Skip to content

New FalconReconRule

bk-cs edited this page Sep 22, 2022 · 22 revisions

New-FalconReconRule

SYNOPSIS

Create Falcon X Recon monitoring rules

DESCRIPTION

Requires 'Monitoring Rules (Falcon X Recon): Write'.

PARAMETERS

Name Type Min Max Pattern Allowed Pipeline PipelineByName Description
Array Object[] False An array of monitoring rules to create in a single request
Name String False False Monitoring rule name
Topic String SA_ALIAS
SA_AUTHOR
SA_BIN
SA_BRAND_PRODUCT
SA_CUSTOM
SA_CVE
SA_DOMAIN
SA_EMAIL
SA_IP
SA_THIRD_PARTY
SA_VIP
False False Monitoring rule topic
Filter String False False Falcon Query Language expression to limit results
Priority String high
medium
low
False False Monitoring rule priority
Permission String private
public
False False Permission level [public: 'All Intel users', private: 'Recon Admins']

SYNTAX

New-FalconReconRule [-Name] <String> [-Topic] <String> [-Filter] <String> [-Priority] <String> [-Permission] <String> [-WhatIf] [-Confirm] [<CommonParameters>]
New-FalconReconRule -Array <Object[]> [-WhatIf] [-Confirm] [<CommonParameters>]

Generated 20220922 using PSFalcon v2.2.3

Clone this wiki locally