [-Detailed] [-All] [-WhatIf] [-Confirm] <CommonParameters>]
Get-FalconIocProcess -Id <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]
Generated 20220922 using PSFalcon v2.2.3
