New FalconMlExclusion - CrowdStrike/psfalcon GitHub Wiki
Create a Machine Learning exclusion
'ConvertTo-FalconMlExclusion' can be used to generate the required Machine Learning exclusion properties using an existing detection.
Requires 'Machine Learning Exclusions: Write'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Value | String | RegEx pattern value | X | ||||
| ExcludedFrom | String[] | Actions to exclude |
blockingextraction
|
X | |||
| GroupId | Object[] | Host group identifier or 'all' to apply to all hosts | X | ||||
| Comment | String | Audit log comment | X |
New-FalconMlExclusion [-Value] <String> [-ExcludedFrom] <String[]> [-GroupId] <Object[]> [[-Comment] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]POST /policy/entities/ml-exclusions/v1
New-FalconMlExclusion -Value '/foo' -ExcludedFrom blocking, extraction -GroupId all -Comment 'creating foo'2023-04-25: PSFalcon v2.2.5
