Third party ingestion

---

• Falcon LogScale event ingestion
  • Configure a Falcon Logscale collector
  • Display your collector
  • Send objects to Falcon Logscale
  • Remove your collector
• Webhook ingestion
  • Send objects to Slack
• Falcon Intelligence indicator map
  • Map indicators

---

Command	Permission
Register-FalconEventCollector
Send-FalconEvent
Send-FalconWebhook
Show-FalconEventCollector
Show-FalconMap
Unregister-FalconEventCollector

---

Falcon LogScale event ingestion

Configure a Falcon LogScale collector

The Enable parameter is optional and will configure PSFalcon to send requests or responses to Falcon LogScale as they occur.

The Token parameter expects your Falcon LogScale ingest token.

Register-FalconEventCollector -Uri https://cloud.community.humio.com -Token <string> -Enable responses, requests

Display your collector

Show-FalconEventCollector

Send objects to Falcon LogScale

Once a collector has been defined through Register-FalconEventCollector, any [PSCustomObject] can be sent to Falcon LogScale.

Get-FalconHost -Limit 1 -Detailed | Send-FalconEvent

Send-FalconEvent -Object ([PSCustomObject]@{ Example = 'my_string' })

Remove your collector

Unregister-FalconEventCollector

Webhook ingestion

Send objects to Slack

Any [PSCustomObject] can be sent to a Slack webhook.

Get-FalconHost -Limit 1 -Detailed | Send-FalconWebhook -Type Slack -Uri https://hooks.slack.com/services/... 

$Object = [PSCustomObject]@{ Example = 'my_string' }
Send-FalconWebhook -Type Slack -Uri https://hooks.slack.com/services/... -Object $Object

Falcon Intelligence indicator map

Map indicators

Get-FalconIndicator -Filter "type:'hash_sha256'" -Limit 5 | Show-FalconMap

Show-FalconMap -Indicator www.google.com, 8.8.8.8