PSFalcon
PowerShell automation for the CrowdStrike Falcon platform. Interact with 400+ cmdlets covering all OAuth2 APIs without extensive API knowledge.
Key Features
PSFalcon helps CrowdStrike Falcon users automate security operations and perform actions outside of the Falcon UI.OAuth2 Authentication
Automatic token management and refresh with multi-CID support for MSSP environments
400+ Cmdlets
Comprehensive coverage of all CrowdStrike Falcon OAuth2 APIs with PowerShell-friendly syntax
Real-time Response
Automate RTR sessions and commands across thousands of hosts simultaneously
Policy Management
Create, modify, and manage prevention, response, firewall, and device control policies
Threat Intelligence
Access threat intel, manage IOCs, submit samples to sandbox, and query malware databases
Cloud Security
Manage cloud security posture for AWS, Azure, and GCP with container and Kubernetes protection
Cross-Platform
Works on Windows (PowerShell 5.1+), Linux, and macOS (PowerShell 6+)
Built-in Helpers
Automatic pagination, filtering, error handling, and result formatting
Quick Start
Get up and running with PSFalcon in minutes.Installation
Install from PowerShell Gallery
Quickstart
Your first API request
Authentication
OAuth2 setup and token management
Common Use Cases
Host Operations
Search, group, and manage hosts at scale
Detection Management
Automate detection triage and response workflows
RTR Automation
Execute commands on multiple endpoints
MSSP Operations
Manage multiple customer environments
Resources
GitHub Repository
View source code and contribute
PowerShell Gallery
Download the latest version
Wiki
Additional documentation and guides
API Documentation
CrowdStrike Falcon API reference