-
|
When I open the Crowdstrike Falcon console and go to 'Endpoint detections', it shows that we have marked 253 detections with a Status of "Closed", and 5 are still marked as "New". I am trying to access that information through PSFalcon. When I run: When I run: Any idea what could be causing the disparity what I see from Get-FalconDetection vs the console? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
With the switchover to Raptor, "detections" became "alerts" (despite still being called "detections" in the Falcon UI). While Have you tried using |
Beta Was this translation helpful? Give feedback.
-
|
That works - thanks! |
Beta Was this translation helpful? Give feedback.
With the switchover to Raptor, "detections" became "alerts" (despite still being called "detections" in the Falcon UI). While
Get-FalconDetectionstill works and still shows endpoint detections, eventually it will be deprecated andGet-FalconAlertwill be your only option.Have you tried using
Get-FalconAlert? I just tested closing a detection in my environment through the Falcon UI and noticed that the corresponding detection displayed byGet-FalconDetectiondid not update, while the corresponding "alert" did.