Edit FalconIoc
Modify custom indicators
Requires 'IOC Manager APIs: Write'.
| Name | Type | Min | Max | Pattern | Allowed | Pipeline | PipelineByName | Description |
|---|---|---|---|---|---|---|---|---|
| Action | String |
no_actionallowprevent_no_uidetectprevent
|
False | Action to perform when a host observes the indicator | ||||
| Platform | String[] |
androidioslinuxmacwindows
|
False | Operating system platform | ||||
| Source | String | 1 |
256 |
False | Origination source | |||
| Severity | String |
informationallowmediumhighcritical
|
False | Severity level | ||||
| Description | String | False | Indicator description | |||||
| Filename | String | False | Indicator filename, used with hash values | |||||
| Tag | String[] | False | Indicator tag | |||||
| MobileAction | String |
no_actionallowdetectprevent
|
False | Action to perform when a mobile device observes the indicator | ||||
| HostGroup | String[] | ^[a-fA-F0-9]{32}$ |
False | Host group identifier | ||||
| AppliedGlobally | Boolean | False | Assign to all host groups | |||||
| Expiration | String | `^(\d{4}-\d{2}-\d{2} | \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z)$` | False | ||||
| Comment | String | False | Audit log comment | |||||
| Retrodetect | Boolean | False | False | Generate retroactive detections for hosts that have observed the indicator | ||||
| IgnoreWarning | Boolean | False | False | Ignore warnings and modify all indicators | ||||
| Id | String | ^[A-Fa-f0-9]{64}$ |
False | Indicator identifier |
Edit-FalconIoc [[-Action] <String>] [[-Platform] <String[]>] [[-Source] <String>] [[-Severity] <String>] [[-Description] <String>] [[-Filename] <String>] [[-Tag]
<String[]>] [[-MobileAction] <String>] [[-HostGroup] <String[]>] [[-AppliedGlobally] <Boolean>] [[-Expiration] <String>] [[-Comment] <String>] [[-Retrodetect]
<Boolean>] [[-IgnoreWarning] <Boolean>] [-Id] <String> [-WhatIf] [-Confirm] [<CommonParameters>]
Generated 20220922 using PSFalcon v2.2.3
