Skip to content

Invoke FalconHostAction

Jump to bottom
bk-cs edited this page Oct 24, 2022 · 19 revisions

Invoke-FalconHostAction

SYNOPSIS

Perform actions on hosts

DESCRIPTION

Requires 'Hosts: Write', plus related permission(s) for 'Include' selection(s).

PARAMETERS

Name Type Min Max Allowed Pipeline PipelineByName Description
Name String contain
lift_containment
hide_host
unhide_host
detection_suppress
detection_unsuppress 		Action to perform
Include String[] agent_version
cid
external_ip
first_seen
host_hidden_status
hostname
last_seen
local_ip
mac_address
os_build
os_version
platform_name
product_type
product_type_desc
reduced_functionality_mode
serial_number
system_manufacturer
system_product_name
tags 		Include additional properties
Id String[] X X Host identifier

SYNTAX

Invoke-FalconHostAction [-Name] <String> [[-Include] <String[]>] [-Id] <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]

SDK Reference

falconpy

PerformActionV2

USAGE

Containing or lifting containment on hosts

Invoke-FalconHostAction -Name contain -Id <id>, <id>
Invoke-FalconHostAction -Name lift_containment -Id <id>, <id>

See Network contain a device by Hostname.

See Network contain a list of Hostnames from a CSV file.

Deleting and restoring hosts

Invoke-FalconHostAction -Name hide_host -Id <id>, <id>
Invoke-FalconHostAction -Name unhide_host -Id <id>, <id>

2022-10-24: PSFalcon v2.2.3

Clone this wiki locally