New FalconIoaExclusion

New-FalconIoaExclusion

SYNOPSIS

Create an Indicator of Attack exclusion

DESCRIPTION

'ConvertTo-FalconIoaExclusion' can be used to generate the required Indicator of Attack exclusion properties using an existing detection.

Requires 'IOA Exclusions: Write'.

PARAMETERS

Name	Type	PipelineByName	Description
Name	String	X	Exclusion name
PatternId	String	X	Indicator of Attack pattern identifier
PatternName	String	X	Indicator of Attack pattern name
ClRegex	String	X	Command line RegEx
IfnRegex	String	X	Image Filename RegEx
GroupId	Object[]	X	Host group identifier, or leave undefined to apply to all hosts
Description	String	X	Exclusion description
Comment	String	X	Audit log comment

SYNTAX

New-FalconIoaExclusion [-Name] <String> [-PatternId] <String> [-PatternName] <String> [-ClRegex] <String> [-IfnRegex] <String> [[-GroupId] <Object[]>] [[-Description] <String>] [[-Comment] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

SDK Reference

falconpy

createIOAExclusionsV1

USAGE

2022-10-21: PSFalcon v2.2.3

Using PSFalcon
Commands by Permission
Other Commands
Examples
- Code Examples
- Samples
CrowdStrike SDKs
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust

Provide feedback

Saved searches

Use saved searches to filter your results more quickly