Invoke FalconQuarantineAction - CrowdStrike/psfalcon GitHub Wiki
Perform actions on quarantined files
Requires 'Quarantined Files: Write'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Action | String | Action to perform |
releaseunreleasedelete
|
||||
| Filter | String | Falcon Query Language statement | |||||
| Query | String | Match phrase prefix | |||||
| Comment | String | Audit log comment | |||||
| Id | String[] | Quarantined file identifier | X | X |
Invoke-FalconQuarantineAction [-Action] <String> [[-Comment] <String>] [-Id] <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-FalconQuarantineAction [-Action] <String> -Filter <String> [[-Query] <String>] [[-Comment] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]PATCH /quarantine/entities/quarantined-files/v1
PATCH /quarantine/queries/quarantined-files/v1
UpdateQuarantinedDetectsByIds
UpdateQfByQuery
Invoke-FalconQuarantineAction -Action delete -Id <id>, <id>Invoke-FalconQuarantineAction -Action release -Filter "device.hostname:'EXAMPLE-PC'"See Test-FalconQuarantineAction.
2023-04-25: PSFalcon v2.2.5
