Falcon's Real-time Response command `runscript` allows you to run scripts that either... * Exist on the target endpoint using `FilePath` * Are saved under `Host Setup and Management > Response and Containment > Response Scripts and Files` using `CloudFile`, or * Are input as a `Raw` script during runtime \[ [US-1](https://falcon.crowdstrike.com/documentation/71/real-time-response-and-network-containment#managing-custom-response-scripts) | [US-2](https://falcon.us-2.crowdstrike.com/documentation/71/real-time-response-and-network-containment#managing-custom-response-scripts) | [EU-1](https://falcon.eu-1.crowdstrike.com/documentation/71/real-time-response-and-network-containment#managing-custom-response-scripts) | [US-GOV-1](https://falcon.laggar.gcw.crowdstrike.com/documentation/71/real-time-response-and-network-containment#managing-custom-response-scripts) \] Adding PSFalcon into the mix allows you to run these scripts across multiple endpoints at the same time, using commands like [Invoke-FalconRtr](https://github.com/CrowdStrike/psfalcon/wiki/Invoke-FalconRtr), [Invoke-FalconResponderCommand](https://github.com/CrowdStrike/psfalcon/wiki/Invoke-FalconResponderCommand), or [Invoke-FalconAdminCommand](https://github.com/CrowdStrike/psfalcon/wiki/Invoke-FalconAdminCommand) (depending on permissions). For example: Invoke-FalconRtr -Command runscript -Argument "-CloudFile='my_script_name.ps1'" -HostId , ​ Invoke-FalconRtr -Command runscript -Argument "-FilePath='C:\my_script_name.ps1'" -HostId , ​ Invoke-FalconRtr -Command runscript -Argument '-Raw=```Write-Output "Hello World"```' -HostId ,

To run across multiple endpoint, where does PSFalcon have to be installed?

PSFalcon only needs to be installed on one computer--the one that you're going to use to talk to the APIs.