Get FalconSession
Search for Real-time Response sessions
Real-time Response sessions are segmented by permission,meaning that only sessions that were created using your OAuth2 API Client will be visible.
'Get-FalconQueue' can be used to find and export information about sessions in the 'offline queue'.
Requires 'Real Time Response: Read'.
| Name | Type | Min | Max | Allowed | Pipeline | PipelineByName | Description |
|---|---|---|---|---|---|---|---|
| Id | String[] | X | X | Session identifier | |||
| Filter | String | Falcon Query Language expression to limit results | |||||
| Sort | String | Property and direction to sort results | |||||
| Limit | Int32 | 1 |
100 |
Maximum number of results per request | |||
| Offset | Int32 | Position to begin retrieving results | |||||
| Queue | Switch | Restrict search to sessions that have been queued | |||||
| Detailed | Switch | Retrieve detailed information | |||||
| All | Switch | Repeat requests until all available results are retrieved | |||||
| Total | Switch | Display total result count instead of results |
Get-FalconSession [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [-Offset <Int32>] [-Detailed] [-All] [-Total] [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconSession -Id <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]Get-FalconSession -Id <String[]> -Queue [-WhatIf] [-Confirm] [<CommonParameters>]2022-10-20: PSFalcon v2.2.3
