Edit-FalconDetection

SYNOPSIS

Modify detections

DESCRIPTION

Requires 'Detections: Write'.

PARAMETERS

Name	Type	Description	Allowed	Pipeline	PipelineByName
Comment	String	Detection comment
ShowInUi	Boolean	Visible within the Falcon UI [default: $true]
Status	String	Detection status	`new` `in_progress` `true_positive` `false_positive` `closed` `reopened`		X
AssignedToUuid	String	User identifier for assignment			X
Id	String[]	Detection identifier		X	X

SYNTAX

Edit-FalconDetection [[-Comment] <String>] [[-ShowInUi] <Boolean>] [[-Status] <String>] [[-AssignedToUuid] <String>] [-Id] <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

PATCH /detects/entities/detects/v2

falconpy

UpdateDetectsByIdsV2

USAGE

NOTE: Edit-FalconDetection will automatically group requests in batches of 1,000 detections (the API limit).

Modify the status of multiple detections

Edit-FalconDetection -Id <id>, <id> -Status new

Hide detections from the UI

WARNING: Hiding detections is not reversible!

Edit-FalconDetection -Id <id>, <id> -ShowInUi $false

See Hide detections involving a specific file.

2023-04-25: PSFalcon v2.2.5

Edit FalconDetection - CrowdStrike/psfalcon GitHub Wiki

Edit-FalconDetection

SYNOPSIS

DESCRIPTION

PARAMETERS

SYNTAX

REFERENCE

Endpoints

falconpy

USAGE

Modify the status of multiple detections

Hide detections from the UI

⚠️ GitHub.com Fallback ⚠️

Edit FalconDetection - CrowdStrike/psfalcon GitHub Wiki

Edit-FalconDetection

SYNOPSIS

DESCRIPTION

PARAMETERS

SYNTAX

REFERENCE

Endpoints

falconpy

USAGE

Modify the status of multiple detections

Hide detections from the UI

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️