New FalconIoaExclusion

New-FalconIoaExclusion

SYNOPSIS

Create an Indicator of Attack exclusion

DESCRIPTION

'ConvertTo-FalconIoaExclusion' can be used to generate the required Indicator of Attack exclusion properties using an existing detection.

Requires 'IOA Exclusions: Write'.

PARAMETERS

Name	Type	Description	PipelineByName
Name	String	Exclusion name	X
PatternId	String	Indicator of Attack pattern identifier	X
PatternName	String	Indicator of Attack pattern name	X
ClRegex	String	Command line RegEx	X
IfnRegex	String	Image Filename RegEx	X
GroupId	Object[]	Host group identifier, or leave undefined to apply to all hosts	X
Description	String	Exclusion description	X
Comment	String	Audit log comment	X

SYNTAX

New-FalconIoaExclusion [-Name] <String> [-PatternId] <String> [-PatternName] <String> [-ClRegex] <String> [-IfnRegex] <String> [[-GroupId] <Object[]>] [[-Description] <String>] [[-Comment] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

POST /policy/entities/ioa-exclusions/v1

falconpy

createIOAExclusionsV1

USAGE

2023-04-25: PSFalcon v2.2.5

Using PSFalcon
Commands and Permissions
Examples
- Code Examples
- Samples
CrowdStrike SDKs
- PSFalcon - PowerShell
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust

Provide feedback

Saved searches

Use saved searches to filter your results more quickly