Skip to content

How to use multiple filters to get ids of detects #99

Answered by bk-cs
kumar4755 asked this question in Q&A
Discussion options

You must be logged in to vote

Sort is not a property of FQL, it is it's own property. Note that my example is for PSFalcon v2 and you appear to be using v1 (unsupported).

Get-FalconDetection -Filter "first_behavior:<'2021-02-06'" -Sort 'first_behavior.desc'

If you were trying to combine two proper FQL filters, you would use +:

Get-FalconDetection -Filter "first_behavior:<'2021-02-06'+status:'new'"

See the following wiki article for more information about FQL filters: https://github.com/CrowdStrike/psfalcon/wiki/Filtering-and-the-Falcon-Query-Language

Replies: 1 comment

Comment options

You must be logged in to vote
0 replies
Answer selected by bk-cs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
question Further information is requested
2 participants
Converted from issue

This discussion was converted from issue #46 on September 24, 2021 15:23.