PowerShell

PSFalcon is a PowerShell module that enables CrowdStrike Falcon users to interact with the Falcon OAuth2 APIs without requiring deep API expertise. It simplifies automation tasks across the Falcon platform - modify detections and policies in bulk, run Real-time Response across many devices simultaneously, manage malware samples, and configure MSSP parent/child environments.

PSFalcon requires PowerShell 5.1+ on Windows or PowerShell 6+ on Linux and macOS.

View on GitHub

Installation

Install-Module -Name PSFalcon -Scope CurrentUser

Quick Start

# Authenticate
Request-FalconToken -ClientId $env:FALCON_CLIENT_ID -ClientSecret $env:FALCON_CLIENT_SECRET

# Query hosts
Get-FalconHost -Filter "hostname:*'search-term'*" -Limit 10

Resources

PSFalcon on GitHub
PSFalcon Wiki
Code Samples
PowerShell Gallery

Get Help

Report a Bug or Request a Feature
Discussions