-
Notifications
You must be signed in to change notification settings - Fork 72
Send FalconSample
bk-cs edited this page Oct 20, 2022
·
20 revisions
Upload a sample file
A successful upload will provide a 'sha256' value that can be used in submissions to the Falcon Sandbox or Falcon QuickScan.
Maximum file size is 256MB. ZIP archives will automatically redirect to the archive submission API.
Requires 'Sample Uploads: Write'.
Name | Type | Min | Max | Allowed | Pipeline | PipelineByName | Description |
---|---|---|---|---|---|---|---|
IsConfidential | Boolean | Prohibit sample from being displayed in MalQuery [default: True] | |||||
Comment | String | Sample comment | |||||
FileName | String | X | File name | ||||
Path | String | X | Path to local file |
Send-FalconSample [[-IsConfidential] <Boolean>] [[-Comment] <String>] [[-FileName] <String>] -Path <String> [-WhatIf] [-Confirm] [<CommonParameters>]
Send-FalconSample -Path C:\virus.exe -Filename virus.exe -Comment 'bad file'
Get-ChildItem -Path C:\samples -File | Send-FalconSample
See New-FalconQuickScan.
See New-FalconSubmission.
2022-10-20: PSFalcon v2.2.3
- Using PSFalcon
-
Commands by Permission
- Actors (Falcon Intelligence)
- Alerts
- API integrations
- App Logs
- Channel File Control Settings
- Configuration Assessment
- Content Update Policies
- Correlation Rules
- CSPM registration
- Custom IOA rules
- Detections
- Device Content
- Device control policies
- Event streams
- Falcon Complete Dashboards
- Falcon Container Image
- Falcon Data Replicator
- Falcon Discover
- Falcon FileVantage
- Falcon FileVantage Content
- Firewall management
- Flight Control
- Host groups
- Host Migration
- Hosts
- Identity Protection Entities
- Identity Protection GraphQL
- Identity Protection Policy Rules
- Incidents
- Indicators (Falcon Intelligence)
- Installation tokens
- Installation token settings
- IOA Exclusions
- IOC Manager APIs
- IOCs
- Kubernetes Protection
- Machine Learning exclusions
- MalQuery
- Malware Families (Falcon Intelligence)
- Message Center
- Mobile Enrollment
- Monitoring rules (Falcon Intelligence Recon)
- On demand scans (ODS)
- OverWatch Dashboard
- Prevention Policies
- Quarantined Files
- QuickScan Pro
- Real time response
- Real time response (admin)
- Reports (Falcon Intelligence)
- Response policies
- Rules (Falcon Intelligence)
- Sample uploads
- Sandbox (Falcon Intelligence)
- Scheduled Reports
- Sensor Download
- Sensor update policies
- Sensor Usage
- Sensor Visibility Exclusions
- Snapshot
- Snapshot Scanner Image Download
- Tailored Intelligence
- Threatgraph
- User management
- Vulnerabilities
- Vulnerabilities (Falcon Intelligence)
- Workflow
- Zero Trust Assessment
- Other Commands
- Examples
-
CrowdStrike SDKs
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust