Edit FalconIoc

Edit-FalconIoc

SYNOPSIS

Modify custom indicators

DESCRIPTION

Requires 'IOC Manager APIs: Write'.

PARAMETERS

Name	Type	Min	Max	Allowed	Pipeline	PipelineByName	Description
Action	String			no_action allow prevent_no_ui detect prevent		X	Action to perform when a host observes the indicator
Platform	String[]			android ios linux mac windows		X	Operating system platform
Source	String	1	256			X	Origination source
Severity	String			informational low medium high critical		X	Severity level
Description	String					X	Indicator description
Filename	String					X	Indicator filename, used with hash values
Tag	String[]					X	Indicator tag
MobileAction	String			no_action allow detect prevent		X	Action to perform when a mobile device observes the indicator
HostGroup	String[]					X	Host group identifier
AppliedGlobally	Boolean					X	Assign to all host groups
Expiration	String					X	Expiration date. When an indicator expires, its action is set to 'no_action' but it remains in your indicator list.
Comment	String					X	Audit log comment
Retrodetect	Boolean						Generate retroactive detections for hosts that have observed the indicator
IgnoreWarning	Boolean						Ignore warnings and modify all indicators
Id	String					X	Indicator identifier

SYNTAX

Edit-FalconIoc [[-Action] <String>] [[-Platform] <String[]>] [[-Source] <String>] [[-Severity] <String>] [[-Description] <String>] [[-Filename] <String>] [[-Tag] <String[]>] [[-MobileAction] <String>] [[-HostGroup] <String[]>] [[-AppliedGlobally] <Boolean>] [[-Expiration] <String>] [[-Comment] <String>] [[-Retrodetect] <Boolean>] [[-IgnoreWarning] <Boolean>] [-Id] <String> [-WhatIf] [-Confirm] [<CommonParameters>]

SDK Reference

falconpy

indicator_update_v1

USAGE

Updating an indicator by identifier

Edit-FalconIoc -Id <id> -Source testSource -Action detect -Severity low -Description 'test description update' -Platforms windows -Tags test_tag2 -HostGroup all -Expiration '2021-05-01T12:00:00Z'

2022-10-31: PSFalcon v2.2.3