What are you doing with PSFalcon? #72
Replies: 2 comments 16 replies
-
Nice, both of those sound great. Sorry if I'm in the wrong forum, so feel free to relocate this if need: I have a question on the demo you did with RiskIQ. I installed PSRiskIQ, and I have the RiskIQ icon in CS, but is not integrated with Illuminate... I'm getting errors when GetArtifacts.ps1 tries importing the custom IOC's into Falcon:
The first/original error (does not generate a csv):
I removed the
I get the access token using my CS client ID/secret before running the script. Do I need an API key from RiskIQ? Or an enterprise account (not community)? I recorded the second error with start/stop-transcript if you want that. Any help is appreciated! Thank you! |
Beta Was this translation helpful? Give feedback.
-
Is there a way to download strict IOC's from a Falcon sandbox report > upload the IOC's into a threat indicator graph > then export the list of all hosts in contact with those IOC's? I'm trying to figure out a smoother process of getting hostnames and host id's to use in PSFalcon without going into Host Management. Ideal workflow: View Falcon sandbox report > click the 'Search Indicator Graph' button to see what hosts may be communicating with that malware sample > Refine indicator graph by removing noisey IOC's > Before exiting the "refine graph" interface, Is this doable with PSFalcon? |
Beta Was this translation helpful? Give feedback.
-
I'd love to hear your feedback on how you're using PSFalcon and what sort of additional commands or features you'd like to see. The module itself seems to be at a point where I can spend more time adding in additional functionality.
Two things I'm currently considering:
Uninstall-FalconSensor
command that's designed to remove the Falcon sensor (including getting the maintenance token) to specified host identifiers.What are you using PSFalcon for today? What else would you like to see?
Beta Was this translation helpful? Give feedback.
All reactions