Perform a recursive search for a file. Because of the potential for the script to time out when run using Real-time Response, results will be sent to your Humio instance (if 'Cloud' and 'Token' are provided) or written to a Json file in the temporary Rtr directory.
Base directory to begin search (Required)
Restrict search results using a pattern (Required)
An array of one or more string patterns to include
An array of one or more string patterns to exclude
Humio cloud base URL
Humio ingest token
runscript -CloudFile="find_file" -CommandLine=```'{"Path":"C:\\Windows","Filter":"notepad*","Include":"*.exe"}'```
PS>$CommandLine = '```' + "'$(@{ Path = 'C:\Windows'; Filter = 'notepad*'; Include = '*.exe' } | ConvertTo-Json -Compress)'" + '```'
PS>Invoke-FalconRtr runscript "-CloudFile='find_file' -CommandLine=$CommandLine" -HostIds <id>, <id>