-
Notifications
You must be signed in to change notification settings - Fork 71
Test FalconIoaRule
bk-cs edited this page Apr 28, 2023
·
18 revisions
Validate fields and patterns of a custom Indicator of Attack rule
Requires 'Custom IOA rules: Write'.
Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
---|---|---|---|---|---|---|---|
Field | Object[] | An array of rule properties | X |
Test-FalconIoaRule [-Field] <Object[]> [-WhatIf] [-Confirm] [<CommonParameters>]
POST /ioarules/entities/rules/validate/v1
$Field = @(
@{
label = 'Grandparent Image Filename'
name = 'GrandparentImageFilename'
type = 'excludable'
values = @(
@{
label = 'include'
value = '.+attacker.exe'
}
)
}
)
Test-FalconIoaRule -Field $Field
2023-04-25: PSFalcon v2.2.5
- Using PSFalcon
-
Commands and Permissions
- Configuration Import/Export
- Container Security
- Detection and Prevention Policies
- Discover for Cloud and Containers
- Discover
- Event Streams
- Falcon Complete Dashboards
- Falcon Complete Message Center
- Falcon Data Replicator
- Falcon Intelligence
- Falcon Intelligence Recon
- Falcon OverWatch Dashboards
- Falcon Sandbox
- FileVantage
- Firewall Management
- Flight Control
- Horizon
- Host and Host Group Management
- Identity Protection
- Image Assessment
- Incident and Detection Monitoring
- Installation Tokens
- Kubernetes Protection
- MalQuery
- Mobile Host Enrollment
- On-Demand Scanning
- Quarantine
- Real-time Response
- Real-time Response Policy
- Scheduled Reports and Searches
- Sensor Download
- Sensor Update Policy
- Spotlight
- Tailored Intelligence
- Third-party ingestion
- USB Device Control Policy
- Users and Roles
- Zero Trust Assessment
- Examples
-
CrowdStrike SDKs
- PSFalcon - PowerShell
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust