New FalconReconAction - CrowdStrike/psfalcon GitHub Wiki
Create Falcon Intelligence Recon monitoring rule actions
Requires 'Monitoring rules (Falcon Intelligence Recon): Write'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| RuleId | String | Monitoring rule identifier | X | ||||
| Type | String | Notification type | email |
X | |||
| Frequency | String | Notification frequency |
asapdailyweekly
|
X | |||
| Recipient | String[] | Notification recipient | X | ||||
| ContentFormat | String | Email format |
standardenhanced
|
X | |||
| TriggerMatchless | Boolean | Send email when no matches are found | X |
New-FalconReconAction [-RuleId] <String> [-Type] <String> [-Frequency] <String> [-Recipient] <String[]> [[-ContentFormat] <String>] [[-TriggerMatchless] <Boolean>] [-WhatIf] [-Confirm] [<CommonParameters>]POST /recon/entities/actions/v1
New-FalconReconAction -RuleId <rule_id> -Type email -Frequency daily -Recipients user@example.com2023-04-25: PSFalcon v2.2.5
