Invoke-FalconIncidentAction

SYNOPSIS

Perform actions on incidents

DESCRIPTION

Requires 'Incidents: Write'.

PARAMETERS

Name	Type	Description	Allowed	Pipeline	PipelineByName
Name	String	Action to perform	`add_tag` `delete_tag` `unassign` `update_description` `update_name` `update_status` `update_assigned_to_v2`
Value	String	Value for the chosen action
UpdateDetects	Boolean	Update status of related 'new' detections
OverwriteDetects	Boolean	Replace existing status for related detections
Id	String[]	Incident identifier		X	X

SYNTAX

Invoke-FalconIncidentAction [-Name] <String> [-Value] <String> [[-UpdateDetects] <Boolean>] [[-OverwriteDetects] <Boolean>] [-Id] <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

POST /incidents/entities/incident-actions/v1

falconpy

PerformIncidentAction

USAGE

Update the status of multiple incidents

Invoke-FalconIncidentAction -Name update_status -Value in_progress -Id <id>, <id>

Updating detection statuses to match incidents

Invoke-FalconIncidentAction -Name update_status -Value in_progress -Id <id>, <id> -UpdateDetects $true -OverwriteDetects $true

2023-04-25: PSFalcon v2.2.5

Invoke FalconIncidentAction - CrowdStrike/psfalcon GitHub Wiki

Invoke-FalconIncidentAction

SYNOPSIS

DESCRIPTION

PARAMETERS

SYNTAX

REFERENCE

Endpoints

falconpy

USAGE

Update the status of multiple incidents

Updating detection statuses to match incidents

⚠️ GitHub.com Fallback ⚠️

Invoke FalconIncidentAction - CrowdStrike/psfalcon GitHub Wiki

Invoke-FalconIncidentAction

SYNOPSIS

DESCRIPTION

PARAMETERS

SYNTAX

REFERENCE

Endpoints

falconpy

USAGE

Update the status of multiple incidents

Updating detection statuses to match incidents

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️