Kubernetes Protection

Overview

Manage Kubernetes cluster registration, monitoring, and security for Falcon Container Security. These cmdlets enable you to connect cloud provider Kubernetes services (EKS, AKS), configure cluster protection, and deploy Falcon sensors to Kubernetes environments.

Prerequisites

Kubernetes Protection: Read - Required for retrieval operations
Kubernetes Protection: Write - Required for provisioning and modifications

Cluster Management

Get-FalconContainerAccount

Return provisioned Falcon Container Security accounts and known clusters.

Get-FalconContainerAccount

Get-FalconContainerAccount [-Id <string[]>] [-Location <string[]>] [-ClusterService <string[]>] [-ClusterStatus <string[]>] [-Limit <int>] [-Offset <int>] [-All] [-Total]

Parameters

string[]

Cluster account identifier

Location

string[]

Cloud provider location

ClusterService

string[]

Cluster service. Valid values: aks, eks

ClusterStatus

string[]

Cluster status. Valid values: Not Installed, Running, Stopped

Limit

int

Maximum number of results per request

Offset

int

Position to begin retrieving results

All

switch

Repeat requests until all available results are retrieved

Total

switch

Display total result count instead of results

Example

# Get all cluster accounts
Get-FalconContainerAccount -All

# Get running EKS clusters
Get-FalconContainerAccount -ClusterService eks -ClusterStatus Running

# Get clusters by location
Get-FalconContainerAccount -Location us-east-1 -All

Get-FalconContainerCloud

Return Falcon Container Security cloud provider locations.

Get-FalconContainerCloud

Get-FalconContainerCloud [-Cloud <string[]>]

Parameters

Cloud

string[]

Cloud provider. Valid values: aws, azure, gcp

Example

# Get all cloud locations
Get-FalconContainerCloud

# Get AWS locations
Get-FalconContainerCloud -Cloud aws

AWS Account Management

Get-FalconContainerAwsAccount

Return Falcon Container Security AWS accounts.

Get-FalconContainerAwsAccount

Get-FalconContainerAwsAccount [-Id <string[]>] [-Status <string>] [-IsFcsAcct <string>] [-Limit <int32>] [-Offset <int32>] [-All] [-Total]

Parameters

string[]

AWS account identifier (12-digit format)

Status

string

Filter by account status. Valid values: provisioned, operational

IsFcsAcct

string

Restrict results to Falcon Cloud Security. Valid values: false, true

Limit

int32

Maximum number of results per request

Offset

int32

Position to begin retrieving results

All

switch

Repeat requests until all available results are retrieved

Total

switch

Display total result count instead of results

Example

# Get all AWS accounts
Get-FalconContainerAwsAccount -All

# Get operational accounts
Get-FalconContainerAwsAccount -Status operational

# Get specific account
Get-FalconContainerAwsAccount -Id 123456789012

New-FalconContainerAwsAccount

Provision Falcon Container Security AWS accounts.

New-FalconContainerAwsAccount

New-FalconContainerAwsAccount -Region <string> -Id <string>

Parameters

Region

string

required

AWS cloud region

string

required

AWS account identifier (12-digit format)

Example

# Provision AWS account
New-FalconContainerAwsAccount -Region us-east-1 -Id 123456789012

Edit-FalconContainerAwsAccount

Modify Falcon Container Security AWS accounts.

Edit-FalconContainerAwsAccount

Edit-FalconContainerAwsAccount -Id <string[]> [-Region <string>]

Parameters

string[]

required

AWS account identifier (12-digit format)

Region

string

AWS cloud region

Example

# Update account region
Edit-FalconContainerAwsAccount -Id 123456789012 -Region us-west-2

Remove-FalconContainerAwsAccount

Remove Falcon Container Security AWS accounts.

Remove-FalconContainerAwsAccount

Remove-FalconContainerAwsAccount -Id <string[]>

Parameters

string[]

required

AWS account identifier (12-digit format)

Example

# Remove AWS account
Remove-FalconContainerAwsAccount -Id 123456789012

Azure Account Management

Get-FalconContainerAzureAccount

Return Falcon Container Security Azure accounts.

Get-FalconContainerAzureAccount

Get-FalconContainerAzureAccount [-Id <string[]>] [-SubscriptionId <string[]>] [-Status <string>] [-IsFcsAcct <boolean>] [-Limit <int>] [-Offset <int>] [-All] [-Total]

Parameters

string[]

Azure tenant identifier (GUID format)

SubscriptionId

string[]

Azure subscription identifier (GUID format)

Status

string

Filter by account status. Valid values: operational, provisioned

IsFcsAcct

boolean

Restrict results to Falcon Cloud Security

Limit

int

Maximum number of results per request

Offset

int

Position to begin retrieving results

All

switch

Repeat requests until all available results are retrieved

Total

switch

Display total result count instead of results

Example

# Get all Azure accounts
Get-FalconContainerAzureAccount -All

# Get by tenant
Get-FalconContainerAzureAccount -Id 12345678-1234-1234-1234-123456789012

# Get by subscription
Get-FalconContainerAzureAccount -SubscriptionId 87654321-4321-4321-4321-210987654321

New-FalconContainerAzureAccount

Provision Falcon Container Security Azure accounts.

New-FalconContainerAzureAccount

New-FalconContainerAzureAccount [-SubscriptionId <string>] [-TenantId <string>]

Parameters

SubscriptionId

string

Azure subscription identifier (GUID format)

TenantId

string

Azure tenant identifier (GUID format)

Example

# Provision Azure account
New-FalconContainerAzureAccount -SubscriptionId 12345678-1234-1234-1234-123456789012 -TenantId 87654321-4321-4321-4321-210987654321

Edit-FalconContainerAzureAccount

Modify the client identifier for a Falcon Container Security Azure account.

Edit-FalconContainerAzureAccount

Edit-FalconContainerAzureAccount -ClientId <string> -Id <string>

Parameters

ClientId

string

required

Azure client identifier (GUID format)

string

required

Azure tenant identifier (GUID format)

Example

# Update client ID
Edit-FalconContainerAzureAccount -ClientId 11111111-1111-1111-1111-111111111111 -Id 22222222-2222-2222-2222-222222222222

Remove-FalconContainerAzureAccount

Remove Falcon Container Security Azure accounts.

Remove-FalconContainerAzureAccount

Remove-FalconContainerAzureAccount -Id <string[]>

Parameters

string[]

required

Azure subscription identifier (GUID format)

Example

# Remove Azure account
Remove-FalconContainerAzureAccount -Id 12345678-1234-1234-1234-123456789012

Get-FalconContainerAzureConfig

Return Falcon Container Security Azure tenant configurations.

Get-FalconContainerAzureConfig

Get-FalconContainerAzureConfig [-Id <string[]>] [-Limit <int>] [-Offset <int>] [-All] [-Total]

Parameters

string[]

Azure tenant identifier (GUID format)

Limit

int

Maximum number of results per request

Offset

int

Position to begin retrieving results

All

switch

Repeat requests until all available results are retrieved

Total

switch

Display total result count instead of results

Example

# Get all Azure configurations
Get-FalconContainerAzureConfig -All

# Get specific tenant config
Get-FalconContainerAzureConfig -Id 12345678-1234-1234-1234-123456789012

Get-FalconContainerAzureTenant

Return Falcon Container Security Azure tenants.

Get-FalconContainerAzureTenant

Get-FalconContainerAzureTenant [-Id <string[]>] [-Status <string>] [-Limit <int>] [-Offset <int>] [-All] [-Total]

Parameters

string[]

Azure tenant identifier (GUID format)

Status

string

Cluster status. Valid values: Not Installed, Running, Stopped

Limit

int

Maximum number of results per request

Offset

int

Position to begin retrieving results

All

switch

Repeat requests until all available results are retrieved

Total

switch

Display total result count instead of results

Example

# Get all tenants
Get-FalconContainerAzureTenant -All

# Get running tenants
Get-FalconContainerAzureTenant -Status Running

Deployment & Configuration

Get-FalconContainerScript

Return bash scripts for Falcon Cloud Security registration.

Get-FalconContainerScript

Get-FalconContainerScript

Example

# Get registration scripts
Get-FalconContainerScript

Get-FalconContainerAzureScript

Return Falcon Container Security script for Azure.

Get-FalconContainerAzureScript

Get-FalconContainerAzureScript -Id <string> [-SubscriptionId <string[]>]

Parameters

string

required

Azure tenant identifier (GUID format)

SubscriptionId

string[]

Azure subscription identifier (GUID format)

Example

# Get Azure script
Get-FalconContainerAzureScript -Id 12345678-1234-1234-1234-123456789012

# Get for specific subscription
Get-FalconContainerAzureScript -Id 12345678-1234-1234-1234-123456789012 -SubscriptionId 87654321-4321-4321-4321-210987654321

Receive-FalconContainerYaml

Download a sample Helm values.yaml file.

Receive-FalconContainerYaml

Receive-FalconContainerYaml -ClusterName <string> -Path <string> [-IsSelfManagedCluster <boolean>] [-Force]

Parameters

ClusterName

string

required

Cluster name

Path

string

required

Destination path for the YAML file

IsSelfManagedCluster

boolean

Restrict results to clusters that are not managed by the cloud provider

Force

switch

Overwrite existing file when present

Example

# Download Helm values
Receive-FalconContainerYaml -ClusterName my-eks-cluster -Path ./values.yaml

# Download for self-managed cluster
Receive-FalconContainerYaml -ClusterName my-k8s-cluster -Path ./values.yaml -IsSelfManagedCluster $true

New-FalconContainerKey

Regenerate the API key for Falcon Container Security Docker registry integrations.

New-FalconContainerKey

New-FalconContainerKey

Example

# Regenerate API key
New-FalconContainerKey

Invoke-FalconContainerScan

Initiate a Falcon Container Security scan.

Invoke-FalconContainerScan

Invoke-FalconContainerScan -ScanType <string>

Parameters

ScanType

string

required

Scan type. Valid values: cluster-refresh, dry-run, full

Example

# Run full scan
Invoke-FalconContainerScan -ScanType full

# Run dry run
Invoke-FalconContainerScan -ScanType dry-run

# Refresh cluster data
Invoke-FalconContainerScan -ScanType cluster-refresh

Overview

Authentication

Alerts & Detections

Host Management

Real-time Response

Threat Intelligence

Policy Management

Cloud Security

Identity & Access

Security Operations

Monitoring & Analysis

Utilities

​Overview

​Prerequisites

​Cluster Management

​Get-FalconContainerAccount

​Parameters

​Example

​Get-FalconContainerCloud

​Parameters

​Example

​AWS Account Management

​Get-FalconContainerAwsAccount

​Parameters

​Example

​New-FalconContainerAwsAccount

​Parameters

​Example

​Edit-FalconContainerAwsAccount

​Parameters

​Example

​Remove-FalconContainerAwsAccount

​Parameters

​Example

​Azure Account Management

​Get-FalconContainerAzureAccount

​Parameters

​Example

​New-FalconContainerAzureAccount

​Parameters

​Example

​Edit-FalconContainerAzureAccount

​Parameters

​Example

​Remove-FalconContainerAzureAccount

​Parameters

​Example

​Get-FalconContainerAzureConfig

​Parameters

​Example

​Get-FalconContainerAzureTenant

​Parameters

​Example

​Deployment & Configuration

​Get-FalconContainerScript

​Example

​Get-FalconContainerAzureScript

​Parameters

​Example

​Receive-FalconContainerYaml

​Parameters

​Example

​New-FalconContainerKey

​Example

​Invoke-FalconContainerScan

​Parameters

​Example

​Related Resources

Build docs developers (and LLMs) love

Overview

Prerequisites

Cluster Management

Get-FalconContainerAccount

Parameters

Example

Get-FalconContainerCloud

Parameters

Example

AWS Account Management

Get-FalconContainerAwsAccount

Parameters

Example

New-FalconContainerAwsAccount

Parameters

Example

Edit-FalconContainerAwsAccount

Parameters

Example

Remove-FalconContainerAwsAccount

Parameters

Example

Azure Account Management

Get-FalconContainerAzureAccount

Parameters

Example

New-FalconContainerAzureAccount

Parameters

Example

Edit-FalconContainerAzureAccount

Parameters

Example

Remove-FalconContainerAzureAccount

Parameters

Example

Get-FalconContainerAzureConfig

Parameters

Example

Get-FalconContainerAzureTenant

Parameters

Example

Deployment & Configuration

Get-FalconContainerScript

Example

Get-FalconContainerAzureScript

Parameters

Example

Receive-FalconContainerYaml

Parameters

Example

New-FalconContainerKey

Example

Invoke-FalconContainerScan

Parameters

Example

Related Resources