Test FalconIoaRule - CrowdStrike/psfalcon GitHub Wiki
Validate fields and patterns of a custom Indicator of Attack rule
Requires 'Custom IOA rules: Write'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| Field | Object[] | An array of rule properties | X |
Test-FalconIoaRule [-Field] <Object[]> [-WhatIf] [-Confirm] [<CommonParameters>]POST /ioarules/entities/rules/validate/v1
$Field = @(
@{
label = 'Grandparent Image Filename'
name = 'GrandparentImageFilename'
type = 'excludable'
values = @(
@{
label = 'include'
value = '.+attacker.exe'
}
)
}
)
Test-FalconIoaRule -Field $Field2023-04-25: PSFalcon v2.2.5
