Skip to content

Receive FalconRule

Jump to bottom
bk-cs edited this page Oct 31, 2022 · 20 revisions

Receive-FalconRule

SYNOPSIS

Download the most recent ruleset,or a specific ruleset

DESCRIPTION

Requires 'Rules (Falcon Intelligence): Read'.

PARAMETERS

Name Type Min Max Allowed Pipeline PipelineByName Description
Type String snort-suricata-master
snort-suricata-update
snort-suricata-changelog
yara-master
yara-update
yara-changelog
common-event-format
netwitness 		Ruleset type, used to retrieve the latest ruleset
Path String Destination path
Id Int32 X X Ruleset identifier, used for a specific ruleset
Force Switch Overwrite an existing file when present

SYNTAX

Receive-FalconRule [-Path] <String> [-Id] <Int32> [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]
Receive-FalconRule [-Type] <String> [-Path] <String> [-WhatIf] [-Confirm] [<CommonParameters>]

SDK Reference

falconpy

GetIntelRuleFile
GetLatestIntelRuleFile

USAGE

Download the latest rule set

Receive-FalconRule -Type yara-master -Path .\yara-master.zip

Download a specific rule set

Receive-FalconRule -Id <id> -Path .\rules.zip

2022-10-31: PSFalcon v2.2.3

Clone this wiki locally