New FalconIoaGroup - CrowdStrike/psfalcon GitHub Wiki
Create a custom Indicator of Attack rule group
Requires 'Custom IOA rules: Write'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Name | String | Rule group name | X | ||||
| Platform | String | Operating system platform |
windowsmaclinux
|
X | |||
| Description | String | Rule group description | X | ||||
| Comment | String | Audit log comment | X |
New-FalconIoaGroup [-Name] <String> [-Platform] <String> [[-Description] <String>] [[-Comment] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]POST /ioarules/entities/rule-groups/v1
New-FalconIoaGroup -Platform mac -Name newRuleGroup -Description 'My new mac rule group'2023-04-25: PSFalcon v2.2.5
