Remove FalconIoc - CrowdStrike/psfalcon GitHub Wiki
Remove custom indicators
Requires 'IOC Manager APIs: Write'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Filter | String | Falcon Query Language expression to find indicators for removal | |||||
| Comment | String | Audit log comment | |||||
| FromParent | Boolean | Inheritance from parent CID | |||||
| Id | String[] | Indicator identifier | X | X |
Remove-FalconIoc [[-Comment] <String>] [[-FromParent] <Boolean>] [[-Id] <String[]>] [-WhatIf] [-Confirm] [<CommonParameters>]Remove-FalconIoc -Filter <String> [[-Comment] <String>] [[-FromParent] <Boolean>] [-WhatIf] [-Confirm] [<CommonParameters>]DELETE /iocs/entities/indicators/v1
Remove-FalconIoc -Id <id>, <id>2023-04-25: PSFalcon v2.2.5
