Invoke FalconPreventionPolicyAction - CrowdStrike/psfalcon GitHub Wiki

Invoke-FalconPreventionPolicyAction

SYNOPSIS

Perform actions on Prevention policies

DESCRIPTION

Requires 'Prevention Policies: Write'.

PARAMETERS

Name Type Description Min Max Allowed Pipeline PipelineByName
Name String Action to perform add-host-group
add-rule-group
disable
enable
remove-host-group
remove-rule-group
GroupId String Host or rule group identifier
Id String Policy identifier X X

SYNTAX

Invoke-FalconPreventionPolicyAction [-Name] <String> [[-GroupId] <String>] [-Id] <String> [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

POST /policy/entities/prevention-actions/v1

falconpy

performPreventionPoliciesAction

USAGE

Assign host groups to policies

Invoke-FalconPreventionPolicyAction -Name add-host-group -Id <policy_id> -GroupId <host_group_id>
Get-FalconPreventionPolicy -Filter "name:'my_policy'" | Invoke-FalconPreventionPolicyAction -Name add-host-group -GroupId <host_group_id>

2023-04-25: PSFalcon v2.2.5

⚠️ **GitHub.com Fallback** ⚠️