New FalconIoaRule
Create a custom Indicator of Attack rule within a rule group
Requires 'Custom IOA Rules: Write'.
| Name | Type | Min | Max | Pattern | Allowed | Pipeline | PipelineByName | Description |
|---|---|---|---|---|---|---|---|---|
| Name | String | False | True | Rule name | ||||
| PatternSeverity | String |
criticalhighmediumlowinformational
|
False | True | Rule severity | |||
| RuletypeId | String |
12569101112
|
False | True | Rule type | |||
| DispositionId | Int32 |
102030
|
False | True | Disposition identifier [10: Monitor, 20: Detect, 30: Block] | |||
| FieldValue | Object[] | False | True | An array of rule properties | ||||
| Description | String | False | True | Rule description | ||||
| Comment | String | False | True | Audit log comment | ||||
| RulegroupId | String | ^[a-fA-F0-9]{32}$ |
False | True | Rule group identifier |
New-FalconIoaRule [-Name] <String> [-PatternSeverity] <String> [-RuletypeId] <String> [-DispositionId] <Int32> -FieldValue] <Object[]> [[-Description] <String>] [[-Comment] <String>] [-RulegroupId] <String> [-WhatIf] [-Confirm] <CommonParameters>]
Generated 20220922 using PSFalcon v2.2.3
