Skip to main content

Get-FalconHostGroup

Search for host groups in your environment. 
Get-FalconHostGroup [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [[-Include] <String[]>] [[-Offset] <Int32>] [-Detailed] [-All] [-Total]
Get-FalconHostGroup -Id <String[]> [-Include <String[]>]
Id
string[]
Host group identifier(s) to retrieve specific groupsAliases: ids
Filter
string
Falcon Query Language (FQL) expression to limit resultsExample: name:'*Production*'+group_type:'static'
Sort
string
Property and direction to sort resultsValid values: created_by.asc, created_by.desc, created_timestamp.asc, created_timestamp.desc, group_type.asc, group_type.desc, modified_by.asc, modified_by.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc
Limit
int32
Maximum number of results per request (1-500)
Include
string[]
Include additional properties in the responseValid values: members - Include member host IDs
Offset
int32
Position to begin retrieving results (for pagination)
Detailed
switch
Retrieve detailed information for host groups
All
switch
Repeat requests until all available results are retrieved
Total
switch
Display total result count instead of results
Required Permission: Host groups: Read

Examples

# Get all host groups
Get-FalconHostGroup -All

# Get detailed information for all groups
Get-FalconHostGroup -Detailed -All

# Get groups with member information
Get-FalconHostGroup -Include members -All

New-FalconHostGroup

Create new host groups. 
New-FalconHostGroup -GroupType <String> -Name <String> [-Description <String>] [-AssignmentRule <String>]
New-FalconHostGroup -InputObject <Object[]>
GroupType
string
required
Type of host group to createValid values:
  • static - Manually managed membership
  • staticByID - Manually managed by device ID
  • dynamic - Automatically managed via FQL assignment rule
Aliases: group_type
Name
string
required
Host group name
Description
string
Host group description
AssignmentRule
string
FQL-based assignment rule (required for dynamic groups, not applicable for static groups)Example: platform_name:'Windows'+tags:'FalconGroupingTags/Production'Aliases: assignment_rule
InputObject
object[]
One or more host group objects to create in a single request (up to 10 per request)Aliases: resources, Array
Required Permission: Host groups: Write

Examples

# Create a static host group
New-FalconHostGroup -GroupType static -Name "Production Servers" -Description "Production environment servers"

# Create a static group with ID-based membership
New-FalconHostGroup -GroupType staticByID -Name "Critical Assets" -Description "Business critical systems"
Dynamic host groups automatically update membership based on the assignment rule. Static groups require manual membership management using Invoke-FalconHostGroupAction.

Edit-FalconHostGroup

Modify existing host groups. 
Edit-FalconHostGroup [[-Name] <String>] [[-Description] <String>] [[-AssignmentRule] <String>] -Id <String>
Name
string
New host group name
Description
string
New host group description
AssignmentRule
string
New FQL-based assignment rule (only applicable for dynamic host groups)Aliases: assignment_rule
Id
string
required
Host group identifier to modify
Required Permission: Host groups: Write

Examples

# Update group name
Edit-FalconHostGroup -Id "group123abc..." -Name "Production Web Servers"

# Update description
Edit-FalconHostGroup -Id "group123abc..." -Description "Updated description"

# Update multiple properties
Edit-FalconHostGroup -Id "group123abc..." -Name "New Name" -Description "New description"

Remove-FalconHostGroup

Remove host groups. 
Remove-FalconHostGroup -Id <String[]>
Id
string[]
required
Host group identifier(s) to removeAliases: ids
Required Permission: Host groups: Write

Examples

# Remove a single host group
Remove-FalconHostGroup -Id "group123abc..."

# Remove multiple host groups
Remove-FalconHostGroup -Id "group123abc...","group456def..."
Removing a host group is permanent and cannot be undone. Ensure you have the correct group ID before executing.

Get-FalconHostGroupMember

Search for members of a host group. 
Get-FalconHostGroupMember [[-Id] <String>] [[-Filter] <String>] [[-Sort] <String>] [[-Limit] <Int32>] [[-Offset] <Int32>] [-Detailed] [-All] [-Total]
Id
string
Host group identifier to retrieve members from
Filter
string
Falcon Query Language (FQL) expression to limit member results
Sort
string
Property and direction to sort results
Limit
int32
Maximum number of results per request (1-500)
Offset
int32
Position to begin retrieving results
Detailed
switch
Retrieve detailed member information
All
switch
Repeat requests until all available results are retrieved
Total
switch
Display total result count instead of results
Required Permission: Host groups: Read

Examples

# Get all members of a host group
Get-FalconHostGroupMember -Id "group123abc..." -All

# Get detailed member information
Get-FalconHostGroupMember -Id "group123abc..." -Detailed -All

# Get member count
Get-FalconHostGroupMember -Id "group123abc..." -Total

Invoke-FalconHostGroupAction

Add or remove hosts from host groups. 
Invoke-FalconHostGroupAction -Name <String> -Id <String> -HostId <String[]>
Name
string
required
Action to performValid values:
  • add-hosts - Add hosts to the group
  • remove-hosts - Remove hosts from the group
Aliases: action_name
Id
string
required
Host group identifier to modify
HostId
string[]
required
Host identifier(s) to add or remove (processed in batches of 500)Aliases: ids, device_id, HostIds
Required Permission: Host groups: Write

Examples

# Add a single host to a group
Invoke-FalconHostGroupAction -Name add-hosts -Id "group123abc..." -HostId "host123def..."

# Add multiple hosts to a group
$HostIds = @("host123def...","host456ghi...")
Invoke-FalconHostGroupAction -Name add-hosts -Id "group123abc..." -HostId $HostIds
Host membership actions are processed in batches of 500. For large operations, the cmdlet automatically handles batching.

Build docs developers (and LLMs) love

Get started for freeTalk to us