Remove FalconIoaRule - CrowdStrike/psfalcon GitHub Wiki

Remove-FalconIoaRule

SYNOPSIS

Remove custom Indicator of Attack rules from rule groups

DESCRIPTION

Requires 'Custom IOA rules: Write'.

PARAMETERS

Name Type Description Min Max Allowed Pipeline PipelineByName
Comment String Audit log comment
RuleGroupId String Rule group identifier X
Id String[] Rule identifier X

SYNTAX

Remove-FalconIoaRule [[-Comment] <String>] [-RuleGroupId] <String> [-Id] <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

DELETE /ioarules/entities/rules/v1

falconpy

delete_rules

USAGE

Delete custom IOA rules

Remove-FalconIoaRule -RulegroupId <id> -Id <id>, <id>

2023-04-25: PSFalcon v2.2.5

⚠️ **GitHub.com Fallback** ⚠️