Edit FalconIoc
Modify custom indicators
Requires 'IOC Manager APIs: Write'.
| Name | Type | Min | Max | Pattern | Allowed | Pipeline | PipelineByName | Description |
|---|---|---|---|---|---|---|---|---|
| Action | String |
no_actionallowprevent_no_uidetectprevent
|
False | True | Action to perform when a host observes the indicator | |||
| Platform | String[] |
androidioslinuxmacwindows
|
False | True | Operating system platform | |||
| Source | String | 1 |
256 |
False | True | Origination source | ||
| Severity | String |
informationallowmediumhighcritical
|
False | True | Severity level | |||
| Description | String | False | True | Indicator description | ||||
| Filename | String | False | True | Indicator filename, used with hash values | ||||
| Tag | String[] | False | True | Indicator tag | ||||
| MobileAction | String |
no_actionallowdetectprevent
|
False | True | Action to perform when a mobile device observes the indicator | |||
| HostGroup | String[] | ^[a-fA-F0-9]{32}$ |
False | True | Host group identifier | |||
| AppliedGlobally | Boolean | False | True | Assign to all host groups | ||||
| Expiration | String | `^(\d{4}-\d{2}-\d{2} | \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z)$` | False | True | |||
| Comment | String | False | True | Audit log comment | ||||
| Retrodetect | Boolean | False | False | Generate retroactive detections for hosts that have observed the indicator | ||||
| IgnoreWarning | Boolean | False | False | Ignore warnings and modify all indicators | ||||
| Id | String | ^[A-Fa-f0-9]{64}$ |
False | True | Indicator identifier |
Edit-FalconIoc [[-Action] <String>] [[-Platform] <String[]>] [[-Source] <String>] [[-Severity] <String>] [[-Description] <String>] [[-Filename] <String>] [[-Tag]
<String[]>] [[-MobileAction] <String>] [[-HostGroup] <String[]>] [[-AppliedGlobally] <Boolean>] [[-Expiration] <String>] [[-Comment] <String>] [[-Retrodetect]
<Boolean>] [[-IgnoreWarning] <Boolean>] [-Id] <String> [-WhatIf] [-Confirm] [<CommonParameters>]
Generated 20220922 using PSFalcon v2.2.3
