Invoke FalconIncidentAction

Invoke-FalconIncidentAction

SYNOPSIS

Perform actions on incidents

DESCRIPTION

Requires 'Incidents: Write'.

PARAMETERS

Name	Type	Description	Allowed	Pipeline	PipelineByName
Name	String	Action to perform	`add_tag` `delete_tag` `unassign` `update_description` `update_name` `update_status` `update_assigned_to_v2`
Value	String	Value for the chosen action
Action	Hashtable[]	One or more hashtables defining multiple name/value pairs
UpdateDetects	Boolean	Update status of related 'new' detections
OverwriteDetects	Boolean	Replace existing status for related detections
Id	String[]	Incident identifier		X	X

SYNTAX

Invoke-FalconIncidentAction [-Name] <String> [[-Value] <String>] [[-UpdateDetects] <Boolean>] [[-OverwriteDetects] <Boolean>] [-Id] <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]

Invoke-FalconIncidentAction [-Action] <Hashtable[]> [[-UpdateDetects] <Boolean>] [[-OverwriteDetects] <Boolean>] [-Id] <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]

REFERENCE

Endpoints

POST /incidents/entities/incident-actions/v1

falconpy

PerformIncidentAction

USAGE

Update the status of multiple incidents

Invoke-FalconIncidentAction -Name update_status -Value in_progress -Id <id>, <id>

Updating detection statuses to match incidents

Invoke-FalconIncidentAction -Name update_status -Value in_progress -Id <id>, <id> -UpdateDetects $true -OverwriteDetects $true

2024-09-03: PSFalcon v2.2.7

Using PSFalcon
Commands and Permissions
Examples
- Code Examples
- Samples
CrowdStrike SDKs
- PSFalcon - PowerShell
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Invoke FalconIncidentAction

Invoke-FalconIncidentAction

SYNOPSIS

DESCRIPTION

PARAMETERS

SYNTAX

REFERENCE

Endpoints

falconpy

USAGE

Update the status of multiple incidents

Updating detection statuses to match incidents

Clone this wiki locally