Get actor IDs
-Filter: Filter your query by specifying FQL filter parameters
-Query: Perform a generic substring search across all fields
-Limit: The maximum records to return [default: 5000]
-Offset: The offset to start retrieving records from [default: 0]
-All: Repeat request until all results are returned
PS> Get-CsActorIdRetrieve specific actors
-Filter: Filter your query by specifying FQL filter parameters
-Query: Perform a generic substring search across all fields
-Limit: The maximum records to return [default: 500]
-Offset: The offset to start retrieving records from [default: 0]
-All: Repeat request until all results are returned
-Id: IDs of specific actors to return
-Field: The fields to return, or a predefined set of fields in the form of the collection name surrounded
by two underscores [default: '_basic_']
PS> Get-CsActorInfoGet indicators IDs
-Deleted: If $true, include both published and deleted indicators in the response [default: $false]
-Filter: Filter your query by specifying FQL filter parameters
-Query: Perform a generic substring search across all fields
-Limit: The maximum records to return [default: 150000]
-Offset: The offset to start retrieving records from [default: 0]
-All: Repeat request until all results are returned
PS> Get-CsIndicatorIdRetrieve info about specific indicators
-Deleted: If $true, include both published and deleted indicators in the response [default: $false]
-Filter: Filter your query by specifying FQL filter parameters
-Query: Perform a generic substring search across all fields
-Limit: The maximum records to return [default: 150000]
-Offset: The offset to start retrieving records from [default: 0]
-Id: IDs of specific indicators to return
PS> Get-CsIndicatorInfoGet report IDs
-Filter: Filter your query by specifying FQL filter parameters
-Query: Perform a generic substring search across all fields
-Limit: The maximum records to return [default: 5000]
-Offset: The offset to start retrieving records from [default: 0]
-All: Repeat request until all results are returned
PS> Get-CsReportIdRetrieve info about specific reports
-Filter: Filter your query by specifying FQL filter parameters
-Query: Perform a generic substring search across all fields
-Limit: The maximum records to return [default: 500]
-Offset: The offset to start retrieving records from [default: 0]
-All: Repeat request until all results are returned
-Id: IDs of the reports you want to retrieve
-Field: The fields to return, or a predefined set of fields in the form of the collection name surrounded
by two underscores [default: '_basic_']
PS> Get-CsReportInfoSearch for rule IDs
-Type: The rule news report type
-Name: Search by rule title
-Description: Substring match on description field
-Tag: Search for rule tags
-MinCreated: Filter results to those created on or after a certain date
-MaxCreated: Filter results to those created on or before a certain date
-Query: Perform a generic substring search across all fields
-Limit: The maximum records to return [default: 100]
-Offset: The offset to start retrieving records from [default: 0]
-All: Repeat request until all results are returned
PS> Get-CsRuleId -Type <string>Retrieve details for rule sets
-Id: IDs of rules to return
PS> Get-CsRuleInfo -Id @(<string>, <string>)Download a CrowdStrike Intel Report PDF
-Id: ID of the report
-Path: Destination path
PS> Receive-CsReport -Id <string> -Path <string>Download the latest rule set by type, or specific rule set by id
-Type: Type of rule set
-Id: ID of a specific rule set
-Format: Output archive type [default: 'zip']
-Path: Destination path
PS> Receive-CsRuleSet -Type <string> -Path <string>