Skip to content

Real-time Response processes and session counts #115

Answered by bk-cs
bk-cs asked this question in Q&A
Discussion options

You must be logged in to vote

Thank you! For the record, it's not an official feature of CrowdStrike, it's entirely my own project that I thought CrowdStrike users that are fans of PowerShell might appreciate. :)

  1. Real-time Response passes commands to a single PowerShell thread and waits for it to complete. Real-time Response sessions eventually expire, so if the process takes a long time, I typically use a separate process.

  2. There is no technical limitation to the number of hosts that can be added to a Real-time Response session. I made a design choice to limit the number of hosts with the use of Invoke-FalconRtr to 500 hosts per session to reduce potential for unexpected issues. Note that Invoke-FalconRtr was desi…

Replies: 1 comment 2 replies

Comment options

bk-cs
Oct 1, 2021
Maintainer Author

You must be logged in to vote
2 replies
@bk-cs
Comment options

bk-cs Oct 4, 2021
Maintainer Author

@bk-cs
Comment options

bk-cs Oct 4, 2021
Maintainer Author

Answer selected by bk-cs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
1 participant