Invoke FalconIncidentAction - CrowdStrike/psfalcon GitHub Wiki
Perform actions on incidents
Requires 'Incidents: Write'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Name | String | Action to perform |
add_tagdelete_tagunassignupdate_descriptionupdate_nameupdate_statusupdate_assigned_to_v2
|
||||
| Value | String | Value for the chosen action | |||||
| Action | Hashtable[] | One or more hashtables defining multiple name/value pairs | |||||
| UpdateDetects | Boolean | Update status of related 'new' detections | |||||
| OverwriteDetects | Boolean | Replace existing status for related detections | |||||
| Id | String[] | Incident identifier | X | X |
Invoke-FalconIncidentAction [-Name] <String> [[-Value] <String>] [[-UpdateDetects] <Boolean>] [[-OverwriteDetects] <Boolean>] [-Id] <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-FalconIncidentAction [-Action] <Hashtable[]> [[-UpdateDetects] <Boolean>] [[-OverwriteDetects] <Boolean>] [-Id] <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]POST /incidents/entities/incident-actions/v1
Invoke-FalconIncidentAction -Name update_status -Value in_progress -Id <id>, <id>Invoke-FalconIncidentAction -Name update_status -Value in_progress -Id <id>, <id> -UpdateDetects $true -OverwriteDetects $true2024-09-03: PSFalcon v2.2.7
