diff --git a/LICENSE b/LICENSE
index 94b040f..271de55 100644
--- a/LICENSE
+++ b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright (c) 2019-2023 Splunk Inc.
+   Copyright (c) 2019-2024 Splunk Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
diff --git a/NOTICE b/NOTICE
index 5e66cc5..35027ba 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1,5 +1,5 @@
 Splunk SOAR CrowdStrike OAuth API
-Copyright (c) 2019-2023 Splunk Inc.
+Copyright (c) 2019-2024 Splunk Inc.
 
 Third-party Software Attributions:
 
diff --git a/README.md b/README.md
index 260e95d..4f79966 100644
--- a/README.md
+++ b/README.md
@@ -2,16 +2,16 @@
 # CrowdStrike OAuth API
 
 Publisher: Splunk  
-Connector Version: 4.1.0  
+Connector Version: 4.2.0  
 Product Vendor: CrowdStrike  
 Product Name: CrowdStrike  
 Product Version Supported (regex): ".\*"  
-Minimum Product Version: 6.1.0  
+Minimum Product Version: 6.1.1  
 
 This app integrates with CrowdStrike OAuth2 authentication standard to implement querying of endpoint security data
 
 [comment]: # " File: README.md"
-[comment]: # "  Copyright (c) 2019-2023 Splunk Inc."
+[comment]: # "  Copyright (c) 2019-2024 Splunk Inc."
 [comment]: # ""
 [comment]: # "  Licensed under Apache 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt)"
 [comment]: # ""
@@ -450,6 +450,16 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION
 [check status](#action-check-status) - To check detonation status of the provided resource id  
 [get device scroll](#action-get-device-scroll) - Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit)  
 [get zta data](#action-get-zta-data) - Get Zero Trust Assessment data for one or more hosts by providing agent IDs (AID)  
+[create ioa rule group](#action-create-ioa-rule-group) - Create an empty IOA Rule Group  
+[update ioa rule group](#action-update-ioa-rule-group) - Modify an existing IOA Rule Group  
+[delete ioa rule group](#action-delete-ioa-rule-group) - Delete an existing IOA Rule Group  
+[list ioa platforms](#action-list-ioa-platforms) - List valid platforms for IOA Rule Groups  
+[list ioa rule groups](#action-list-ioa-rule-groups) - List IOA Rule Groups  
+[list ioa severities](#action-list-ioa-severities) - List valid severity values for IOA rules  
+[list ioa types](#action-list-ioa-types) - List valid types of IOA rules  
+[create ioa rule](#action-create-ioa-rule) - Create a new IOA Rule  
+[update ioa rule](#action-update-ioa-rule) - Update an existing IOA Rule  
+[delete ioa rule](#action-delete-ioa-rule) - Delete an existing IOA Rule  
 
 ## action: 'test connectivity'
 Validate the asset configuration for connectivity. This action logs into the site to check the connection and credentials
@@ -3377,4 +3387,452 @@ action_result.data.\*.system_serial_number | string |  |   VMware-42 2a 23 c9 7f
 action_result.summary | string |  |  
 action_result.message | string |  |   Zero Trust Assessment data fetched successfully 
 summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'create ioa rule group'
+Create an empty IOA Rule Group
+
+Type: **contain**  
+Read only: **False**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**name** |  required  | Name of the new Rule Group | string | 
+**description** |  required  | Longer description for the new Rule Group | string | 
+**platform** |  required  | Platform that this Rule Group applies to | string | 
+**enabled** |  optional  | Enable the new Rule Group immediately upon creation | boolean | 
+**policy_id** |  optional  | Prevention Policy ID to assign the new Rule Group to | string |  `crowdstrike prevention policy id` 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.name | string |  |   my_rule_group 
+action_result.parameter.description | string |  |   Custom rule group 
+action_result.parameter.platform | string |  |   windows  mac  linux 
+action_result.parameter.enabled | boolean |  |   True  False 
+action_result.parameter.policy_id | string |  `crowdstrike prevention policy id`  |   2018f9894359493cb756bfa7dd3357a6 
+action_result.data.\*.errors | string |  |  
+action_result.data.\*.meta.powered_by | string |  |   empower-api 
+action_result.data.\*.meta.query_time | numeric |  |   5.917429897 
+action_result.data.\*.meta.trace_id | string |  |   6b7c63e1-0ebd-4121-90f3-cd53451be245 
+action_result.data.\*.resources.\*.id | string |  `crowdstrike ioa rule group id`  |   3263801f7612424ba923f4e6e4bfe2f2 
+action_result.data.\*.resources.\*.customer_id | string |  `crowdstrike customer id`  |   4061c7ff3b634e22b38274d4b586554r 
+action_result.data.\*.resources.\*.enabled | boolean |  |   True  False 
+action_result.data.\*.resources.\*.name | string |  |   my_rule_group 
+action_result.data.\*.resources.\*.description | string |  |   Custom rule group 
+action_result.data.\*.resources.\*.platform | string |  |   windows  mac  linux 
+action_result.data.\*.resources.\*.deleted | boolean |  |   True  False 
+action_result.data.\*.resources.\*.rule_ids.\* | string |  `crowdstrike ioa rule id`  |   6 
+action_result.data.\*.resources.\*.comment | string |  |   Updated description 
+action_result.data.\*.resources.\*.version | numeric |  |   1 
+action_result.data.\*.resources.\*.created_by | string |  `crowdstrike user id`  |   65f616497d0d40d4b6e7a68389323605 
+action_result.data.\*.resources.\*.created_on | string |  |   2024-01-25T19:17:02.117884262Z 
+action_result.data.\*.resources.\*.modified_by | string |  `crowdstrike user id`  |   65f616497d0d40d4b6e7a68389323605 
+action_result.data.\*.resources.\*.modified_on | string |  |   2024-01-25T19:17:02.117884262Z 
+action_result.data.\*.resources.\*.committed_on | string |  |   0001-01-01T00:00:00Z 
+action_result.data.\*.resources.\*.assigned_policy_ids.\* | string |  `crowdstrike prevention policy id`  |   2018f9894359493cb756bfa7dd3357a6 
+action_result.summary.rule_group_id | string |  |  
+action_result.message | string |  |   Rule Group created successfully 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'update ioa rule group'
+Modify an existing IOA Rule Group
+
+Type: **contain**  
+Read only: **False**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**id** |  required  | Rule Group ID | string |  `crowdstrike ioa rule group id` 
+**version** |  required  | Latest version of this Rule Group | numeric | 
+**name** |  required  | Name of the Rule Group | string | 
+**description** |  required  | Longer description for the Rule Group | string | 
+**enabled** |  optional  | Enable or disable the Rule Group | boolean | 
+**comment** |  required  | Comment for the audit log | string | 
+**assign_policy_id** |  optional  | Prevention Policy ID to assign the Rule Group to | string |  `crowdstrike prevention policy id` 
+**remove_policy_id** |  optional  | Prevention Policy ID to remove the Rule Group from | string |  `crowdstrike prevention policy id` 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.id | string |  `crowdstrike ioa rule group id`  |   3263801f7612424ba923f4e6e4bfe2f2 
+action_result.parameter.version | numeric |  |   1 
+action_result.parameter.name | string |  |   my_rule_group 
+action_result.parameter.description | string |  |   Custom rule group 
+action_result.parameter.enabled | boolean |  |   True  False 
+action_result.parameter.comment | boolean |  |   Updated rule description 
+action_result.parameter.assign_policy_id | string |  `crowdstrike prevention policy id`  |   2018f9894359493cb756bfa7dd3357a6 
+action_result.parameter.remove_policy_id | string |  `crowdstrike prevention policy id`  |   2018f9894359493cb756bfa7dd3357a6 
+action_result.data.\*.errors | string |  |  
+action_result.data.\*.meta.powered_by | string |  |   empower-api 
+action_result.data.\*.meta.query_time | numeric |  |   5.917429897 
+action_result.data.\*.meta.trace_id | string |  |   6b7c63e1-0ebd-4121-90f3-cd53451be245 
+action_result.data.\*.resources.\*.id | string |  `crowdstrike ioa rule group id`  |   3263801f7612424ba923f4e6e4bfe2f2 
+action_result.data.\*.resources.\*.customer_id | string |  `crowdstrike customer id`  |   4061c7ff3b634e22b38274d4b586554r 
+action_result.data.\*.resources.\*.enabled | boolean |  |   True  False 
+action_result.data.\*.resources.\*.name | string |  |   my_rule_group 
+action_result.data.\*.resources.\*.description | string |  |   Custom rule group 
+action_result.data.\*.resources.\*.platform | string |  |   windows  mac  linux 
+action_result.data.\*.resources.\*.deleted | boolean |  |   True  False 
+action_result.data.\*.resources.\*.rule_ids.\* | string |  `crowdstrike ioa rule id`  |   6 
+action_result.data.\*.resources.\*.comment | string |  |   Updated description 
+action_result.data.\*.resources.\*.version | numeric |  |   1 
+action_result.data.\*.resources.\*.created_by | string |  `crowdstrike user id`  |   65f616497d0d40d4b6e7a68389323605 
+action_result.data.\*.resources.\*.created_on | string |  |   2024-01-25T19:17:02.117884262Z 
+action_result.data.\*.resources.\*.modified_by | string |  `crowdstrike user id`  |   65f616497d0d40d4b6e7a68389323605 
+action_result.data.\*.resources.\*.modified_on | string |  |   2024-01-25T19:17:02.117884262Z 
+action_result.data.\*.resources.\*.committed_on | string |  |   0001-01-01T00:00:00Z 
+action_result.data.\*.resources.\*.assigned_policy_ids.\* | string |  `crowdstrike prevention policy id`  |   2018f9894359493cb756bfa7dd3357a6 
+action_result.data.\*.resources.\*.removed_policy_ids.\* | string |  `crowdstrike prevention policy id`  |   2018f9894359493cb756bfa7dd3357a6 
+action_result.summary.rule_group_id | string |  |  
+action_result.message | string |  |   Rule Group updated successfully 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'delete ioa rule group'
+Delete an existing IOA Rule Group
+
+Type: **contain**  
+Read only: **False**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**id** |  required  | Rule Group ID | string |  `crowdstrike ioa rule group id` 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.id | string |  `crowdstrike ioa rule group id`  |   3263801f7612424ba923f4e6e4bfe2f2 
+action_result.data.\*.errors | string |  |  
+action_result.data.\*.meta.powered_by | string |  |   empower-api 
+action_result.data.\*.meta.query_time | numeric |  |   5.917429897 
+action_result.data.\*.meta.trace_id | string |  |   6b7c63e1-0ebd-4121-90f3-cd53451be245 
+action_result.data.\*.meta.writes.resources_affected | numeric |  |   1 
+action_result.summary.resources_affected | string |  |  
+action_result.message | string |  |   Deleted 1 rule groups 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'list ioa platforms'
+List valid platforms for IOA Rule Groups
+
+Type: **investigate**  
+Read only: **True**
+
+#### Action Parameters
+No parameters are required for this action
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.data.\*.errors | string |  |  
+action_result.data.\*.meta.powered_by | string |  |   empower-api 
+action_result.data.\*.meta.query_time | numeric |  |   5.917429897 
+action_result.data.\*.meta.trace_id | string |  |   6b7c63e1-0ebd-4121-90f3-cd53451be245 
+action_result.data.\*.resources.\* | string |  |   windows  mac  linux 
+action_result.summary.result_count | numeric |  |  
+action_result.message | string |  |   Found 3 rule groups 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'list ioa rule groups'
+List IOA Rule Groups
+
+Type: **investigate**  
+Read only: **True**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**fql_query** |  optional  | FQL query to filter rule groups | string | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.fql_query | string |  |   enabled: true + platform: 'mac' 
+action_result.data.\*.errors | string |  |  
+action_result.data.\*.meta.powered_by | string |  |   empower-api 
+action_result.data.\*.meta.query_time | numeric |  |   5.917429897 
+action_result.data.\*.meta.trace_id | string |  |   6b7c63e1-0ebd-4121-90f3-cd53451be245 
+action_result.data.\*.resources.\*.instance_id | string |  `crowdstrike ioa rule id`  |   1 
+action_result.data.\*.resources.\*.customer_id | string |  `crowdstrike customer id`  |   4061c7ff3b634e22b38274d4b586554r 
+action_result.data.\*.resources.\*.ruletype_id | string |  |   5 
+action_result.data.\*.resources.\*.ruletype_name | string |  |   Process Creation 
+action_result.data.\*.resources.\*.comment | string |  |   Created rule 
+action_result.data.\*.resources.\*.enabled | boolean |  |   True  False 
+action_result.data.\*.resources.\*.deleted | boolean |  |   True  False 
+action_result.data.\*.resources.\*.magic_cookie | numeric |  |   2 
+action_result.data.\*.resources.\*.rulegroup_id | string |  `crowdstrike ioa rule group id`  |   83f596d2f8c04f36ad39182311e90e3a 
+action_result.data.\*.resources.\*.version_ids.\* | string |  |   1 
+action_result.data.\*.resources.\*.instance_version | numeric |  |   1 
+action_result.data.\*.resources.\*.name | string |  |   BugRule 
+action_result.data.\*.resources.\*.description | string |  |   Stops the bug 
+action_result.data.\*.resources.\*.pattern_id | string |  |   41005 
+action_result.data.\*.resources.\*.pattern_severity | string |  |   critical 
+action_result.data.\*.resources.\*.action_label | string |  |   Block Execution 
+action_result.data.\*.resources.\*.disposition_id | numeric |  |   30 
+action_result.data.\*.resources.\*.field_values.\*.name | string |  |   GrandparentImageFilename 
+action_result.data.\*.resources.\*.field_values.\*.value | string |  |   (?i).+bug.exe 
+action_result.data.\*.resources.\*.field_values.\*.label | string |  |   Grandparent Image Filename 
+action_result.data.\*.resources.\*.field_values.\*.type | string |  |   excludable 
+action_result.data.\*.resources.\*.field_values.\*.values.\*.label | string |  |   include 
+action_result.data.\*.resources.\*.field_values.\*.values.\*.value | string |  |   .+bug.exe 
+action_result.data.\*.resources.\*.field_values.\*.final_value | string |  |   (?i).+bug.exe 
+action_result.summary.result_count | numeric |  |  
+action_result.message | string |  |   Found 3 rule groups 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'list ioa severities'
+List valid severity values for IOA rules
+
+Type: **investigate**  
+Read only: **True**
+
+#### Action Parameters
+No parameters are required for this action
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.data.\*.errors | string |  |  
+action_result.data.\*.meta.powered_by | string |  |   empower-api 
+action_result.data.\*.meta.query_time | numeric |  |   5.917429897 
+action_result.data.\*.meta.trace_id | string |  |   6b7c63e1-0ebd-4121-90f3-cd53451be245 
+action_result.data.\*.resources.\* | string |  |   informational  low  medium  high  critical 
+action_result.summary.result_count | numeric |  |  
+action_result.message | string |  |   Found 3 supported platforms 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'list ioa types'
+List valid types of IOA rules
+
+Type: **investigate**  
+Read only: **True**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**platform** |  optional  | Show only IOA types supported by the given platform | string | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.platform | string |  |   mac  linux  windows 
+action_result.data.\*.errors | string |  |  
+action_result.data.\*.meta.powered_by | string |  |   empower-api 
+action_result.data.\*.meta.query_time | numeric |  |   5.917429897 
+action_result.data.\*.meta.trace_id | string |  |   6b7c63e1-0ebd-4121-90f3-cd53451be245 
+action_result.data.\*.resources.\*.id | string |  |   1 
+action_result.data.\*.resources.\*.name | string |  |   Process Creation 
+action_result.data.\*.resources.\*.channel | numeric |  |   501 
+action_result.data.\*.resources.\*.long_desc | string |  |   Mac basic process custom template. Triggered off of CreateProcessPreventionQueryMac. 
+action_result.data.\*.resources.\*.released | boolean |  |   True  False 
+action_result.data.\*.resources.\*.fields.\*.name | string |  |   GrandparentImageFilename 
+action_result.data.\*.resources.\*.fields.\*.label | string |  |   Grandparent Image Filename 
+action_result.data.\*.resources.\*.fields.\*.type | string |  |   excludable 
+action_result.data.\*.resources.\*.fields.\*.type.\*.label | string |  |   include 
+action_result.data.\*.resources.\*.fields.\*.type.\*.value | string |  |    
+action_result.data.\*.resources.\*.disposition_map.\*.id | numeric |  |   10 
+action_result.data.\*.resources.\*.disposition_map.\*.label | string |  |   Monitor 
+action_result.data.\*.resources.\*.fields_pretty | string |  |   {} 
+action_result.summary.result_count | numeric |  |  
+action_result.message | string |  |   Found 3 rule types 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'create ioa rule'
+Create a new IOA Rule
+
+Type: **contain**  
+Read only: **False**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**rule_group_id** |  required  | Rule Group ID in which to create this rule | string |  `crowdstrike ioa rule group id` 
+**name** |  required  | Rule name | string | 
+**description** |  required  | Rule description | string | 
+**severity** |  required  | Rule severity (run the "list ioa severities" action to find valid severities) | string | 
+**rule_type_id** |  required  | Rule type to create (run the "list ioa types" action to find valid types of rules and their IDs and parameters) | numeric | 
+**disposition_id** |  required  | The action that the rule should take when triggered (valid dispositions can be found in the "list ioa types" output) | numeric | 
+**field_values** |  required  | JSON list of parameters to pass to the new rule (valid fields can be found in the "list ioa types" output) | string | 
+**comment** |  optional  | Comment for the audit log (optional) | string | 
+**enabled** |  optional  | Enable this rule immediately | boolean | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.rule_group_id | string |  `crowdstrike ioa rule group id`  |   83f596d2f8c04f36ad39182311e90e3a 
+action_result.parameter.name | string |  |   BugRule 
+action_result.parameter.description | string |  |   Stops the bug 
+action_result.parameter.severity | string |  |   critical 
+action_result.parameter.rule_type_id | numeric |  |   5 
+action_result.parameter.disposition_id | numeric |  |   30 
+action_result.parameter.field_values | string |  |   {"label":"Grandparent Image Filename","name":"GrandparentImageFilename","type":"excludable","values":[{"label":"include","value":".+bug.exe"}]}] 
+action_result.parameter.comment | string |  |   Example comment 
+action_result.parameter.enabled | boolean |  |   True  False 
+action_result.data.\*.errors | string |  |  
+action_result.data.\*.meta.powered_by | string |  |   empower-api 
+action_result.data.\*.meta.query_time | numeric |  |   5.917429897 
+action_result.data.\*.meta.trace_id | string |  |   6b7c63e1-0ebd-4121-90f3-cd53451be245 
+action_result.data.\*.resources.\*.instance_id | string |  `crowdstrike ioa rule id`  |   1 
+action_result.data.\*.resources.\*.customer_id | string |  `crowdstrike customer id`  |   4061c7ff3b634e22b38274d4b586554r 
+action_result.data.\*.resources.\*.ruletype_id | string |  |   5 
+action_result.data.\*.resources.\*.ruletype_name | string |  |   Process Creation 
+action_result.data.\*.resources.\*.comment | string |  |   Created rule 
+action_result.data.\*.resources.\*.enabled | boolean |  |   True  False 
+action_result.data.\*.resources.\*.deleted | boolean |  |   True  False 
+action_result.data.\*.resources.\*.magic_cookie | numeric |  |   2 
+action_result.data.\*.resources.\*.rulegroup_id | string |  `crowdstrike ioa rule group id`  |   83f596d2f8c04f36ad39182311e90e3a 
+action_result.data.\*.resources.\*.version_ids.\* | string |  |   1 
+action_result.data.\*.resources.\*.instance_version | numeric |  |   1 
+action_result.data.\*.resources.\*.name | string |  |   BugRule 
+action_result.data.\*.resources.\*.description | string |  |   Stops the bug 
+action_result.data.\*.resources.\*.pattern_id | string |  |   41005 
+action_result.data.\*.resources.\*.pattern_severity | string |  |   critical 
+action_result.data.\*.resources.\*.action_label | string |  |   Block Execution 
+action_result.data.\*.resources.\*.disposition_id | numeric |  |   30 
+action_result.data.\*.resources.\*.field_values.\*.name | string |  |   GrandparentImageFilename 
+action_result.data.\*.resources.\*.field_values.\*.value | string |  |   (?i).+bug.exe 
+action_result.data.\*.resources.\*.field_values.\*.label | string |  |   Grandparent Image Filename 
+action_result.data.\*.resources.\*.field_values.\*.type | string |  |   excludable 
+action_result.data.\*.resources.\*.field_values.\*.values.\*.label | string |  |   include 
+action_result.data.\*.resources.\*.field_values.\*.values.\*.value | string |  |   .+bug.exe 
+action_result.data.\*.resources.\*.field_values.\*.final_value | string |  |   (?i).+bug.exe 
+action_result.summary.rule_group_id | string |  `crowdstrike ioa rule group id`  |   83f596d2f8c04f36ad39182311e90e3a 
+action_result.summary.rule_id | string |  `crowdstrike ioa rule id`  |   1 
+action_result.message | string |  |   Rule created successfully 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'update ioa rule'
+Update an existing IOA Rule
+
+Type: **contain**  
+Read only: **False**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**rule_group_id** |  required  | Rule Group ID containing the rule | string |  `crowdstrike ioa rule group id` 
+**rule_group_version** |  required  | Latest version of Rule Group | numeric | 
+**rule_id** |  required  | Rule ID to update | string |  `crowdstrike ioa rule id` 
+**rule_version** |  required  | Latest version of Rule | numeric | 
+**name** |  required  | Rule name | string | 
+**description** |  required  | Rule description | string | 
+**severity** |  required  | Rule severity (run the "list ioa severities" action to find valid severities) | string | 
+**disposition_id** |  required  | The action that the rule should take when triggered (valid dispositions can be found in the "list ioa types" output) | numeric | 
+**field_values** |  required  | JSON list of parameters to pass to the new rule (valid fields can be found in the "list ioa types" output) | string | 
+**comment** |  optional  | Comment for the audit log (optional) | string | 
+**enabled** |  optional  | Enable this rule | boolean | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.rule_group_id | string |  `crowdstrike ioa rule group id`  |   83f596d2f8c04f36ad39182311e90e3a 
+action_result.parameter.rule_group_version | numeric |  |   2 
+action_result.parameter.rule_id | string |  `crowdstrike ioa rule id`  |   1 
+action_result.parameter.rule_version | numeric |  |   1 
+action_result.parameter.name | string |  |   BugRule 
+action_result.parameter.description | string |  |   Stops the bug 
+action_result.parameter.severity | string |  |   critical 
+action_result.parameter.disposition_id | numeric |  |   30 
+action_result.parameter.field_values | string |  |   {"label":"Grandparent Image Filename","name":"GrandparentImageFilename","type":"excludable","values":[{"label":"include","value":".+bug.exe"}]}] 
+action_result.parameter.comment | string |  |   Example comment 
+action_result.parameter.enabled | boolean |  |   True  False 
+action_result.data.\*.errors | string |  |  
+action_result.data.\*.meta.powered_by | string |  |   empower-api 
+action_result.data.\*.meta.query_time | numeric |  |   5.917429897 
+action_result.data.\*.meta.trace_id | string |  |   6b7c63e1-0ebd-4121-90f3-cd53451be245 
+action_result.data.\*.resources.\*.id | string |  `crowdstrike ioa rule group id`  |   83f596d2f8c04f36ad39182311e90e3a 
+action_result.data.\*.resources.\*.name | string |  |   Bug Rule Group 
+action_result.data.\*.resources.\*.rules.\*.name | string |  |   BugRule 
+action_result.data.\*.resources.\*.rules.\*.comment | string |  |   Updated the thing 
+action_result.data.\*.resources.\*.rules.\*.deleted | boolean |  |   True  False 
+action_result.data.\*.resources.\*.rules.\*.enabled | boolean |  |   True  False 
+action_result.data.\*.resources.\*.rules.\*.created_by | string |  `crowdstrike unique user id`  |   bb777249-c782-4434-b57a-f15ac742926c 
+action_result.data.\*.resources.\*.rules.\*.created_on | string |  `date`  |   2021-09-15T09:52:27.651770437Z 
+action_result.data.\*.resources.\*.rules.\*.pattern_id | string |  |   41007 
+action_result.data.\*.resources.\*.rules.\*.customer_id | string |  `crowdstrike customer id`  |   4061c7ff3b634e22b38274d4b586554r 
+action_result.data.\*.resources.\*.rules.\*.description | string |  |   Stops the bug 
+action_result.data.\*.resources.\*.rules.\*.modified_by | string |  `crowdstrike unique user id`  |   bb777249-c782-4434-b57a-f15ac742926c 
+action_result.data.\*.resources.\*.rules.\*.modified_on | string |  `date`  |   2021-09-15T09:52:27.651770437Z 
+action_result.data.\*.resources.\*.rules.\*.ruletype_id | string |  |  
+action_result.data.\*.resource.\*.rules.\*.version_ids.\* | string |  |  
+action_result.data.\*.resource.\*.rules.\*.action_label | string |  |  
+action_result.data.\*.resources.\*.rules.\*.committed_on | string |  `date`  |   2021-09-15T09:52:27.651770437Z 
+action_result.data.\*.resources.\*.rules.\*.field_values.\*.name | string |  |   GrandparentImageFilename 
+action_result.data.\*.resources.\*.rules.\*.field_values.\*.value | string |  |   (?i).+bug.exe 
+action_result.data.\*.resources.\*.rules.\*.field_values.\*.label | string |  |   Grandparent Image Filename 
+action_result.data.\*.resources.\*.rules.\*.field_values.\*.type | string |  |   excludable 
+action_result.data.\*.resources.\*.rules.\*.field_values.\*.values.\*.label | string |  |   include 
+action_result.data.\*.resources.\*.rules.\*.field_values.\*.values.\*.value | string |  |   .+bug.exe 
+action_result.data.\*.resources.\*.rules.\*.field_values.\*.final_value | string |  |   (?i).+bug.exe 
+action_result.data.\*.resources.\*.rules.\*.magic_cookie | numeric |  |   6 
+action_result.data.\*.resources.\*.rules.\*.rulegroup_id | string |  `crowdstrike ioa rule group id`  |    
+action_result.data.\*.resources.\*.rules.\*.ruletype_name | string |  |   Process Creation 
+action_result.data.\*.resources.\*.rules.\*.disposition_id | numeric |  |   10 
+action_result.data.\*.resources.\*.rules.\*.instance_version | numeric |  |   3 
+action_result.data.\*.resources.\*.rules.\*.pattern_severity | string |  |   medium 
+action_result.data.\*.resources.\*.comment | string |  |   Created rule 
+action_result.data.\*.resources.\*.enabled | boolean |  |   True  False 
+action_result.data.\*.resources.\*.deleted | boolean |  |   True  False 
+action_result.data.\*.resources.\*.version | numeric |  |   2 
+action_result.data.\*.resources.\*.platform | string |  |   mac  windows  linux 
+action_result.data.\*.resources.\*.rule_ids.\* | string |  `crowdstrike ioa rule id`  |   1 
+action_result.data.\*.resources.\*.created_by | string |  `crowdstrike unique user id`  |   bb777249-c782-4434-b57a-f15ac742926c 
+action_result.data.\*.resources.\*.created_on | string |  `date`  |   2021-09-15T09:52:27.651770437Z 
+action_result.data.\*.resources.\*.customer_id | string |  `crowdstrike customer id`  |   4061c7ff3b634e22b38274d4b586554r 
+action_result.data.\*.resources.\*.description | string |  |   Stops the bug 
+action_result.data.\*.resources.\*.modified_by | string |  `crowdstrike unique user id`  |   bb777249-c782-4434-b57a-f15ac742926c 
+action_result.data.\*.resources.\*.modified_on | string |  `date`  |   2021-09-15T09:52:27.651770437Z 
+action_result.data.\*.resources.\*.committed_on | string |  `date`  |   2021-09-15T09:52:27.651770437Z 
+action_result.summary.rule_group_id | string |  `crowdstrike ioa rule group id`  |   83f596d2f8c04f36ad39182311e90e3a 
+action_result.summary.rule_group_version | numeric |  |   1 
+action_result.summary.rule_id | string |  `crowdstrike ioa rule id`  |   1 
+action_result.summary.rule_version | numeric |  |   1 
+action_result.message | string |  |   Rule updated successfully 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'delete ioa rule'
+Delete an existing IOA Rule
+
+Type: **contain**  
+Read only: **False**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**rule_group_id** |  required  | Rule Group ID containing the rule | string |  `crowdstrike ioa rule group id` 
+**rule_id** |  required  | Rule ID to delete | string |  `crowdstrike ioa rule id` 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.rule_group_id | string |  `crowdstrike ioa rule group id`  |   83f596d2f8c04f36ad39182311e90e3a 
+action_result.parameter.rule_id | string |  `crowdstrike ioa rule id`  |   1 
+action_result.data.\*.errors | string |  |  
+action_result.data.\*.meta.powered_by | string |  |   empower-api 
+action_result.data.\*.meta.query_time | numeric |  |   5.917429897 
+action_result.data.\*.meta.trace_id | string |  |   6b7c63e1-0ebd-4121-90f3-cd53451be245 
+action_result.summary.resources_affected | string |  |  
+action_result.message | string |  |   Rule deleted successfully 
+summary.total_objects | numeric |  |   1 
 summary.total_objects_successful | numeric |  |   1 
\ No newline at end of file
diff --git a/__init__.py b/__init__.py
index 44bae34..a21cc51 100644
--- a/__init__.py
+++ b/__init__.py
@@ -1,6 +1,6 @@
 # File: __init__.py
 #
-# Copyright (c) 2019-2023 Splunk Inc.
+# Copyright (c) 2019-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
diff --git a/crowdstrike_assign_hosts.html b/crowdstrike_assign_hosts.html
index 823d87a..ac78627 100644
--- a/crowdstrike_assign_hosts.html
+++ b/crowdstrike_assign_hosts.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_assign_hosts.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_command_output.html b/crowdstrike_command_output.html
index 223aece..e3d59cf 100644
--- a/crowdstrike_command_output.html
+++ b/crowdstrike_command_output.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_command_output.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_create_ioa_rule.html b/crowdstrike_create_ioa_rule.html
new file mode 100644
index 0000000..67f2153
--- /dev/null
+++ b/crowdstrike_create_ioa_rule.html
@@ -0,0 +1,189 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%; background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %} <!-- Main Start Block -->
+
+<!-- File: crowdstrike_create_ioa_rule.html
+  Copyright (c) 2019-2024 Splunk Inc.
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software distributed under
+  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+  either express or implied. See the License for the specific language governing permissions
+  and limitations under the License.
+-->
+
+<style>
+
+
+    .crowdstrike a:hover {
+        text-decoration:underline;
+    }
+
+
+    .crowdstrike .wf-table-vertical {
+    width: initial;
+    font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-vertical td{
+    padding: 8px 10px;
+    border: 1px solid;
+    }
+
+    .crowdstrike .wf-table-vertical tr td:first-child {
+    font-weight: bold;
+    }
+
+    .crowdstrike .wf-table-horizontal {
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .crowdstrike .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .crowdstrike .wf-h3-style {
+        font-size : 20px
+    }
+
+    .crowdstrike .wf-h4-style {
+        font-size : 16px
+    }
+
+    .crowdstrike .collapse.in {
+        display: block !important;
+    }
+
+    .crowdstrike .panel-collapse {
+        overflow-x: auto;
+    }
+
+    .crowdstrike .glyphicon.glyphicon-dot:before {
+        content: "\25cf"; font-size: 10px;
+    }
+
+    .crowdstrike a.nowrap {
+        white-space:nowrap;
+    }
+
+</style>
+<div class="crowdstrike" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px"> <!-- Main Div -->
+    {% for result in results %} <!-- loop for each result -->
+    <br>
+
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+
+    {% else %}
+    <h3 class="wf-h3-style">New IOA Rule</h3>
+    <div class="metadata_div">
+        <!--Default View-->
+        <div class="panel-group" id="rule-information">
+            <div class="panel">
+                <div id="default-view-table" class="panel-collapse collapse in">
+                    <table class="wf-table-horizontal datatable">
+                        <thead>
+                            <tr>
+                                <th>Rule Group ID</th>
+                                <th>Rule Group Version</th>
+                                <th>Rule ID</th>
+                                <th>Rule Version</th>
+                                <th>Enabled</th>
+                                <th>Name</th>
+                                <th>Description</th>
+                                <th>Severity</th>
+                                <th>Rule Type</th>
+                                <th>Disposition</th>
+                                <th>Field Values</th>
+                                <th>Comment</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            {% for rule_group in result.data %}
+                                {% for resource in rule_group.resources %}
+                                    <tr>
+                                        <td>
+                                            <a href="javascript:;"
+                                            onclick="context_menu(this, [{'contains': ['crowdstrike ioa rule group id'], 'value': '{{ resource.rulegroup_id }}' }], 0, {{ container.id }}, null, false);">
+                                                {{ resource.rulegroup_id }}
+                                                &nbsp;
+                                                <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                            </a>
+                                        </td>
+                                        <td>{{ resource.magic_cookie }}</td>
+                                        <td>
+                                            <a href="javascript:;"
+                                            onclick="context_menu(this, [{'contains': ['crowdstrike ioa rule id'], 'value': '{{ resource.instance_id }}' }], 0, {{ container.id }}, null, false);">
+                                                {{ resource.instance_id }}
+                                                &nbsp;
+                                                <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                            </a>
+                                        </td>
+                                        <td>{{ resource.instance_version }}
+                                        <td>{{ resource.enabled }}</td>
+                                        <td>{{ resource.name }}</td>
+                                        <td>{{ resource.description }}</td>
+                                        <td>{{ resource.pattern_severity }}</td>
+                                        <td>{{ resource.ruletype_name }}</td>
+                                        <td>{{ resource.action_label }}</td>
+                                        <td>{{ resource.field_values }}</td>
+                                        <td>{{ resource.comment }}</td>
+                                    </tr>
+                                {% endfor %}
+                            {% endfor %}
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+    <br>
+    {% endif %}
+    {% endfor %} <!-- loop for each result end -->
+</div> <!-- Main Div -->
+
+
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": false,
+        "bLengthChange": false,
+        "language": {
+            "paginate": {
+                "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+                "next": "<i class='fa fa-angle-right fa-lg'></i>"
+            }
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+            var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+            pagination.toggle(this.api().page.info().pages > 1);
+        }
+    });
+    $.fn.DataTable.ext.pager.numbers_length = 5;
+    $('.datatable').DataTable();
+</script>
+{% endblock %} <!-- Main Start Block -->
diff --git a/crowdstrike_create_ioa_rule_group.html b/crowdstrike_create_ioa_rule_group.html
new file mode 100644
index 0000000..0410c56
--- /dev/null
+++ b/crowdstrike_create_ioa_rule_group.html
@@ -0,0 +1,216 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%; background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %} <!-- Main Start Block -->
+
+<!-- File: crowdstrike_create_ioa_rule_group.html
+  Copyright (c) 2019-2024 Splunk Inc.
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software distributed under
+  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+  either express or implied. See the License for the specific language governing permissions
+  and limitations under the License.
+-->
+
+<style>
+
+
+    .crowdstrike a:hover {
+        text-decoration:underline;
+    }
+
+
+    .crowdstrike .wf-table-vertical {
+    width: initial;
+    font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-vertical td{
+    padding: 8px 10px;
+    border: 1px solid;
+    }
+
+    .crowdstrike .wf-table-vertical tr td:first-child {
+    font-weight: bold;
+    }
+
+    .crowdstrike .wf-table-horizontal {
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .crowdstrike .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .crowdstrike .wf-h3-style {
+        font-size : 20px
+    }
+
+    .crowdstrike .wf-h4-style {
+        font-size : 16px
+    }
+
+    .crowdstrike .collapse.in {
+        display: block !important;
+    }
+
+    .crowdstrike .panel-collapse {
+        overflow-x: auto;
+    }
+
+    .crowdstrike .glyphicon.glyphicon-dot:before {
+        content: "\25cf"; font-size: 10px;
+    }
+
+    .crowdstrike a.nowrap {
+        white-space:nowrap;
+    }
+
+</style>
+<div class="crowdstrike" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px"> <!-- Main Div -->
+    {% for result in results %} <!-- loop for each result -->
+    <br>
+
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+
+    {% else %}
+    <h3 class="wf-h3-style">New Rule Group</h3>
+    <div class="metadata_div">
+        <!--Default View-->
+        <div class="panel-group" id="rule-group-information">
+            <div class="panel">
+                <div id="default-view-table" class="panel-collapse collapse in">
+                    <table class="wf-table-horizontal datatable">
+                        <thead>
+                            <tr>
+                                <th>Rule Group ID</th>
+                                <th>Version</th>
+                                <th>Enabled</th>
+                                <th>Name</th>
+                                <th>Description</th>
+                                <th>Platform</th>
+                                <th>Comment</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            {% for rule_group in result.data %}
+                                {% for resource in rule_group.resources %}
+                                    <tr>
+                                        <td>
+                                            <a href="javascript:;"
+                                            onclick="context_menu(this, [{'contains': ['crowdstrike ioa rule group id'], 'value': '{{ resource.id }}' }], 0, {{ container.id }}, null, false);">
+                                                {{ resource.id }}
+                                                &nbsp;
+                                                <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                            </a>
+                                        </td>
+                                        <td>{{ resource.version }}</td>
+                                        <td>{{ resource.enabled }}</td>
+                                        <td>{{ resource.name }}</td>
+                                        <td>{{ resource.description }}</td>
+                                        <td>{{ resource.platform }}</td>
+                                        <td>{{ resource.comment }}</td>
+                                    </tr>
+                                {% endfor %}
+                            {% endfor %}
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+    <h3 class="wf-h3-style">Prevention Policies Attached</h3>
+    <div class="metadata_div">
+        <!--Default View-->
+        <div class="panel-group" id="rule-group-information">
+            <div class="panel">
+                <div id="default-view-table" class="panel-collapse collapse in">
+                    <table class="wf-table-horizontal datatable">
+                        <thead>
+                            <tr>
+                                <th>Rule Group ID</th>
+                                <th>Prevention Policy ID</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            {% for rule_group in result.data %}
+                                {% for resource in rule_group.resources %}
+                                    {% for policy_id in resource.assigned_policy_ids %}
+                                        <tr>
+                                            <td>
+                                                <a href="javascript:;"
+                                                onclick="context_menu(this, [{'contains': ['crowdstrike ioa rule group id'], 'value': '{{ resource.id }}' }], 0, {{ container.id }}, null, false);">
+                                                    {{ resource.id }}
+                                                    &nbsp;
+                                                    <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                                </a>
+                                            </td>
+                                            <td>
+                                                <a href="javascript:;"
+                                                onclick="context_menu(this, [{'contains': ['crowdstrike prevention policy id'], 'value': '{{ policy_id }}' }], 0, {{ container.id }}, null, false);">
+                                                    {{ policy_id }}
+                                                    &nbsp;
+                                                    <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                                </a>
+                                            </td>
+                                        </tr>
+                                    {% endfor %}
+                                {% endfor %}
+                            {% endfor %}
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+    <br>
+    {% endif %}
+    {% endfor %} <!-- loop for each result end -->
+</div> <!-- Main Div -->
+
+
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": false,
+        "bLengthChange": false,
+        "language": {
+            "paginate": {
+                "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+                "next": "<i class='fa fa-angle-right fa-lg'></i>"
+            }
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+            var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+            pagination.toggle(this.api().page.info().pages > 1);
+        }
+    });
+    $.fn.DataTable.ext.pager.numbers_length = 5;
+    $('.datatable').DataTable();
+</script>
+{% endblock %} <!-- Main Start Block -->
diff --git a/crowdstrike_create_session.html b/crowdstrike_create_session.html
index 397616e..3695dee 100644
--- a/crowdstrike_create_session.html
+++ b/crowdstrike_create_session.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_create_session.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_delete_indicator.html b/crowdstrike_delete_indicator.html
index 2e68714..93a3820 100644
--- a/crowdstrike_delete_indicator.html
+++ b/crowdstrike_delete_indicator.html
@@ -11,7 +11,7 @@
 
 <!--
 File: crowdstrike_delete_indicator.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_delete_ioa_rule.html b/crowdstrike_delete_ioa_rule.html
new file mode 100644
index 0000000..f1a9c0b
--- /dev/null
+++ b/crowdstrike_delete_ioa_rule.html
@@ -0,0 +1,151 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%; background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %} <!-- Main Start Block -->
+
+<!-- File: crowdstrike_delete_ioa_rule.html
+  Copyright (c) 2019-2024 Splunk Inc.
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software distributed under
+  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+  either express or implied. See the License for the specific language governing permissions
+  and limitations under the License.
+-->
+
+<style>
+
+
+    .crowdstrike a:hover {
+        text-decoration:underline;
+    }
+
+
+    .crowdstrike .wf-table-vertical {
+    width: initial;
+    font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-vertical td{
+    padding: 8px 10px;
+    border: 1px solid;
+    }
+
+    .crowdstrike .wf-table-vertical tr td:first-child {
+    font-weight: bold;
+    }
+
+    .crowdstrike .wf-table-horizontal {
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .crowdstrike .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .crowdstrike .wf-h3-style {
+        font-size : 20px
+    }
+
+    .crowdstrike .wf-h4-style {
+        font-size : 16px
+    }
+
+    .crowdstrike .collapse.in {
+        display: block !important;
+    }
+
+    .crowdstrike .panel-collapse {
+        overflow-x: auto;
+    }
+
+    .crowdstrike .glyphicon.glyphicon-dot:before {
+        content: "\25cf"; font-size: 10px;
+    }
+
+    .crowdstrike a.nowrap {
+        white-space:nowrap;
+    }
+
+</style>
+<div class="crowdstrike" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px"> <!-- Main Div -->
+    {% for result in results %} <!-- loop for each result -->
+    <br>
+
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+
+    {% else %}
+    <h3 class="wf-h3-style">Delete Rule</h3>
+    <div class="metadata_div">
+        <!--Default View-->
+        <div class="panel-group" id="rule-information">
+            <div class="panel">
+                <div id="default-view-table" class="panel-collapse collapse in">
+                    <table class="wf-table-horizontal datatable">
+                        <thead>
+                            <tr>
+                                <th>Rules deleted</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            {% for deletion in result.data %}
+                                <tr>
+                                    <td>{{ deletion.meta.writes.resources_affected }}</td>
+                                </tr>
+                            {% endfor %}
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+    <br>
+    {% endif %}
+    {% endfor %} <!-- loop for each result end -->
+</div> <!-- Main Div -->
+
+
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": false,
+        "bLengthChange": false,
+        "language": {
+            "paginate": {
+                "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+                "next": "<i class='fa fa-angle-right fa-lg'></i>"
+            }
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+            var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+            pagination.toggle(this.api().page.info().pages > 1);
+        }
+    });
+    $.fn.DataTable.ext.pager.numbers_length = 5;
+    $('.datatable').DataTable();
+</script>
+{% endblock %} <!-- Main Start Block -->
diff --git a/crowdstrike_delete_ioa_rule_group.html b/crowdstrike_delete_ioa_rule_group.html
new file mode 100644
index 0000000..11716ff
--- /dev/null
+++ b/crowdstrike_delete_ioa_rule_group.html
@@ -0,0 +1,151 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%; background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %} <!-- Main Start Block -->
+
+<!-- File: crowdstrike_delete_ioa_rule_group.html
+  Copyright (c) 2019-2024 Splunk Inc.
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software distributed under
+  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+  either express or implied. See the License for the specific language governing permissions
+  and limitations under the License.
+-->
+
+<style>
+
+
+    .crowdstrike a:hover {
+        text-decoration:underline;
+    }
+
+
+    .crowdstrike .wf-table-vertical {
+    width: initial;
+    font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-vertical td{
+    padding: 8px 10px;
+    border: 1px solid;
+    }
+
+    .crowdstrike .wf-table-vertical tr td:first-child {
+    font-weight: bold;
+    }
+
+    .crowdstrike .wf-table-horizontal {
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .crowdstrike .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .crowdstrike .wf-h3-style {
+        font-size : 20px
+    }
+
+    .crowdstrike .wf-h4-style {
+        font-size : 16px
+    }
+
+    .crowdstrike .collapse.in {
+        display: block !important;
+    }
+
+    .crowdstrike .panel-collapse {
+        overflow-x: auto;
+    }
+
+    .crowdstrike .glyphicon.glyphicon-dot:before {
+        content: "\25cf"; font-size: 10px;
+    }
+
+    .crowdstrike a.nowrap {
+        white-space:nowrap;
+    }
+
+</style>
+<div class="crowdstrike" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px"> <!-- Main Div -->
+    {% for result in results %} <!-- loop for each result -->
+    <br>
+
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+
+    {% else %}
+    <h3 class="wf-h3-style">Delete Rule Group</h3>
+    <div class="metadata_div">
+        <!--Default View-->
+        <div class="panel-group" id="rule-group-information">
+            <div class="panel">
+                <div id="default-view-table" class="panel-collapse collapse in">
+                    <table class="wf-table-horizontal datatable">
+                        <thead>
+                            <tr>
+                                <th>Rule groups deleted</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            {% for deletion in result.data %}
+                                <tr>
+                                    <td>{{ deletion.meta.writes.resources_affected }}</td>
+                                </tr>
+                            {% endfor %}
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+    <br>
+    {% endif %}
+    {% endfor %} <!-- loop for each result end -->
+</div> <!-- Main Div -->
+
+
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": false,
+        "bLengthChange": false,
+        "language": {
+            "paginate": {
+                "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+                "next": "<i class='fa fa-angle-right fa-lg'></i>"
+            }
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+            var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+            pagination.toggle(this.api().page.info().pages > 1);
+        }
+    });
+    $.fn.DataTable.ext.pager.numbers_length = 5;
+    $('.datatable').DataTable();
+</script>
+{% endblock %} <!-- Main Start Block -->
diff --git a/crowdstrike_detonate_file.html b/crowdstrike_detonate_file.html
index 769d78c..5763fd0 100644
--- a/crowdstrike_detonate_file.html
+++ b/crowdstrike_detonate_file.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_detonate_file.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_detonate_url.html b/crowdstrike_detonate_url.html
index 13540df..4ad72db 100644
--- a/crowdstrike_detonate_url.html
+++ b/crowdstrike_detonate_url.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_detonate_url.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_file_reputation.html b/crowdstrike_file_reputation.html
index 0f00051..ccab7ba 100644
--- a/crowdstrike_file_reputation.html
+++ b/crowdstrike_file_reputation.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_file_reputation.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_get_detections_details.html b/crowdstrike_get_detections_details.html
index cabb38f..f58510d 100644
--- a/crowdstrike_get_detections_details.html
+++ b/crowdstrike_get_detections_details.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_get_detections_details.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_get_device_scroll.html b/crowdstrike_get_device_scroll.html
index 2d23070..8641bbe 100644
--- a/crowdstrike_get_device_scroll.html
+++ b/crowdstrike_get_device_scroll.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_get_device_scroll.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_get_indicator.html b/crowdstrike_get_indicator.html
index 709650a..b274bce 100644
--- a/crowdstrike_get_indicator.html
+++ b/crowdstrike_get_indicator.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_get_indicator.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_get_user_roles.html b/crowdstrike_get_user_roles.html
index c837914..f2085dd 100644
--- a/crowdstrike_get_user_roles.html
+++ b/crowdstrike_get_user_roles.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_get_user_roles.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_get_zta_data.html b/crowdstrike_get_zta_data.html
index b57e523..3695948 100644
--- a/crowdstrike_get_zta_data.html
+++ b/crowdstrike_get_zta_data.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_get_zta_data.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_hunt_view.html b/crowdstrike_hunt_view.html
index 8fa6e60..4a80953 100644
--- a/crowdstrike_hunt_view.html
+++ b/crowdstrike_hunt_view.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_hunt_view.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_list_custom_indicators.html b/crowdstrike_list_custom_indicators.html
index 36c1e01..5273a12 100644
--- a/crowdstrike_list_custom_indicators.html
+++ b/crowdstrike_list_custom_indicators.html
@@ -11,7 +11,7 @@
 
 <!--
 File: crowdstrike_list_custom_indicators.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_list_detections.html b/crowdstrike_list_detections.html
index d0192c5..29123ca 100644
--- a/crowdstrike_list_detections.html
+++ b/crowdstrike_list_detections.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_list_detections.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_list_incident_behaviors.html b/crowdstrike_list_incident_behaviors.html
index 912e8f2..3992583 100644
--- a/crowdstrike_list_incident_behaviors.html
+++ b/crowdstrike_list_incident_behaviors.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_list_incident_behaviors.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_list_incidents.html b/crowdstrike_list_incidents.html
index 62b5f15..87d1182 100644
--- a/crowdstrike_list_incidents.html
+++ b/crowdstrike_list_incidents.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_list_incidents.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_list_ioa_platforms.html b/crowdstrike_list_ioa_platforms.html
new file mode 100644
index 0000000..e1a1b6b
--- /dev/null
+++ b/crowdstrike_list_ioa_platforms.html
@@ -0,0 +1,153 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%; background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %} <!-- Main Start Block -->
+
+<!-- File: crowdstrike_list_ioa_platforms.html
+  Copyright (c) 2019-2024 Splunk Inc.
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software distributed under
+  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+  either express or implied. See the License for the specific language governing permissions
+  and limitations under the License.
+-->
+
+<style>
+
+
+    .crowdstrike a:hover {
+        text-decoration:underline;
+    }
+
+
+    .crowdstrike .wf-table-vertical {
+    width: initial;
+    font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-vertical td{
+    padding: 8px 10px;
+    border: 1px solid;
+    }
+
+    .crowdstrike .wf-table-vertical tr td:first-child {
+    font-weight: bold;
+    }
+
+    .crowdstrike .wf-table-horizontal {
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .crowdstrike .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .crowdstrike .wf-h3-style {
+        font-size : 20px
+    }
+
+    .crowdstrike .wf-h4-style {
+        font-size : 16px
+    }
+
+    .crowdstrike .collapse.in {
+        display: block !important;
+    }
+
+    .crowdstrike .panel-collapse {
+        overflow-x: auto;
+    }
+
+    .crowdstrike .glyphicon.glyphicon-dot:before {
+        content: "\25cf"; font-size: 10px;
+    }
+
+    .crowdstrike a.nowrap {
+        white-space:nowrap;
+    }
+
+</style>
+<div class="crowdstrike" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px"> <!-- Main Div -->
+    {% for result in results %} <!-- loop for each result -->
+    <br>
+
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+
+    {% else %}
+    <h3 class="wf-h3-style">Supported Platforms for IOA Rules</h3>
+    <div class="metadata_div">
+        <!--Default View-->
+        <div class="panel-group" id="platform-information">
+            <div class="panel">
+                <div id="default-view-table" class="panel-collapse collapse in">
+                    <table class="wf-table-horizontal datatable">
+                        <thead>
+                            <tr>
+                                <th>Platform</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            {% for platform in result.data %}
+                                {% for platform_name in platform.resources %}
+                                    <tr>
+                                        <td>{{ platform_name }}</td>
+                                    </tr>
+                                {% endfor %}
+                            {% endfor %}
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+    <br>
+    {% endif %}
+    {% endfor %} <!-- loop for each result end -->
+</div> <!-- Main Div -->
+
+
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": false,
+        "bLengthChange": false,
+        "language": {
+            "paginate": {
+                "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+                "next": "<i class='fa fa-angle-right fa-lg'></i>"
+            }
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+            var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+            pagination.toggle(this.api().page.info().pages > 1);
+        }
+    });
+    $.fn.DataTable.ext.pager.numbers_length = 5;
+    $('.datatable').DataTable();
+</script>
+{% endblock %} <!-- Main Start Block -->
diff --git a/crowdstrike_list_ioa_rule_groups.html b/crowdstrike_list_ioa_rule_groups.html
new file mode 100644
index 0000000..582364d
--- /dev/null
+++ b/crowdstrike_list_ioa_rule_groups.html
@@ -0,0 +1,213 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%; background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %} <!-- Main Start Block -->
+
+<!-- File: crowdstrike_list_ioa_rule_groups.html
+  Copyright (c) 2019-2024 Splunk Inc.
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software distributed under
+  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+  either express or implied. See the License for the specific language governing permissions
+  and limitations under the License.
+-->
+
+<style>
+
+
+    .crowdstrike a:hover {
+        text-decoration:underline;
+    }
+
+
+    .crowdstrike .wf-table-vertical {
+    width: initial;
+    font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-vertical td{
+    padding: 8px 10px;
+    border: 1px solid;
+    }
+
+    .crowdstrike .wf-table-vertical tr td:first-child {
+    font-weight: bold;
+    }
+
+    .crowdstrike .wf-table-horizontal {
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .crowdstrike .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .crowdstrike .wf-h3-style {
+        font-size : 20px
+    }
+
+    .crowdstrike .wf-h4-style {
+        font-size : 16px
+    }
+
+    .crowdstrike .collapse.in {
+        display: block !important;
+    }
+
+    .crowdstrike .panel-collapse {
+        overflow-x: auto;
+    }
+
+    .crowdstrike .glyphicon.glyphicon-dot:before {
+        content: "\25cf"; font-size: 10px;
+    }
+
+    .crowdstrike a.nowrap {
+        white-space:nowrap;
+    }
+
+</style>
+<div class="crowdstrike" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px"> <!-- Main Div -->
+    {% for result in results %} <!-- loop for each result -->
+    <br>
+
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+
+    {% else %}
+    <h3 class="wf-h3-style">Rule Groups</h3>
+    <div class="metadata_div">
+        <!--Default View-->
+        <div class="panel-group" id="rule-group-information">
+            {% for rule_group in result.data %}
+                {% for resource in rule_group.resources %}
+                    <div class="panel">
+                        <div id="default-view-table" class="panel-collapse collapse in">
+                            <h1>Rule Group {{ resource.name }}</h1>
+                            <table class="wf-table-horizontal datatable">
+                                <thead>
+                                    <tr>
+                                        <th>Rule Group ID</th>
+                                        <th>Version</th>
+                                        <th>Enabled</th>
+                                        <th>Name</th>
+                                        <th>Description</th>
+                                        <th>Platform</th>
+                                        <th>Comment</th>
+                                    </tr>
+                                </thead>
+                                <tbody>
+                                    <tr>
+                                        <td>
+                                            <a href="javascript:;"
+                                            onclick="context_menu(this, [{'contains': ['crowdstrike ioa rule group id'], 'value': '{{ resource.id }}' }], 0, {{ container.id }}, null, false);">
+                                                {{ resource.id }}
+                                                &nbsp;
+                                                <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                            </a>
+                                        </td>
+                                        <td>{{ resource.version }}</td>
+                                        <td>{{ resource.enabled }}</td>
+                                        <td>{{ resource.name }}</td>
+                                        <td>{{ resource.description }}</td>
+                                        <td>{{ resource.platform }}</td>
+                                        <td>{{ resource.comment }}</td>
+                                    </tr>
+                                </tbody>
+                            </table>
+                            <h2>Rules</h2>
+                            <table class="wf-table-horizontal datatable">
+                                <thead>
+                                    <tr>
+                                        <td>Rule ID</td>
+                                        <td>Rule Version</td>
+                                        <td>Enabled</td>
+                                        <td>Name</td>
+                                        <td>Description</td>
+                                        <td>Rule Type</td>
+                                        <td>Severity</td>
+                                        <td>Action</td>
+                                        <td>Field Values</td>
+                                        <td>Comment</td>
+                                    </tr>
+                                </thead>
+                                <tbody>
+                                    {% for rule in resource.rules %}
+                                        <tr>
+                                            <td>
+                                                <a href="javascript:;"
+                                                onclick="context_menu(this, [{'contains': ['crowdstrike ioa rule id'], 'value': '{{ rule.instance_id }}' }], 0, {{ container.id }}, null, false);">
+                                                    {{ rule.instance_id }}
+                                                    &nbsp;
+                                                    <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                                </a>
+                                            </td>
+                                            <td>{{ rule.instance_version }}</td>
+                                            <td>{{ rule.enabled }}</td>
+                                            <td>{{ rule.name }}</td>
+                                            <td>{{ rule.description }}</td>
+                                            <td>{{ rule.ruletype_name }}</td>
+                                            <td>{{ rule.pattern_severity }}</td>
+                                            <td>{{ rule.action_label }}</td>
+                                            <td>{{ rule.field_values }}</td>
+                                            <td>{{ rule.comment }}</td>
+                                        </tr>
+                                    {% endfor %}
+                                </tbody>
+                            </table>
+                        </div>
+                    </div>
+                    <hr />
+                {% endfor %}
+            {% endfor %}
+        </div>
+    </div>
+    <br>
+    {% endif %}
+    {% endfor %} <!-- loop for each result end -->
+</div> <!-- Main Div -->
+
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": false,
+        "bLengthChange": false,
+        "language": {
+            "paginate": {
+                "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+                "next": "<i class='fa fa-angle-right fa-lg'></i>"
+            }
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+            var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+            pagination.toggle(this.api().page.info().pages > 1);
+        }
+    });
+    $.fn.DataTable.ext.pager.numbers_length = 5;
+    $('.datatable').DataTable();
+</script>
+{% endblock %} <!-- Main Start Block -->
diff --git a/crowdstrike_list_ioa_severities.html b/crowdstrike_list_ioa_severities.html
new file mode 100644
index 0000000..6ca742c
--- /dev/null
+++ b/crowdstrike_list_ioa_severities.html
@@ -0,0 +1,153 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%; background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %} <!-- Main Start Block -->
+
+<!-- File: crowdstrike_list_ioa_severities.html
+  Copyright (c) 2019-2024 Splunk Inc.
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software distributed under
+  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+  either express or implied. See the License for the specific language governing permissions
+  and limitations under the License.
+-->
+
+<style>
+
+
+    .crowdstrike a:hover {
+        text-decoration:underline;
+    }
+
+
+    .crowdstrike .wf-table-vertical {
+    width: initial;
+    font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-vertical td{
+    padding: 8px 10px;
+    border: 1px solid;
+    }
+
+    .crowdstrike .wf-table-vertical tr td:first-child {
+    font-weight: bold;
+    }
+
+    .crowdstrike .wf-table-horizontal {
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .crowdstrike .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .crowdstrike .wf-h3-style {
+        font-size : 20px
+    }
+
+    .crowdstrike .wf-h4-style {
+        font-size : 16px
+    }
+
+    .crowdstrike .collapse.in {
+        display: block !important;
+    }
+
+    .crowdstrike .panel-collapse {
+        overflow-x: auto;
+    }
+
+    .crowdstrike .glyphicon.glyphicon-dot:before {
+        content: "\25cf"; font-size: 10px;
+    }
+
+    .crowdstrike a.nowrap {
+        white-space:nowrap;
+    }
+
+</style>
+<div class="crowdstrike" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px"> <!-- Main Div -->
+    {% for result in results %} <!-- loop for each result -->
+    <br>
+
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+
+    {% else %}
+    <h3 class="wf-h3-style">Valid Severities for IOA Rules</h3>
+    <div class="metadata_div">
+        <!--Default View-->
+        <div class="panel-group" id="severity-information">
+            <div class="panel">
+                <div id="default-view-table" class="panel-collapse collapse in">
+                    <table class="wf-table-horizontal datatable">
+                        <thead>
+                            <tr>
+                                <th>Severity</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            {% for severity in result.data %}
+                                {% for severity_id in severity.resources %}
+                                    <tr>
+                                        <td>{{ severity_id }}</td>
+                                    </tr>
+                                {% endfor %}
+                            {% endfor %}
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+    <br>
+    {% endif %}
+    {% endfor %} <!-- loop for each result end -->
+</div> <!-- Main Div -->
+
+
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": false,
+        "bLengthChange": false,
+        "language": {
+            "paginate": {
+                "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+                "next": "<i class='fa fa-angle-right fa-lg'></i>"
+            }
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+            var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+            pagination.toggle(this.api().page.info().pages > 1);
+        }
+    });
+    $.fn.DataTable.ext.pager.numbers_length = 5;
+    $('.datatable').DataTable();
+</script>
+{% endblock %} <!-- Main Start Block -->
diff --git a/crowdstrike_list_ioa_types.html b/crowdstrike_list_ioa_types.html
new file mode 100644
index 0000000..345348c
--- /dev/null
+++ b/crowdstrike_list_ioa_types.html
@@ -0,0 +1,414 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%; background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %} <!-- Main Start Block -->
+
+<!-- File: crowdstrike_list_ioa_types.html
+  Copyright (c) 2019-2024 Splunk Inc.
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software distributed under
+  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+  either express or implied. See the License for the specific language governing permissions
+  and limitations under the License.
+-->
+
+<style>
+
+
+    .crowdstrike a:hover {
+        text-decoration:underline;
+    }
+
+
+    .crowdstrike .wf-table-vertical {
+    width: initial;
+    font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-vertical td{
+    padding: 8px 10px;
+    border: 1px solid;
+    }
+
+    .crowdstrike .wf-table-vertical tr td:first-child {
+    font-weight: bold;
+    }
+
+    .crowdstrike .wf-table-horizontal {
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .crowdstrike .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .crowdstrike .wf-h3-style {
+        font-size : 20px
+    }
+
+    .crowdstrike .wf-h4-style {
+        font-size : 16px
+    }
+
+    .crowdstrike .collapse.in {
+        display: block !important;
+    }
+
+    .crowdstrike .panel-collapse {
+        overflow-x: auto;
+    }
+
+    .crowdstrike .glyphicon.glyphicon-dot:before {
+        content: "\25cf"; font-size: 10px;
+    }
+
+    .crowdstrike a.nowrap {
+        white-space:nowrap;
+    }
+
+    .crowdstrike .ioa-form-wrapper {
+        display: grid;
+        grid-template-columns: 50% 50%;
+        grid-template-rows: auto;
+    }
+
+    .crowdstrike .ioa-form {
+        max-height: 15em;
+        overflow: auto;
+    }
+
+    .crowdstrike .ioa-json {
+        max-height: 15em;
+        overflow: auto;
+    }
+
+    .crowdstrike .ioa-json pre {
+        color: inherit;
+        user-select: all;
+    }
+
+    .crowdstrike .ioa-spec {
+        display: none;
+    }
+
+</style>
+<div class="crowdstrike" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px"> <!-- Main Div -->
+    {% for result in results %} <!-- loop for each result -->
+    <br>
+
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+
+    {% else %}
+    <h3 class="wf-h3-style">Available IOA Rule Types</h3>
+    <div class="metadata_div">
+        <!--Default View-->
+        <div class="panel-group" id="type-information">
+            {% for type_info in result.data %}
+                {% for type in type_info.resources %}
+                    <div class="panel">
+                        <h4>{{ type.name }}</h4>
+                        <div id="default-view-table" class="panel-collapse collapse in">
+                            <table class="wf-table-horizontal datatable">
+                                <thead>
+                                    <tr>
+                                        <td>Rule Type ID</td>
+                                        <td>Platform</td>
+                                        <td>Description</td>
+                                    </tr>
+                                </thead>
+                                <tbody>
+                                    <tr>
+                                        <td>{{ type.id }}</td>
+                                        <td>{{ type.platform }}</td>
+                                        <td>{{ type.long_desc }}</td>
+                                    </tr>
+                                </tbody>
+                            </table>
+                        </div>
+                        <div id="default-view-table" class="panel-collapse collapse in">
+                            <h4>Valid disposition IDs</h4>
+                            <table class="wf-table-horizontal datatable">
+                                <thead>
+                                    <tr>
+                                        <td>Disposition ID</td>
+                                        <td>Description</td>
+                                    </tr>
+                                </thead>
+                                <tbody>
+                                    {% for disposition in type.disposition_map %}
+                                        <tr>
+                                            <td>{{ disposition.id }}</td>
+                                            <td>{{ disposition.label }}</td>
+                                        </tr>
+                                    {% endfor %}
+                                </tbody>
+                            </table>
+                        </div>
+                        <div id="ioa-builder-{{ type.id }}" class="ioa-builder panel-collapse collapse in">
+                            <h4>Rule Parameters</h4>
+                            <div>
+                                Fill in this form to generate a JSON list of fields.
+                                This list can be pasted into the "field_values" parameter when creating or updating an IOA rule.
+                            </div>
+                            <div class="ioa-spec">{{ type.fields_pretty }}</div>
+                            <div class="ioa-form-wrapper">
+                                <form class="ioa-form"></form>
+                                <div class="ioa-json">
+                                    <h2>JSON Output</h2>
+                                    <pre />
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <hr />
+                {% endfor %}
+            {% endfor %}
+        </div>
+    </div>
+    <br>
+    {% endif %}
+    {% endfor %} <!-- loop for each result end -->
+</div> <!-- Main Div -->
+
+<script>
+    (function() {
+        class Field {
+          constructor(name, label, triggerUpdate) {
+            this.name = name;
+            this.label = label;
+            this.triggerUpdate = triggerUpdate;
+          }
+
+          drawForm() {
+            throw "Base class";
+          }
+
+          toJson() {
+            throw "Base class";
+          }
+        }
+
+        class SetField extends Field {
+          constructor(reference, triggerUpdate) {
+            super(reference.name, reference.label, triggerUpdate);
+
+            this.optionLabels = {};
+            this.optionsEnabled = {};
+            reference.options.forEach((o) => {
+              this.optionLabels[o.value] = o.label;
+              this.optionsEnabled[o.value] = false;
+            });
+          }
+
+          drawForm() {
+            const fieldset = document.createElement("fieldset");
+
+            const heading = document.createElement("h2");
+            heading.textContent = this.label;
+            fieldset.appendChild(heading);
+
+            Object.keys(this.optionLabels).forEach((o) => {
+              const checkbox = document.createElement("input");
+              checkbox.type = "checkbox";
+              checkbox.id = `check-${o}`;
+              checkbox.addEventListener("change", (e) => {
+                this.optionsEnabled[o] = e.target.checked;
+                this.triggerUpdate();
+              });
+              fieldset.appendChild(checkbox);
+
+              const label = document.createElement("label");
+              label.htmlFor = `check-${o}`;
+              label.textContent = `${this.optionLabels[o]} (${o})`;
+              fieldset.appendChild(label);
+
+              fieldset.appendChild(document.createElement("br"));
+            });
+
+            return fieldset;
+          }
+
+          toJson() {
+            const selectedOptions = Object.keys(this.optionLabels)
+              .map((o) => {
+                if (this.optionsEnabled[o]) {
+                  return {
+                    label: this.optionLabels[o],
+                    value: o
+                  };
+                }
+              })
+              .filter((o) => !!o);
+
+            if (selectedOptions.length == 0) {
+              return null;
+            }
+
+            return {
+              name: this.name,
+              label: this.label,
+              values: selectedOptions
+            };
+          }
+        }
+
+        class ExcludableField extends Field {
+          constructor(reference, triggerUpdate) {
+            super(reference.name, reference.label, triggerUpdate);
+            this.include = "";
+            this.exclude = ""
+          }
+
+          drawForm() {
+            const fieldset = document.createElement("fieldset");
+
+            const heading = document.createElement("h2");
+            heading.textContent = this.label;
+            fieldset.appendChild(heading);
+
+            const includeLabel = document.createElement("label");
+            includeLabel.textContent = "Include values matching regex:";
+            includeLabel.htmlFor = `include-${this.name}`;
+            fieldset.appendChild(includeLabel);
+
+            fieldset.appendChild(document.createElement('br'));
+
+            const includeInput = document.createElement("input");
+            includeInput.id = `include-${this.name}`;
+            includeInput.value = this.include;
+            includeInput.addEventListener("input", (e) => {
+              const v = e.target.value;
+              this.include = v;
+              this.triggerUpdate();
+            });
+            fieldset.appendChild(includeInput);
+
+            fieldset.appendChild(document.createElement("br"));
+
+            const excludeLabel = document.createElement("label");
+            excludeLabel.textContent = "Exclude values matching regex:";
+            excludeLabel.htmlFor = `exclude-${this.name}`;
+            fieldset.appendChild(excludeLabel);
+
+            fieldset.appendChild(document.createElement('br'));
+
+            const excludeInput = document.createElement("input");
+            excludeInput.id = `exclude-${this.name}`;
+            excludeInput.value = this.exclude;
+            excludeInput.addEventListener("input", (e) => {
+              const v = e.target.value;
+              this.exclude = v;
+              this.triggerUpdate();
+            });
+            fieldset.appendChild(excludeInput);
+
+            return fieldset;
+          }
+
+          toJson() {
+            if (this.include.length == 0) {
+              return null;
+            }
+
+            let json = {
+              name: this.name,
+              label: this.label,
+              type: "excludable",
+              values: [
+                {
+                  label: "include",
+                  value: this.include
+                }
+              ]
+            };
+            if (this.exclude.length > 0) {
+              json.values.push({
+                label: "exclude",
+                value: this.exclude
+              });
+            }
+            return json;
+          }
+        }
+
+        function setupIoaBuilder(index, container) {
+            const spec = JSON.parse($(container).find('.ioa-spec').text());
+            const form = $(container).find('.ioa-form');
+            const output = $(container).find('.ioa-json>pre');
+
+            const fields = [];
+
+            function updateOutput() {
+                const json = fields.map(f => f.toJson()).filter(f => !!f);
+                output.text(JSON.stringify(json, null, 4));
+            }
+
+            spec.forEach(f => {
+                switch (f.type) {
+                    case 'excludable': {
+                        const element = new ExcludableField(f, updateOutput);
+                        form.append(element.drawForm());
+                        fields.push(element);
+                        break;
+                    }
+                    case 'set': {
+                        const element = new SetField(f, updateOutput);
+                        form.append(element.drawForm());
+                        fields.push(element);
+                        break;
+                    }
+                }
+            });
+
+            updateOutput();
+        }
+
+        $('.ioa-builder').each(setupIoaBuilder);
+    })();
+</script>
+
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": false,
+        "bLengthChange": false,
+        "language": {
+            "paginate": {
+                "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+                "next": "<i class='fa fa-angle-right fa-lg'></i>"
+            }
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+            var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+            pagination.toggle(this.api().page.info().pages > 1);
+        }
+    });
+    $.fn.DataTable.ext.pager.numbers_length = 5;
+    $('.datatable').DataTable();
+</script>
+{% endblock %} <!-- Main Start Block -->
diff --git a/crowdstrike_list_users.html b/crowdstrike_list_users.html
index 7f52f7a..7f94430 100644
--- a/crowdstrike_list_users.html
+++ b/crowdstrike_list_users.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_list_users.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_process_list_view.html b/crowdstrike_process_list_view.html
index ad395fc..f329aae 100644
--- a/crowdstrike_process_list_view.html
+++ b/crowdstrike_process_list_view.html
@@ -12,7 +12,7 @@
 <!-- Main Start Block -->
 
 <!-- File: crowdstrike_process_list_view.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_remove_hosts.html b/crowdstrike_remove_hosts.html
index 63c03bc..3cede4c 100644
--- a/crowdstrike_remove_hosts.html
+++ b/crowdstrike_remove_hosts.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_remove_hosts.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_set_status_view.html b/crowdstrike_set_status_view.html
index 689e4b4..f1a9f03 100644
--- a/crowdstrike_set_status_view.html
+++ b/crowdstrike_set_status_view.html
@@ -11,7 +11,7 @@
 
 <!--
 File: crowdstrike_set_status_view.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_update_indicator.html b/crowdstrike_update_indicator.html
index c2e4c7a..f457ce8 100644
--- a/crowdstrike_update_indicator.html
+++ b/crowdstrike_update_indicator.html
@@ -11,7 +11,7 @@
 
 <!--
 File: crowdstrike_update_indicator.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_update_ioa_rule.html b/crowdstrike_update_ioa_rule.html
new file mode 100644
index 0000000..1e898f5
--- /dev/null
+++ b/crowdstrike_update_ioa_rule.html
@@ -0,0 +1,224 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%; background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %} <!-- Main Start Block -->
+
+<!-- File: crowdstrike_update_ioa_rule.html
+  Copyright (c) 2019-2024 Splunk Inc.
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software distributed under
+  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+  either express or implied. See the License for the specific language governing permissions
+  and limitations under the License.
+-->
+
+<style>
+
+
+    .crowdstrike a:hover {
+        text-decoration:underline;
+    }
+
+
+    .crowdstrike .wf-table-vertical {
+    width: initial;
+    font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-vertical td{
+    padding: 8px 10px;
+    border: 1px solid;
+    }
+
+    .crowdstrike .wf-table-vertical tr td:first-child {
+    font-weight: bold;
+    }
+
+    .crowdstrike .wf-table-horizontal {
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .crowdstrike .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .crowdstrike .wf-h3-style {
+        font-size : 20px
+    }
+
+    .crowdstrike .wf-h4-style {
+        font-size : 16px
+    }
+
+    .crowdstrike .collapse.in {
+        display: block !important;
+    }
+
+    .crowdstrike .panel-collapse {
+        overflow-x: auto;
+    }
+
+    .crowdstrike .glyphicon.glyphicon-dot:before {
+        content: "\25cf"; font-size: 10px;
+    }
+
+    .crowdstrike a.nowrap {
+        white-space:nowrap;
+    }
+
+</style>
+<div class="crowdstrike" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px"> <!-- Main Div -->
+    {% for result in results %} <!-- loop for each result -->
+    <br>
+
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+
+    {% else %}
+    <h3 class="wf-h3-style">Updated Rule</h3>
+    <div class="metadata_div">
+        <!--Default View-->
+        <div class="panel-group" id="rule-group-information">
+            <div class="panel">
+                <div id="default-view-table" class="panel-collapse collapse in">
+                    <table class="wf-table-horizontal datatable">
+                        <thead>
+                            <tr>
+                                <th>Rule Group ID</th>
+                                <th>Version</th>
+                                <th>Enabled</th>
+                                <th>Name</th>
+                                <th>Description</th>
+                                <th>Platform</th>
+                                <th>Comment</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            {% for rule_group in result.data %}
+                                {% for resource in rule_group.resources %}
+                                    <tr>
+                                        <td>
+                                            <a href="javascript:;"
+                                            onclick="context_menu(this, [{'contains': ['crowdstrike ioa rule group id'], 'value': '{{ resource.id }}' }], 0, {{ container.id }}, null, false);">
+                                                {{ resource.id }}
+                                                &nbsp;
+                                                <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                            </a>
+                                        </td>
+                                        <td>{{ resource.version }}</td>
+                                        <td>{{ resource.enabled }}</td>
+                                        <td>{{ resource.name }}</td>
+                                        <td>{{ resource.description }}</td>
+                                        <td>{{ resource.platform }}</td>
+                                        <td>{{ resource.comment }}</td>
+                                    </tr>
+                                {% endfor %}
+                            {% endfor %}
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+    <h3 class="wf-h3-style">Rules</h3>
+    <div class="metadata_div">
+        <div class="panel-group">
+            <div class="panel">
+                <div id="default-view-table" class="panel-collapse collapse in">
+                    {% for rule_group in result.data %}
+                        {% for resource in rule_group.resources %}
+                            <table class="wf-table-horizontal datatable">
+                                <thead>
+                                    <tr>
+                                        <td>Rule ID</td>
+                                        <td>Rule Version</td>
+                                        <td>Enabled</td>
+                                        <td>Name</td>
+                                        <td>Description</td>
+                                        <td>Rule Type</td>
+                                        <td>Severity</td>
+                                        <td>Action</td>
+                                        <td>Field Values</td>
+                                        <td>Comment</td>
+                                    </tr>
+                                </thead>
+                                <tbody>
+                                    {% for rule in resource.rules %}
+                                        <tr>
+                                            <td>
+                                                <a href="javascript:;"
+                                                onclick="context_menu(this, [{'contains': ['crowdstrike ioa rule id'], 'value': '{{ rule.instance_id }}' }], 0, {{ container.id }}, null, false);">
+                                                    {{ rule.instance_id }}
+                                                    &nbsp;
+                                                    <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                                </a>
+                                            </td>
+                                            <td>{{ rule.instance_version }}</td>
+                                            <td>{{ rule.enabled }}</td>
+                                            <td>{{ rule.name }}</td>
+                                            <td>{{ rule.description }}</td>
+                                            <td>{{ rule.ruletype_name }}</td>
+                                            <td>{{ rule.pattern_severity }}</td>
+                                            <td>{{ rule.action_label }}</td>
+                                            <td>{{ rule.field_values }}</td>
+                                            <td>{{ rule.comment }}</td>
+                                        </tr>
+                                    {% endfor %}
+                                </tbody>
+                            </table>
+                        {% endfor %}
+                    {% endfor %}
+                </div>
+            </div>
+        </div>
+    </div>
+    <br>
+    {% endif %}
+    {% endfor %} <!-- loop for each result end -->
+</div> <!-- Main Div -->
+
+
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": false,
+        "bLengthChange": false,
+        "language": {
+            "paginate": {
+                "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+                "next": "<i class='fa fa-angle-right fa-lg'></i>"
+            }
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+            var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+            pagination.toggle(this.api().page.info().pages > 1);
+        }
+    });
+    $.fn.DataTable.ext.pager.numbers_length = 5;
+    $('.datatable').DataTable();
+</script>
+{% endblock %} <!-- Main Start Block -->
diff --git a/crowdstrike_update_ioa_rule_group.html b/crowdstrike_update_ioa_rule_group.html
new file mode 100644
index 0000000..bee461a
--- /dev/null
+++ b/crowdstrike_update_ioa_rule_group.html
@@ -0,0 +1,312 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%; background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %} <!-- Main Start Block -->
+
+<!-- File: crowdstrike_update_ioa_rule_group.html
+  Copyright (c) 2019-2024 Splunk Inc.
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software distributed under
+  the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+  either express or implied. See the License for the specific language governing permissions
+  and limitations under the License.
+-->
+
+<style>
+
+
+    .crowdstrike a:hover {
+        text-decoration:underline;
+    }
+
+
+    .crowdstrike .wf-table-vertical {
+    width: initial;
+    font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-vertical td{
+    padding: 8px 10px;
+    border: 1px solid;
+    }
+
+    .crowdstrike .wf-table-vertical tr td:first-child {
+    font-weight: bold;
+    }
+
+    .crowdstrike .wf-table-horizontal {
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .crowdstrike .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .crowdstrike .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .crowdstrike .wf-h3-style {
+        font-size : 20px
+    }
+
+    .crowdstrike .wf-h4-style {
+        font-size : 16px
+    }
+
+    .crowdstrike .collapse.in {
+        display: block !important;
+    }
+
+    .crowdstrike .panel-collapse {
+        overflow-x: auto;
+    }
+
+    .crowdstrike .glyphicon.glyphicon-dot:before {
+        content: "\25cf"; font-size: 10px;
+    }
+
+    .crowdstrike a.nowrap {
+        white-space:nowrap;
+    }
+
+</style>
+<div class="crowdstrike" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px"> <!-- Main Div -->
+    {% for result in results %} <!-- loop for each result -->
+    <br>
+
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+
+    {% else %}
+    <h3 class="wf-h3-style">Updated Rule Group</h3>
+    <div class="metadata_div">
+        <!--Default View-->
+        <div class="panel-group" id="rule-group-information">
+            <div class="panel">
+                <div id="default-view-table" class="panel-collapse collapse in">
+                    <table class="wf-table-horizontal datatable">
+                        <thead>
+                            <tr>
+                                <th>Rule Group ID</th>
+                                <th>Version</th>
+                                <th>Enabled</th>
+                                <th>Name</th>
+                                <th>Description</th>
+                                <th>Platform</th>
+                                <th>Comment</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            {% for rule_group in result.data %}
+                                {% for resource in rule_group.resources %}
+                                    <tr>
+                                        <td>
+                                            <a href="javascript:;"
+                                            onclick="context_menu(this, [{'contains': ['crowdstrike ioa rule group id'], 'value': '{{ resource.id }}' }], 0, {{ container.id }}, null, false);">
+                                                {{ resource.id }}
+                                                &nbsp;
+                                                <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                            </a>
+                                        </td>
+                                        <td>{{ resource.version }}</td>
+                                        <td>{{ resource.enabled }}</td>
+                                        <td>{{ resource.name }}</td>
+                                        <td>{{ resource.description }}</td>
+                                        <td>{{ resource.platform }}</td>
+                                        <td>{{ resource.comment }}</td>
+                                    </tr>
+                                {% endfor %}
+                            {% endfor %}
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+    <h3 class="wf-h3-style">Rules</h3>
+    <div class="metadata_div">
+        <div class="panel-group">
+            <div class="panel">
+                <div id="default-view-table" class="panel-collapse collapse in">
+                    {% for rule_group in result.data %}
+                        {% for resource in rule_group.resources %}
+                            <table class="wf-table-horizontal datatable">
+                                <thead>
+                                    <tr>
+                                        <td>Rule ID</td>
+                                        <td>Rule Version</td>
+                                        <td>Enabled</td>
+                                        <td>Name</td>
+                                        <td>Description</td>
+                                        <td>Rule Type</td>
+                                        <td>Severity</td>
+                                        <td>Action</td>
+                                        <td>Field Values</td>
+                                        <td>Comment</td>
+                                    </tr>
+                                </thead>
+                                <tbody>
+                                    {% for rule in resource.rules %}
+                                        <tr>
+                                            <td>
+                                                <a href="javascript:;"
+                                                onclick="context_menu(this, [{'contains': ['crowdstrike ioa rule id'], 'value': '{{ rule.instance_id }}' }], 0, {{ container.id }}, null, false);">
+                                                    {{ rule.instance_id }}
+                                                    &nbsp;
+                                                    <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                                </a>
+                                            </td>
+                                            <td>{{ rule.instance_version }}</td>
+                                            <td>{{ rule.enabled }}</td>
+                                            <td>{{ rule.name }}</td>
+                                            <td>{{ rule.description }}</td>
+                                            <td>{{ rule.ruletype_name }}</td>
+                                            <td>{{ rule.pattern_severity }}</td>
+                                            <td>{{ rule.action_label }}</td>
+                                            <td>{{ rule.field_values }}</td>
+                                            <td>{{ rule.comment }}</td>
+                                        </tr>
+                                    {% endfor %}
+                                </tbody>
+                            </table>
+                        {% endfor %}
+                    {% endfor %}
+                </div>
+            </div>
+        </div>
+    </div>
+    <h3 class="wf-h3-style">Prevention Policies Attached</h3>
+    <div class="metadata_div">
+        <!--Default View-->
+        <div class="panel-group" id="rule-group-information">
+            <div class="panel">
+                <div id="default-view-table" class="panel-collapse collapse in">
+                    <table class="wf-table-horizontal datatable">
+                        <thead>
+                            <tr>
+                                <th>Rule Group ID</th>
+                                <th>Prevention Policy ID</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            {% for rule_group in result.data %}
+                                {% for resource in rule_group.resources %}
+                                    {% for policy_id in resource.assigned_policy_ids %}
+                                        <tr>
+                                            <td>
+                                                <a href="javascript:;"
+                                                onclick="context_menu(this, [{'contains': ['crowdstrike ioa rule group id'], 'value': '{{ resource.id }}' }], 0, {{ container.id }}, null, false);">
+                                                    {{ resource.id }}
+                                                    &nbsp;
+                                                    <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                                </a>
+                                            </td>
+                                            <td>
+                                                <a href="javascript:;"
+                                                onclick="context_menu(this, [{'contains': ['crowdstrike prevention policy id'], 'value': '{{ policy_id }}' }], 0, {{ container.id }}, null, false);">
+                                                    {{ policy_id }}
+                                                    &nbsp;
+                                                    <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                                </a>
+                                            </td>
+                                        </tr>
+                                    {% endfor %}
+                                {% endfor %}
+                            {% endfor %}
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+    <h3 class="wf-h3-style">Prevention Policies Removed</h3>
+    <div class="metadata_div">
+        <!--Default View-->
+        <div class="panel-group" id="rule-group-information">
+            <div class="panel">
+                <div id="default-view-table" class="panel-collapse collapse in">
+                    <table class="wf-table-horizontal datatable">
+                        <thead>
+                            <tr>
+                                <th>Rule Group ID</th>
+                                <th>Prevention Policy ID</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            {% for rule_group in result.data %}
+                                {% for resource in rule_group.resources %}
+                                    {% for policy_id in resource.removed_policy_ids %}
+                                        <tr>
+                                            <td>
+                                                <a href="javascript:;"
+                                                onclick="context_menu(this, [{'contains': ['crowdstrike ioa rule group id'], 'value': '{{ resource.id }}' }], 0, {{ container.id }}, null, false);">
+                                                    {{ resource.id }}
+                                                    &nbsp;
+                                                    <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                                </a>
+                                            </td>
+                                            <td>
+                                                <a href="javascript:;"
+                                                onclick="context_menu(this, [{'contains': ['crowdstrike prevention policy id'], 'value': '{{ policy_id }}' }], 0, {{ container.id }}, null, false);">
+                                                    {{ policy_id }}
+                                                    &nbsp;
+                                                    <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                                </a>
+                                            </td>
+                                        </tr>
+                                    {% endfor %}
+                                {% endfor %}
+                            {% endfor %}
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+    <br>
+    {% endif %}
+    {% endfor %} <!-- loop for each result end -->
+</div> <!-- Main Div -->
+
+
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": false,
+        "bLengthChange": false,
+        "language": {
+            "paginate": {
+                "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+                "next": "<i class='fa fa-angle-right fa-lg'></i>"
+            }
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+            var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+            pagination.toggle(this.api().page.info().pages > 1);
+        }
+    });
+    $.fn.DataTable.ext.pager.numbers_length = 5;
+    $('.datatable').DataTable();
+</script>
+{% endblock %} <!-- Main Start Block -->
diff --git a/crowdstrike_url_reputation.html b/crowdstrike_url_reputation.html
index 7fff63d..1268228 100644
--- a/crowdstrike_url_reputation.html
+++ b/crowdstrike_url_reputation.html
@@ -10,7 +10,7 @@
 {% block widget_content %} <!-- Main Start Block -->
 
 <!-- File: crowdstrike_url_reputation.html
-  Copyright (c) 2019-2023 Splunk Inc.
+  Copyright (c) 2019-2024 Splunk Inc.
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
diff --git a/crowdstrike_view.py b/crowdstrike_view.py
index 88e09ae..cde8392 100644
--- a/crowdstrike_view.py
+++ b/crowdstrike_view.py
@@ -1,6 +1,6 @@
 # File: crowdstrike_view.py
 #
-# Copyright (c) 2019-2023 Splunk Inc.
+# Copyright (c) 2019-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -219,8 +219,7 @@ def _get_ctx_result(result, provides):
     return ctx_result
 
 
-def display_view(provides, all_app_runs, context):
-
+def display_view(provides, all_app_runs, context):  # noqa: C901
     context['results'] = results = []
     for summary, action_results in all_app_runs:
         for result in action_results:
@@ -277,6 +276,36 @@ def display_view(provides, all_app_runs, context):
     if provides == 'get detections details':
         return 'crowdstrike_get_detections_details.html'
 
+    if provides == 'create ioa rule group':
+        return 'crowdstrike_create_ioa_rule_group.html'
+
+    if provides == 'update ioa rule group':
+        return 'crowdstrike_update_ioa_rule_group.html'
+
+    if provides == 'delete ioa rule group':
+        return 'crowdstrike_delete_ioa_rule_group.html'
+
+    if provides == 'list ioa rule groups':
+        return 'crowdstrike_list_ioa_rule_groups.html'
+
+    if provides == 'list ioa platforms':
+        return 'crowdstrike_list_ioa_platforms.html'
+
+    if provides == 'list ioa severities':
+        return 'crowdstrike_list_ioa_severities.html'
+
+    if provides == 'list ioa types':
+        return 'crowdstrike_list_ioa_types.html'
+
+    if provides == 'create ioa rule':
+        return 'crowdstrike_create_ioa_rule.html'
+
+    if provides == 'update ioa rule':
+        return 'crowdstrike_update_ioa_rule.html'
+
+    if provides == 'delete ioa rule':
+        return 'crowdstrike_delete_ioa_rule.html'
+
 
 def hunt_view(provides, all_app_runs, context):
 
diff --git a/crowdstrikeoauthapi.json b/crowdstrikeoauthapi.json
index 976a75c..decd708 100644
--- a/crowdstrikeoauthapi.json
+++ b/crowdstrikeoauthapi.json
@@ -20,8 +20,8 @@
             "name": "Katie Tanner"
         }
     ],
-    "license": "Copyright (c) 2019-2023 Splunk Inc.",
-    "app_version": "4.1.0",
+    "license": "Copyright (c) 2019-2024 Splunk Inc.",
+    "app_version": "4.2.0",
     "latest_tested_versions": [
         "Cloud, API api.crowdstrike.com, November 28th 2023, API versions: v1, v2"
     ],
@@ -29,7 +29,7 @@
     "package_name": "phantom_crowdstrikeoauthapi",
     "main_module": "crowdstrikeoauthapi_connector.py",
     "app_config_render": "default",
-    "min_phantom_version": "6.1.0",
+    "min_phantom_version": "6.1.1",
     "python_version": "3",
     "fips_compliant": true,
     "app_wizard_version": "1.0.0",
@@ -17719,6 +17719,2487 @@
                 "type": "custom",
                 "view": "crowdstrike_view.display_view"
             }
+        },
+        {
+            "action": "create ioa rule group",
+            "description": "Create an empty IOA Rule Group",
+            "type": "contain",
+            "identifier": "create_ioa_rule_group",
+            "read_only": false,
+            "parameters": {
+                "name": {
+                    "data_type": "string",
+                    "description": "Name of the new Rule Group",
+                    "required": true,
+                    "primary": true,
+                    "order": 0
+                },
+                "description": {
+                    "data_type": "string",
+                    "description": "Longer description for the new Rule Group",
+                    "required": true,
+                    "order": 1
+                },
+                "platform": {
+                    "data_type": "string",
+                    "description": "Platform that this Rule Group applies to",
+                    "required": true,
+                    "order": 2
+                },
+                "enabled": {
+                    "data_type": "boolean",
+                    "description": "Enable the new Rule Group immediately upon creation",
+                    "required": false,
+                    "order": 3,
+                    "default": false
+                },
+                "policy_id": {
+                    "data_type": "string",
+                    "description": "Prevention Policy ID to assign the new Rule Group to",
+                    "required": false,
+                    "order": 4,
+                    "contains": [
+                        "crowdstrike prevention policy id"
+                    ],
+                    "allow_list": true
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.name",
+                    "data_type": "string",
+                    "example_values": [
+                        "my_rule_group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.description",
+                    "data_type": "string",
+                    "example_values": [
+                        "Custom rule group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.platform",
+                    "data_type": "string",
+                    "example_values": [
+                        "windows",
+                        "mac",
+                        "linux"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.enabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.policy_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike prevention policy id"
+                    ],
+                    "example_values": [
+                        "2018f9894359493cb756bfa7dd3357a6"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.errors",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.meta.powered_by",
+                    "data_type": "string",
+                    "example_values": [
+                        "empower-api"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.query_time",
+                    "data_type": "numeric",
+                    "example_values": [
+                        5.917429897
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.trace_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "6b7c63e1-0ebd-4121-90f3-cd53451be245"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "example_values": [
+                        "3263801f7612424ba923f4e6e4bfe2f2"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.customer_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike customer id"
+                    ],
+                    "example_values": [
+                        "4061c7ff3b634e22b38274d4b586554r"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.enabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.name",
+                    "data_type": "string",
+                    "example_values": [
+                        "my_rule_group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.description",
+                    "data_type": "string",
+                    "example_values": [
+                        "Custom rule group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.platform",
+                    "data_type": "string",
+                    "example_values": [
+                        "windows",
+                        "mac",
+                        "linux"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.deleted",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rule_ids.*",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule id"
+                    ],
+                    "example_values": [
+                        "6"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.comment",
+                    "data_type": "string",
+                    "example_values": [
+                        "Updated description"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.version",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.created_by",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike user id"
+                    ],
+                    "example_values": [
+                        "65f616497d0d40d4b6e7a68389323605"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.created_on",
+                    "data_type": "string",
+                    "example_values": [
+                        "2024-01-25T19:17:02.117884262Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.modified_by",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike user id"
+                    ],
+                    "example_values": [
+                        "65f616497d0d40d4b6e7a68389323605"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.modified_on",
+                    "data_type": "string",
+                    "example_values": [
+                        "2024-01-25T19:17:02.117884262Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.committed_on",
+                    "data_type": "string",
+                    "example_values": [
+                        "0001-01-01T00:00:00Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.assigned_policy_ids.*",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike prevention policy id"
+                    ],
+                    "example_values": [
+                        "2018f9894359493cb756bfa7dd3357a6"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.rule_group_id",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Rule Group created successfully"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "versions": "EQ(*)",
+            "render": {
+                "title": "Create IOA Rule Group",
+                "type": "custom",
+                "view": "crowdstrike_view.display_view"
+            }
+        },
+        {
+            "action": "update ioa rule group",
+            "description": "Modify an existing IOA Rule Group",
+            "type": "contain",
+            "identifier": "update_ioa_rule_group",
+            "read_only": false,
+            "parameters": {
+                "id": {
+                    "data_type": "string",
+                    "description": "Rule Group ID",
+                    "required": true,
+                    "primary": true,
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "order": 0
+                },
+                "version": {
+                    "data_type": "numeric",
+                    "description": "Latest version of this Rule Group",
+                    "required": true,
+                    "order": 1
+                },
+                "name": {
+                    "data_type": "string",
+                    "description": "Name of the Rule Group",
+                    "required": true,
+                    "order": 2
+                },
+                "description": {
+                    "data_type": "string",
+                    "description": "Longer description for the Rule Group",
+                    "required": true,
+                    "order": 3
+                },
+                "enabled": {
+                    "data_type": "boolean",
+                    "description": "Enable or disable the Rule Group",
+                    "required": false,
+                    "order": 4,
+                    "default": false
+                },
+                "comment": {
+                    "data_type": "string",
+                    "description": "Comment for the audit log",
+                    "required": true,
+                    "order": 5
+                },
+                "assign_policy_id": {
+                    "data_type": "string",
+                    "description": "Prevention Policy ID to assign the Rule Group to",
+                    "required": false,
+                    "order": 6,
+                    "contains": [
+                        "crowdstrike prevention policy id"
+                    ],
+                    "allow_list": true
+                },
+                "remove_policy_id": {
+                    "data_type": "string",
+                    "description": "Prevention Policy ID to remove the Rule Group from",
+                    "required": false,
+                    "order": 7,
+                    "contains": [
+                        "crowdstrike prevention policy id"
+                    ],
+                    "allow_list": true
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "example_values": [
+                        "3263801f7612424ba923f4e6e4bfe2f2"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.version",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.name",
+                    "data_type": "string",
+                    "example_values": [
+                        "my_rule_group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.description",
+                    "data_type": "string",
+                    "example_values": [
+                        "Custom rule group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.enabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.comment",
+                    "data_type": "boolean",
+                    "example_values": [
+                        "Updated rule description"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.assign_policy_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike prevention policy id"
+                    ],
+                    "example_values": [
+                        "2018f9894359493cb756bfa7dd3357a6"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.remove_policy_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike prevention policy id"
+                    ],
+                    "example_values": [
+                        "2018f9894359493cb756bfa7dd3357a6"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.errors",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.meta.powered_by",
+                    "data_type": "string",
+                    "example_values": [
+                        "empower-api"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.query_time",
+                    "data_type": "numeric",
+                    "example_values": [
+                        5.917429897
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.trace_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "6b7c63e1-0ebd-4121-90f3-cd53451be245"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "example_values": [
+                        "3263801f7612424ba923f4e6e4bfe2f2"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.customer_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike customer id"
+                    ],
+                    "example_values": [
+                        "4061c7ff3b634e22b38274d4b586554r"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.enabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.name",
+                    "data_type": "string",
+                    "example_values": [
+                        "my_rule_group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.description",
+                    "data_type": "string",
+                    "example_values": [
+                        "Custom rule group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.platform",
+                    "data_type": "string",
+                    "example_values": [
+                        "windows",
+                        "mac",
+                        "linux"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.deleted",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rule_ids.*",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule id"
+                    ],
+                    "example_values": [
+                        "6"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.comment",
+                    "data_type": "string",
+                    "example_values": [
+                        "Updated description"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.version",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.created_by",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike user id"
+                    ],
+                    "example_values": [
+                        "65f616497d0d40d4b6e7a68389323605"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.created_on",
+                    "data_type": "string",
+                    "example_values": [
+                        "2024-01-25T19:17:02.117884262Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.modified_by",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike user id"
+                    ],
+                    "example_values": [
+                        "65f616497d0d40d4b6e7a68389323605"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.modified_on",
+                    "data_type": "string",
+                    "example_values": [
+                        "2024-01-25T19:17:02.117884262Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.committed_on",
+                    "data_type": "string",
+                    "example_values": [
+                        "0001-01-01T00:00:00Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.assigned_policy_ids.*",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike prevention policy id"
+                    ],
+                    "example_values": [
+                        "2018f9894359493cb756bfa7dd3357a6"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.removed_policy_ids.*",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike prevention policy id"
+                    ],
+                    "example_values": [
+                        "2018f9894359493cb756bfa7dd3357a6"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.rule_group_id",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Rule Group updated successfully"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "versions": "EQ(*)",
+            "render": {
+                "title": "Update IOA Rule Group",
+                "type": "custom",
+                "view": "crowdstrike_view.display_view"
+            }
+        },
+        {
+            "action": "delete ioa rule group",
+            "description": "Delete an existing IOA Rule Group",
+            "type": "contain",
+            "identifier": "delete_ioa_rule_group",
+            "read_only": false,
+            "parameters": {
+                "id": {
+                    "data_type": "string",
+                    "description": "Rule Group ID",
+                    "required": true,
+                    "primary": true,
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "allow_list": true,
+                    "order": 0
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "example_values": [
+                        "3263801f7612424ba923f4e6e4bfe2f2"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.errors",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.meta.powered_by",
+                    "data_type": "string",
+                    "example_values": [
+                        "empower-api"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.query_time",
+                    "data_type": "numeric",
+                    "example_values": [
+                        5.917429897
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.trace_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "6b7c63e1-0ebd-4121-90f3-cd53451be245"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.writes.resources_affected",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.resources_affected",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Deleted 1 rule groups"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "versions": "EQ(*)",
+            "render": {
+                "title": "Delete IOA Rule Group",
+                "type": "custom",
+                "view": "crowdstrike_view.display_view"
+            }
+        },
+        {
+            "action": "list ioa platforms",
+            "description": "List valid platforms for IOA Rule Groups",
+            "type": "investigate",
+            "identifier": "list_ioa_platforms",
+            "read_only": true,
+            "parameters": {},
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.errors",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.meta.powered_by",
+                    "data_type": "string",
+                    "example_values": [
+                        "empower-api"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.query_time",
+                    "data_type": "numeric",
+                    "example_values": [
+                        5.917429897
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.trace_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "6b7c63e1-0ebd-4121-90f3-cd53451be245"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*",
+                    "data_type": "string",
+                    "example_values": [
+                        "windows",
+                        "mac",
+                        "linux"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.result_count",
+                    "data_type": "numeric"
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Found 3 rule groups"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "versions": "EQ(*)",
+            "render": {
+                "title": "List IOA Platforms",
+                "type": "custom",
+                "view": "crowdstrike_view.display_view"
+            }
+
+        },
+        {
+            "action": "list ioa rule groups",
+            "description": "List IOA Rule Groups",
+            "type": "investigate",
+            "identifier": "list_ioa_rule_groups",
+            "read_only": true,
+            "parameters": {
+                "fql_query": {
+                    "data_type": "string",
+                    "description": "FQL query to filter rule groups",
+                    "required": false,
+                    "order": 0
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.fql_query",
+                    "data_type": "string",
+                    "example_values": [
+                        "enabled: true + platform: 'mac'"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.errors",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.meta.powered_by",
+                    "data_type": "string",
+                    "example_values": [
+                        "empower-api"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.query_time",
+                    "data_type": "numeric",
+                    "example_values": [
+                        5.917429897
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.trace_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "6b7c63e1-0ebd-4121-90f3-cd53451be245"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.instance_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule id"
+                    ],
+                    "example_values": [
+                        "1"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.customer_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike customer id"
+                    ],
+                    "example_values": [
+                        "4061c7ff3b634e22b38274d4b586554r"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.ruletype_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "5"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.ruletype_name",
+                    "data_type": "string",
+                    "example_values": [
+                        "Process Creation"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.comment",
+                    "data_type": "string",
+                    "example_values": [
+                        "Created rule"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.enabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.deleted",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.magic_cookie",
+                    "data_type": "numeric",
+                    "example_values": [
+                        2
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rulegroup_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "example_values": [
+                        "83f596d2f8c04f36ad39182311e90e3a"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.version_ids.*",
+                    "data_type": "string",
+                    "example_values": [
+                        "1"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.instance_version",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.name",
+                    "data_type": "string",
+                    "example_values": [
+                        "BugRule"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.description",
+                    "data_type": "string",
+                    "example_values": [
+                        "Stops the bug"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.pattern_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "41005"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.pattern_severity",
+                    "data_type": "string",
+                    "example_values": [
+                        "critical"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.action_label",
+                    "data_type": "string",
+                    "example_values": [
+                        "Block Execution"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.disposition_id",
+                    "data_type": "numeric",
+                    "example_values": [
+                        30
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.field_values.*.name",
+                    "data_type": "string",
+                    "example_values": [
+                        "GrandparentImageFilename"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.field_values.*.value",
+                    "data_type": "string",
+                    "example_values": [
+                        "(?i).+bug.exe"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.field_values.*.label",
+                    "data_type": "string",
+                    "example_values": [
+                        "Grandparent Image Filename"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.field_values.*.type",
+                    "data_type": "string",
+                    "example_values": [
+                        "excludable"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.field_values.*.values.*.label",
+                    "data_type": "string",
+                    "example_values": [
+                        "include"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.field_values.*.values.*.value",
+                    "data_type": "string",
+                    "example_values": [
+                        ".+bug.exe"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.field_values.*.final_value",
+                    "data_type": "string",
+                    "example_values": [
+                        "(?i).+bug.exe"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.result_count",
+                    "data_type": "numeric"
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Found 3 rule groups"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "versions": "EQ(*)",
+            "render": {
+                "title": "List IOA Rule Groups",
+                "type": "custom",
+                "view": "crowdstrike_view.display_view"
+            }
+        },
+        {
+            "action": "list ioa severities",
+            "description": "List valid severity values for IOA rules",
+            "type": "investigate",
+            "identifier": "list_ioa_severities",
+            "read_only": true,
+            "parameters": {},
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.errors",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.meta.powered_by",
+                    "data_type": "string",
+                    "example_values": [
+                        "empower-api"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.query_time",
+                    "data_type": "numeric",
+                    "example_values": [
+                        5.917429897
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.trace_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "6b7c63e1-0ebd-4121-90f3-cd53451be245"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*",
+                    "data_type": "string",
+                    "example_values": [
+                        "informational",
+                        "low",
+                        "medium",
+                        "high",
+                        "critical"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.result_count",
+                    "data_type": "numeric"
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Found 3 supported platforms"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "versions": "EQ(*)",
+            "render": {
+                "title": "List IOA Severities",
+                "type": "custom",
+                "view": "crowdstrike_view.display_view"
+            }
+        },
+        {
+            "action": "list ioa types",
+            "description": "List valid types of IOA rules",
+            "type": "investigate",
+            "identifier": "list_ioa_types",
+            "read_only": true,
+            "parameters": {
+                "platform": {
+                    "description": "Show only IOA types supported by the given platform",
+                    "data_type": "string",
+                    "required": false,
+                    "order": 0
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.platform",
+                    "data_type": "string",
+                    "example_values": [
+                        "mac",
+                        "linux",
+                        "windows"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.errors",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.meta.powered_by",
+                    "data_type": "string",
+                    "example_values": [
+                        "empower-api"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.query_time",
+                    "data_type": "numeric",
+                    "example_values": [
+                        5.917429897
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.trace_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "6b7c63e1-0ebd-4121-90f3-cd53451be245"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.id",
+                    "data_type": "string",
+                    "example_values": [
+                        "1"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.name",
+                    "data_type": "string",
+                    "example_values": [
+                        "Process Creation"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.channel",
+                    "data_type": "numeric",
+                    "example_values": [
+                        501
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.long_desc",
+                    "data_type": "string",
+                    "example_values": [
+                        "Mac basic process custom template. Triggered off of CreateProcessPreventionQueryMac."
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.released",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.fields.*.name",
+                    "data_type": "string",
+                    "example_values": [
+                        "GrandparentImageFilename"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.fields.*.label",
+                    "data_type": "string",
+                    "example_values": [
+                        "Grandparent Image Filename"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.fields.*.type",
+                    "data_type": "string",
+                    "example_values": [
+                        "excludable"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.fields.*.type.*.label",
+                    "data_type": "string",
+                    "example_values": [
+                        "include"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.fields.*.type.*.value",
+                    "data_type": "string",
+                    "example_values": [
+                        ""
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.disposition_map.*.id",
+                    "data_type": "numeric",
+                    "example_values": [
+                        10
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.disposition_map.*.label",
+                    "data_type": "string",
+                    "example_values": [
+                        "Monitor"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.fields_pretty",
+                    "data_type": "string",
+                    "example_values": [
+                        "{}"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.result_count",
+                    "data_type": "numeric"
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Found 3 rule types"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "versions": "EQ(*)",
+            "render": {
+                "title": "List IOA Types",
+                "type": "custom",
+                "view": "crowdstrike_view.display_view"
+            }
+        },
+        {
+            "action": "create ioa rule",
+            "description": "Create a new IOA Rule",
+            "type": "contain",
+            "identifier": "create_ioa_rule",
+            "read_only": false,
+            "parameters": {
+                "rule_group_id": {
+                    "data_type": "string",
+                    "description": "Rule Group ID in which to create this rule",
+                    "required": true,
+                    "primary": true,
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "order": 0
+                },
+                "name": {
+                    "data_type": "string",
+                    "description": "Rule name",
+                    "required": true,
+                    "order": 1
+                },
+                "description": {
+                    "data_type": "string",
+                    "description": "Rule description",
+                    "required": true,
+                    "order": 2
+                },
+                "severity": {
+                    "data_type": "string",
+                    "description": "Rule severity (run the \"list ioa severities\" action to find valid severities)",
+                    "required": true,
+                    "order": 3
+                },
+                "rule_type_id": {
+                    "data_type": "numeric",
+                    "description": "Rule type to create (run the \"list ioa types\" action to find valid types of rules and their IDs and parameters)",
+                    "required": true,
+                    "order": 4
+                },
+                "disposition_id": {
+                    "data_type": "numeric",
+                    "description": "The action that the rule should take when triggered (valid dispositions can be found in the \"list ioa types\" output)",
+                    "required": true,
+                    "order": 5
+                },
+                "field_values": {
+                    "data_type": "string",
+                    "description": "JSON list of parameters to pass to the new rule (valid fields can be found in the \"list ioa types\" output)",
+                    "required": true,
+                    "order": 6
+                },
+                "comment": {
+                    "data_type": "string",
+                    "description": "Comment for the audit log (optional)",
+                    "required": false,
+                    "order": 7
+                },
+                "enabled": {
+                    "data_type": "boolean",
+                    "description": "Enable this rule immediately",
+                    "required": false,
+                    "default": false,
+                    "order": 8
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.rule_group_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "example_values": [
+                        "83f596d2f8c04f36ad39182311e90e3a"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.name",
+                    "data_type": "string",
+                    "example_values": [
+                        "BugRule"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.description",
+                    "data_type": "string",
+                    "example_values": [
+                        "Stops the bug"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.severity",
+                    "data_type": "string",
+                    "example_values": [
+                        "critical"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.rule_type_id",
+                    "data_type": "numeric",
+                    "example_values": [
+                        5
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.disposition_id",
+                    "data_type": "numeric",
+                    "example_values": [
+                        30
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.field_values",
+                    "data_type": "string",
+                    "example_values": [
+                        "{\"label\":\"Grandparent Image Filename\",\"name\":\"GrandparentImageFilename\",\"type\":\"excludable\",\"values\":[{\"label\":\"include\",\"value\":\".+bug.exe\"}]}]"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.comment",
+                    "data_type": "string",
+                    "example_values": [
+                        "Example comment"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.enabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.errors",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.meta.powered_by",
+                    "data_type": "string",
+                    "example_values": [
+                        "empower-api"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.query_time",
+                    "data_type": "numeric",
+                    "example_values": [
+                        5.917429897
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.trace_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "6b7c63e1-0ebd-4121-90f3-cd53451be245"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.instance_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule id"
+                    ],
+                    "example_values": [
+                        "1"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.customer_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike customer id"
+                    ],
+                    "example_values": [
+                        "4061c7ff3b634e22b38274d4b586554r"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.ruletype_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "5"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.ruletype_name",
+                    "data_type": "string",
+                    "example_values": [
+                        "Process Creation"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.comment",
+                    "data_type": "string",
+                    "example_values": [
+                        "Created rule"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.enabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.deleted",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.magic_cookie",
+                    "data_type": "numeric",
+                    "example_values": [
+                        2
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rulegroup_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "example_values": [
+                        "83f596d2f8c04f36ad39182311e90e3a"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.version_ids.*",
+                    "data_type": "string",
+                    "example_values": [
+                        "1"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.instance_version",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.name",
+                    "data_type": "string",
+                    "example_values": [
+                        "BugRule"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.description",
+                    "data_type": "string",
+                    "example_values": [
+                        "Stops the bug"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.pattern_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "41005"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.pattern_severity",
+                    "data_type": "string",
+                    "example_values": [
+                        "critical"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.action_label",
+                    "data_type": "string",
+                    "example_values": [
+                        "Block Execution"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.disposition_id",
+                    "data_type": "numeric",
+                    "example_values": [
+                        30
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.field_values.*.name",
+                    "data_type": "string",
+                    "example_values": [
+                        "GrandparentImageFilename"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.field_values.*.value",
+                    "data_type": "string",
+                    "example_values": [
+                        "(?i).+bug.exe"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.field_values.*.label",
+                    "data_type": "string",
+                    "example_values": [
+                        "Grandparent Image Filename"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.field_values.*.type",
+                    "data_type": "string",
+                    "example_values": [
+                        "excludable"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.field_values.*.values.*.label",
+                    "data_type": "string",
+                    "example_values": [
+                        "include"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.field_values.*.values.*.value",
+                    "data_type": "string",
+                    "example_values": [
+                        ".+bug.exe"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.field_values.*.final_value",
+                    "data_type": "string",
+                    "example_values": [
+                        "(?i).+bug.exe"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.rule_group_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "example_values": [
+                        "83f596d2f8c04f36ad39182311e90e3a"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.rule_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule id"
+                    ],
+                    "example_values": [
+                        "1"
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Rule created successfully"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "versions": "EQ(*)",
+            "render": {
+                "title": "Create IOA Rule",
+                "type": "custom",
+                "view": "crowdstrike_view.display_view"
+            }
+        },
+        {
+            "action": "update ioa rule",
+            "description": "Update an existing IOA Rule",
+            "type": "contain",
+            "identifier": "update_ioa_rule",
+            "read_only": false,
+            "parameters": {
+                "rule_group_id": {
+                    "data_type": "string",
+                    "description": "Rule Group ID containing the rule",
+                    "required": true,
+                    "primary": true,
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "order": 0
+                },
+                "rule_group_version": {
+                    "data_type": "numeric",
+                    "description": "Latest version of Rule Group",
+                    "required": true,
+                    "order": 1
+                },
+                "rule_id": {
+                    "data_type": "string",
+                    "description": "Rule ID to update",
+                    "required": true,
+                    "primary": true,
+                    "contains": [
+                        "crowdstrike ioa rule id"
+                    ],
+                    "order": 2
+                },
+                "rule_version": {
+                    "data_type": "numeric",
+                    "description": "Latest version of Rule",
+                    "required": true,
+                    "order": 3
+                },
+                "name": {
+                    "data_type": "string",
+                    "description": "Rule name",
+                    "required": true,
+                    "order": 4
+                },
+                "description": {
+                    "data_type": "string",
+                    "description": "Rule description",
+                    "required": true,
+                    "order": 5
+                },
+                "severity": {
+                    "data_type": "string",
+                    "description": "Rule severity (run the \"list ioa severities\" action to find valid severities)",
+                    "required": true,
+                    "order": 6
+                },
+                "disposition_id": {
+                    "data_type": "numeric",
+                    "description": "The action that the rule should take when triggered (valid dispositions can be found in the \"list ioa types\" output)",
+                    "required": true,
+                    "order": 7
+                },
+                "field_values": {
+                    "data_type": "string",
+                    "description": "JSON list of parameters to pass to the new rule (valid fields can be found in the \"list ioa types\" output)",
+                    "required": true,
+                    "order": 8
+                },
+                "comment": {
+                    "data_type": "string",
+                    "description": "Comment for the audit log (optional)",
+                    "required": false,
+                    "order": 9
+                },
+                "enabled": {
+                    "data_type": "boolean",
+                    "description": "Enable this rule",
+                    "required": false,
+                    "default": false,
+                    "order": 10
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.rule_group_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "example_values": [
+                        "83f596d2f8c04f36ad39182311e90e3a"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.rule_group_version",
+                    "data_type": "numeric",
+                    "example_values": [
+                        2
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.rule_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule id"
+                    ],
+                    "example_values": [
+                        "1"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.rule_version",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.name",
+                    "data_type": "string",
+                    "example_values": [
+                        "BugRule"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.description",
+                    "data_type": "string",
+                    "example_values": [
+                        "Stops the bug"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.severity",
+                    "data_type": "string",
+                    "example_values": [
+                        "critical"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.disposition_id",
+                    "data_type": "numeric",
+                    "example_values": [
+                        30
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.field_values",
+                    "data_type": "string",
+                    "example_values": [
+                        "{\"label\":\"Grandparent Image Filename\",\"name\":\"GrandparentImageFilename\",\"type\":\"excludable\",\"values\":[{\"label\":\"include\",\"value\":\".+bug.exe\"}]}]"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.comment",
+                    "data_type": "string",
+                    "example_values": [
+                        "Example comment"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.enabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.errors",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.meta.powered_by",
+                    "data_type": "string",
+                    "example_values": [
+                        "empower-api"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.query_time",
+                    "data_type": "numeric",
+                    "example_values": [
+                        5.917429897
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.trace_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "6b7c63e1-0ebd-4121-90f3-cd53451be245"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "example_values": [
+                        "83f596d2f8c04f36ad39182311e90e3a"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.name",
+                    "data_type": "string",
+                    "example_values": [
+                        "Bug Rule Group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.name",
+                    "data_type": "string",
+                    "example_values": [
+                        "BugRule"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.comment",
+                    "data_type": "string",
+                    "example_values": [
+                        "Updated the thing"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.deleted",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.enabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.created_by",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike unique user id"
+                    ],
+                    "example_values": [
+                        "bb777249-c782-4434-b57a-f15ac742926c"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.created_on",
+                    "data_type": "string",
+                    "example_values": [
+                        "2021-09-15T09:52:27.651770437Z"
+                    ],
+                    "contains": [
+                        "date"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.pattern_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "41007"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.customer_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike customer id"
+                    ],
+                    "example_values": [
+                        "4061c7ff3b634e22b38274d4b586554r"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.description",
+                    "data_type": "string",
+                    "example_values": [
+                        "Stops the bug"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.modified_by",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike unique user id"
+                    ],
+                    "example_values": [
+                        "bb777249-c782-4434-b57a-f15ac742926c"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.modified_on",
+                    "data_type": "string",
+                    "example_values": [
+                        "2021-09-15T09:52:27.651770437Z"
+                    ],
+                    "contains": [
+                        "date"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.ruletype_id",
+                    "data_type": "string",
+                    "examples": [
+                        "5"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resource.*.rules.*.version_ids.*",
+                    "data_type": "string",
+                    "examples": [
+                        "1"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resource.*.rules.*.action_label",
+                    "data_type": "string",
+                    "examples": [
+                        "Monitor"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.committed_on",
+                    "data_type": "string",
+                    "example_values": [
+                        "2021-09-15T09:52:27.651770437Z"
+                    ],
+                    "contains": [
+                        "date"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.field_values.*.name",
+                    "data_type": "string",
+                    "example_values": [
+                        "GrandparentImageFilename"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.field_values.*.value",
+                    "data_type": "string",
+                    "example_values": [
+                        "(?i).+bug.exe"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.field_values.*.label",
+                    "data_type": "string",
+                    "example_values": [
+                        "Grandparent Image Filename"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.field_values.*.type",
+                    "data_type": "string",
+                    "example_values": [
+                        "excludable"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.field_values.*.values.*.label",
+                    "data_type": "string",
+                    "example_values": [
+                        "include"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.field_values.*.values.*.value",
+                    "data_type": "string",
+                    "example_values": [
+                        ".+bug.exe"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.field_values.*.final_value",
+                    "data_type": "string",
+                    "example_values": [
+                        "(?i).+bug.exe"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.magic_cookie",
+                    "data_type": "numeric",
+                    "example_values": [
+                        6
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.rulegroup_id",
+                    "data_type": "string",
+                    "example_values": [
+                        ""
+                    ],
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.ruletype_name",
+                    "data_type": "string",
+                    "example_values": [
+                        "Process Creation"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.disposition_id",
+                    "data_type": "numeric",
+                    "example_values": [
+                        10
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.instance_version",
+                    "data_type": "numeric",
+                    "example_values": [
+                        3
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rules.*.pattern_severity",
+                    "data_type": "string",
+                    "example_values": [
+                        "medium"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.comment",
+                    "data_type": "string",
+                    "example_values": [
+                        "Created rule"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.enabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.deleted",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.version",
+                    "data_type": "numeric",
+                    "example_values": [
+                        2
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.platform",
+                    "data_type": "string",
+                    "example_values": [
+                        "mac",
+                        "windows",
+                        "linux"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.rule_ids.*",
+                    "data_type": "string",
+                    "example_values": [
+                        "1"
+                    ],
+                    "contains": [
+                        "crowdstrike ioa rule id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.created_by",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike unique user id"
+                    ],
+                    "example_values": [
+                        "bb777249-c782-4434-b57a-f15ac742926c"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.created_on",
+                    "data_type": "string",
+                    "example_values": [
+                        "2021-09-15T09:52:27.651770437Z"
+                    ],
+                    "contains": [
+                        "date"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.customer_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike customer id"
+                    ],
+                    "example_values": [
+                        "4061c7ff3b634e22b38274d4b586554r"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.description",
+                    "data_type": "string",
+                    "example_values": [
+                        "Stops the bug"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.modified_by",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike unique user id"
+                    ],
+                    "example_values": [
+                        "bb777249-c782-4434-b57a-f15ac742926c"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.modified_on",
+                    "data_type": "string",
+                    "example_values": [
+                        "2021-09-15T09:52:27.651770437Z"
+                    ],
+                    "contains": [
+                        "date"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.resources.*.committed_on",
+                    "data_type": "string",
+                    "example_values": [
+                        "2021-09-15T09:52:27.651770437Z"
+                    ],
+                    "contains": [
+                        "date"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.rule_group_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "example_values": [
+                        "83f596d2f8c04f36ad39182311e90e3a"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.rule_group_version",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.rule_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule id"
+                    ],
+                    "example_values": [
+                        "1"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.rule_version",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Rule updated successfully"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "versions": "EQ(*)",
+            "render": {
+                "title": "Update IOA Rule",
+                "type": "custom",
+                "view": "crowdstrike_view.display_view"
+            }
+        },
+        {
+            "action": "delete ioa rule",
+            "description": "Delete an existing IOA Rule",
+            "type": "contain",
+            "identifier": "delete_ioa_rule",
+            "read_only": false,
+            "parameters": {
+                "rule_group_id": {
+                    "data_type": "string",
+                    "description": "Rule Group ID containing the rule",
+                    "required": true,
+                    "primary": true,
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "order": 0
+                },
+                "rule_id": {
+                    "data_type": "string",
+                    "description": "Rule ID to delete",
+                    "required": true,
+                    "primary": true,
+                    "contains": [
+                        "crowdstrike ioa rule id"
+                    ],
+                    "allow_list": true,
+                    "order": 1
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.rule_group_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule group id"
+                    ],
+                    "example_values": [
+                        "83f596d2f8c04f36ad39182311e90e3a"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.rule_id",
+                    "data_type": "string",
+                    "contains": [
+                        "crowdstrike ioa rule id"
+                    ],
+                    "example_values": [
+                        "1"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.errors",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.meta.powered_by",
+                    "data_type": "string",
+                    "example_values": [
+                        "empower-api"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.query_time",
+                    "data_type": "numeric",
+                    "example_values": [
+                        5.917429897
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.meta.trace_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "6b7c63e1-0ebd-4121-90f3-cd53451be245"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.resources_affected",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Rule deleted successfully"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "versions": "EQ(*)",
+            "render": {
+                "title": "Delete IOA Rule",
+                "type": "custom",
+                "view": "crowdstrike_view.display_view"
+            }
         }
     ],
     "pip39_dependencies": {
diff --git a/crowdstrikeoauthapi_connector.py b/crowdstrikeoauthapi_connector.py
index 650486a..8db0844 100644
--- a/crowdstrikeoauthapi_connector.py
+++ b/crowdstrikeoauthapi_connector.py
@@ -1,6 +1,6 @@
 # File: crowdstrikeoauthapi_connector.py
 #
-# Copyright (c) 2019-2023 Splunk Inc.
+# Copyright (c) 2019-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -1556,6 +1556,179 @@ def _handle_remove_hosts(self, param):
 
         return action_result.set_status(phantom.APP_SUCCESS, "Host removed successfully")
 
+    def _handle_create_ioa_rule(self, param):
+        self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        try:
+            field_values = json.loads(param['field_values'])
+        except json.JSONDecodeError as e:
+            return action_result.set_status(
+                phantom.APP_ERROR,
+                f'Failed to parse field_values: {e}'
+            )
+
+        create_comment = param.get('comment')
+
+        create_params = {
+            'rulegroup_id': param['rule_group_id'],
+            'name': param['name'],
+            'description': param['description'],
+            'pattern_severity': param['severity'],
+            'ruletype_id': str(param['rule_type_id']),
+            'disposition_id': param['disposition_id'],
+            'field_values': field_values
+        }
+        if create_comment:
+            create_params['comment'] = create_comment
+
+        ret_val, resp_json = self._make_rest_call_helper_oauth2(
+            action_result,
+            CROWDSTRIKE_IOA_CREATE_RULE_ENDPOINT,
+            json_data=create_params,
+            method='post'
+        )
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        rulegroup_id = resp_json['resources'][0].get('rulegroup_id')
+        rulegroup_version = resp_json['resources'][0].get('magic_cookie')
+        rule_id = resp_json['resources'][0].get('instance_id')
+        rule_version = resp_json['resources'][0].get('instance_version')
+        if not (rulegroup_id and rulegroup_version and rule_id and rule_version):
+            return action_result.set_status(
+                phantom.APP_ERROR,
+                'CrowdStrike failed to return a Rule Group ID/Version and Rule ID/Version'
+            )
+
+        if param.get('enabled', False):
+            update_params = {
+                'rulegroup_id': rulegroup_id,
+                'rulegroup_version': rulegroup_version,
+                'instance_version': rule_version,
+                'comment': 'Rule enabled via Splunk SOAR',
+                'rule_updates': [
+                    {
+                        'instance_id': rule_id,
+                        'name': param['name'],
+                        'description': param['description'],
+                        'enabled': True,
+                        'pattern_severity': param['severity'],
+                        'disposition_id': param['disposition_id'],
+                        'field_values': field_values
+                    }
+                ]
+            }
+            ret_val, update_resp_json = self._make_rest_call_helper_oauth2(
+                action_result,
+                CROWDSTRIKE_IOA_CREATE_RULE_ENDPOINT,
+                json_data=update_params,
+                method='patch'
+            )
+
+            if phantom.is_fail(ret_val):
+                return action_result.get_status()
+
+            # For consistency, we need to find and return the updated rule
+            for resource in update_resp_json['resources']:
+                for rule in resource['rules']:
+                    if rule['instance_id'] == rule_id:
+                        resp_rule = rule
+                        rule['rulegroup_id'] = rulegroup_id
+                        resp_json['resources'] = [resp_rule]
+
+        action_result.add_data(resp_json)
+
+        action_result.update_summary({
+            'rule_group_id': rulegroup_id,
+            'rule_id': rule_id
+        })
+
+        return action_result.set_status(phantom.APP_SUCCESS, "Rule created successfully")
+
+    def _handle_create_ioa_rule_group(self, param):
+        self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        create_params = {
+            'name': param['name'],
+            'description': param['description'],
+            'platform': param['platform']
+        }
+        ret_val, resp_json = self._make_rest_call_helper_oauth2(
+            action_result,
+            CROWDSTRIKE_IOA_CREATE_RULE_GROUP_ENDPOINT,
+            json_data=create_params,
+            method='post'
+        )
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        rulegroup_id = resp_json['resources'][0].get('id')
+        rulegroup_version = resp_json['resources'][0].get('version')
+        if rulegroup_id is None or rulegroup_version is None:
+            return action_result.set_status(
+                phantom.APP_ERROR,
+                'CrowdStrike failed to return a Rule Group ID and Version'
+            )
+
+        if param.get('enabled', False):
+            update_params = {
+                'id': rulegroup_id,
+                'rulegroup_version': rulegroup_version,
+                'name': param['name'],
+                'description': param['description'],
+                'enabled': True,
+                'comment': 'Rule Group enabled via Splunk SOAR'
+            }
+            ret_val, resp_json = self._make_rest_call_helper_oauth2(
+                action_result,
+                CROWDSTRIKE_IOA_CREATE_RULE_GROUP_ENDPOINT,
+                json_data=update_params,
+                method='patch'
+            )
+
+            if phantom.is_fail(ret_val):
+                return action_result.get_status()
+
+        policy_ids_str = param.get('policy_id', '')
+        policy_ids_list = phantom.get_list_from_string(policy_ids_str)
+        for policy_id in policy_ids_list:
+            assign_params = {
+                'action_parameters': [
+                    {
+                        'name': 'rule_group_id',
+                        'value': rulegroup_id
+                    }
+                ],
+                'ids': [
+                    policy_id
+                ]
+            }
+            assign_ret_val, assign_resp_json = self._make_rest_call_helper_oauth2(
+                action_result,
+                CROWDSTRIKE_UPDATE_PREVENTION_ACTIONS_ENDPOINT,
+                params={
+                    'action_name': 'add-rule-group'
+                },
+                json_data=assign_params,
+                method='post'
+            )
+
+            if phantom.is_fail(assign_ret_val):
+                return action_result.get_status()
+
+        resp_json['resources'][0]['assigned_policy_ids'] = policy_ids_list
+        action_result.add_data(resp_json)
+
+        action_result.update_summary({
+            'rule_group_id': rulegroup_id
+        })
+
+        return action_result.set_status(phantom.APP_SUCCESS, "Rule group created successfully")
+
     def _handle_create_session(self, param):
         self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
         action_result = self.add_action_result(ActionResult(dict(param)))
@@ -1582,6 +1755,68 @@ def _handle_create_session(self, param):
 
         return action_result.set_status(phantom.APP_SUCCESS, "Session created successfully")
 
+    def _handle_delete_ioa_rule(self, param):
+        self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        group_id = param['rule_group_id']
+        ids_str = param['rule_id']
+        ids_list = phantom.get_list_from_string(ids_str)
+        ids_param = ','.join(ids_list)
+        params = {
+            'rule_group_id': group_id,
+            'ids': ids_param
+        }
+        ret_val, resp_json = self._make_rest_call_helper_oauth2(
+            action_result,
+            CROWDSTRIKE_IOA_CREATE_RULE_ENDPOINT,
+            params=params,
+            method='delete'
+        )
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        action_result.add_data(resp_json)
+
+        resources_affected = resp_json['meta']['writes']['resources_affected']
+        action_result.update_summary({
+            'resources_affected': resources_affected
+        })
+
+        return action_result.set_status(phantom.APP_SUCCESS,
+                                        f"Deleted {resources_affected} rules")
+
+    def _handle_delete_ioa_rule_group(self, param):
+        self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        ids_str = param['id']
+        ids_list = phantom.get_list_from_string(ids_str)
+        ids_param = ','.join(ids_list)
+        params = {
+            'ids': ids_param
+        }
+        ret_val, resp_json = self._make_rest_call_helper_oauth2(
+            action_result,
+            CROWDSTRIKE_IOA_CREATE_RULE_GROUP_ENDPOINT,
+            params=params,
+            method='delete'
+        )
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        action_result.add_data(resp_json)
+
+        resources_affected = resp_json['meta']['writes']['resources_affected']
+        action_result.update_summary({
+            'resources_affected': resources_affected
+        })
+
+        return action_result.set_status(phantom.APP_SUCCESS,
+                                        f"Deleted {resources_affected} rule groups")
+
     def _handle_delete_session(self, param):
         self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
         action_result = self.add_action_result(ActionResult(dict(param)))
@@ -1760,6 +1995,184 @@ def _handle_update_detections(self, param):
 
         return action_result.set_status(phantom.APP_SUCCESS)
 
+    def _handle_list_ioa_platforms(self, param):
+        self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        # We'll paginate here, just to be future-proof, but we probably won't ever need it.
+        # Default page size is 100, and there are currently only three supported platforms.
+        params = {}
+        total_rows = 0
+        offset = -1
+        results = []
+        while offset < total_rows:
+            if offset >= 0:
+                params['offset'] = offset
+
+            ret_val, resp_json = self._make_rest_call_helper_oauth2(
+                action_result,
+                CROWDSTRIKE_IOA_LIST_PLATFORMS_ENDPOINT,
+                params=params,
+                method='get'
+            )
+
+            if phantom.is_fail(ret_val):
+                return action_result.get_status()
+
+            results += resp_json['resources']
+
+            total_rows = resp_json['meta']['pagination']['total']
+            offset = resp_json['meta']['pagination']['offset']
+
+        resp_json['resources'] = results
+        action_result.add_data(resp_json)
+
+        action_result.update_summary({
+            'result_count': total_rows
+        })
+
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_list_ioa_rule_groups(self, param):
+        self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        params = {}
+        if 'fql_query' in param:
+            # CrowdStrike allows spaces in FQL queries, but not if they are URL-encoded.
+            # So we strip them all.
+            params['filter'] = param['fql_query'].replace(' ', '')
+
+        total_rows = 0
+        offset = -1
+        results = []
+        while offset < total_rows:
+            if offset >= 0:
+                params['offset'] = offset
+
+            ret_val, resp_json = self._make_rest_call_helper_oauth2(
+                action_result,
+                CROWDSTRIKE_IOA_QUERY_RULE_GROUPS_ENDPOINT,
+                params=params,
+                method='get'
+            )
+
+            if phantom.is_fail(ret_val):
+                return action_result.get_status()
+
+            results += resp_json['resources']
+
+            total_rows = resp_json['meta']['pagination']['total']
+            offset = resp_json['meta']['pagination']['offset']
+
+        resp_json['resources'] = results
+        action_result.add_data(resp_json)
+
+        action_result.update_summary({
+            'result_count': total_rows
+        })
+
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_list_ioa_severities(self, param):
+        self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        # We'll paginate here, just to be future-proof, but we probably won't ever need it.
+        # Default page size is 100, and there are currently only five values.
+        params = {}
+        total_rows = 0
+        offset = -1
+        results = []
+        while offset < total_rows:
+            if offset >= 0:
+                params['offset'] = offset
+
+            ret_val, resp_json = self._make_rest_call_helper_oauth2(
+                action_result,
+                CROWDSTRIKE_IOA_LIST_SEVERITIES_ENDPOINT,
+                params=params,
+                method='get'
+            )
+
+            if phantom.is_fail(ret_val):
+                return action_result.get_status()
+
+            results += resp_json['resources']
+
+            total_rows = resp_json['meta']['pagination']['total']
+            offset = resp_json['meta']['pagination']['offset']
+
+        resp_json['resources'] = results
+        action_result.add_data(resp_json)
+
+        action_result.update_summary({
+            'result_count': total_rows
+        })
+
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_list_ioa_types(self, param):
+        self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        platform_filter = param.get('platform')
+
+        # We'll paginate here, just to be future-proof, but we probably won't ever need it.
+        # Default page size is 100, and there are currently only a dozen values or so.
+        params = {}
+        total_rows = 0
+        offset = -1
+        results = []
+        while offset < total_rows:
+            if offset >= 0:
+                params['offset'] = offset
+
+            ret_val, resp_json = self._make_rest_call_helper_oauth2(
+                action_result,
+                CROWDSTRIKE_IOA_LIST_TYPES_ENDPOINT,
+                params=params,
+                method='get'
+            )
+
+            if phantom.is_fail(ret_val):
+                return action_result.get_status()
+
+            next_ret_val, next_resp_json = self._make_rest_call_helper_oauth2(
+                action_result,
+                CROWDSTRIKE_IOA_GET_TYPE_ENDPOINT,
+                params={'ids': resp_json['resources']},
+                method='get'
+            )
+
+            if phantom.is_fail(next_ret_val):
+                return action_result.get_status()
+
+            for resource in next_resp_json['resources']:
+                resource['fields_pretty'] = json.dumps(resource['fields'], indent=2)
+
+            if platform_filter:
+                results += [
+                    resource for resource in next_resp_json['resources']
+                    if resource['platform'] == platform_filter
+                ]
+            else:
+                results += next_resp_json['resources']
+
+            total_rows = resp_json['meta']['pagination']['total']
+            offset = resp_json['meta']['pagination']['offset']
+
+        resp_json['resources'] = results
+        total_rows = len(results)
+        resp_json['meta']['pagination']['total'] = total_rows
+        action_result.add_data(resp_json)
+
+        action_result.update_summary({
+            'result_count': total_rows
+        })
+
+        return action_result.set_status(phantom.APP_SUCCESS)
+
     def _handle_list_sessions(self, param):
 
         self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
@@ -2442,6 +2855,157 @@ def _handle_upload_iocs(self, param):
 
         return action_result.set_status(phantom.APP_SUCCESS, CROWDSTRIKE_SUCC_POST_ALERT)
 
+    def _handle_update_ioa_rule(self, param):
+        self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        try:
+            field_values = json.loads(param['field_values'])
+        except json.JSONDecodeError as e:
+            return action_result.set_status(
+                phantom.APP_ERROR,
+                f'Failed to parse field_values: {e}'
+            )
+
+        update_params = {
+            'rulegroup_id': param['rule_group_id'],
+            'rulegroup_version': param['rule_group_version'],
+            'instance_version': param['rule_version'],
+            'rule_updates': [
+                {
+                    'instance_id': param['rule_id'],
+                    'pattern_severity': param['severity'],
+                    'enabled': param.get('enabled', False),
+                    'name': param['name'],
+                    'description': param['description'],
+                    'disposition_id': param['disposition_id'],
+                    'field_values': field_values
+                }
+            ]
+        }
+        update_comment = param.get('comment')
+        if update_comment:
+            update_params['comment'] = update_comment
+
+        ret_val, resp_json = self._make_rest_call_helper_oauth2(
+            action_result,
+            CROWDSTRIKE_IOA_CREATE_RULE_ENDPOINT,
+            json_data=update_params,
+            method='patch'
+        )
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        rulegroup_id = resp_json['resources'][0]['id']
+        rulegroup_version = 0
+        rule_id = param['rule_id']
+        rule_version = 0
+
+        for rule in resp_json['resources'][0]['rules']:
+            if rule['instance_id'] == rule_id:
+                rulegroup_version = rule['magic_cookie']
+                rule_version = rule['instance_version']
+
+        action_result.add_data(resp_json)
+
+        action_result.update_summary({
+            'rule_group_id': rulegroup_id,
+            'rule_group_version': rulegroup_version,
+            'rule_id': rule_id,
+            'rule_version': rule_version
+        })
+
+        return action_result.set_status(phantom.APP_SUCCESS, "Rule updated successfully")
+
+    def _handle_update_ioa_rule_group(self, param):
+        self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        update_params = {
+            'id': param['id'],
+            'rulegroup_version': param['version'],
+            'name': param['name'],
+            'description': param['description'],
+            'enabled': param.get('enabled', False),
+            'comment': param['comment']
+        }
+        ret_val, resp_json = self._make_rest_call_helper_oauth2(
+            action_result,
+            CROWDSTRIKE_IOA_CREATE_RULE_GROUP_ENDPOINT,
+            json_data=update_params,
+            method='patch'
+        )
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        rulegroup_id = resp_json['resources'][0]['id']
+
+        assign_policy_ids_str = param.get('assign_policy_id', '')
+        assign_policy_ids_list = phantom.get_list_from_string(assign_policy_ids_str)
+        for policy_id in assign_policy_ids_list:
+            assign_params = {
+                'action_parameters': [
+                    {
+                        'name': 'rule_group_id',
+                        'value': rulegroup_id
+                    }
+                ],
+                'ids': [
+                    policy_id
+                ]
+            }
+            assign_ret_val, assign_resp_json = self._make_rest_call_helper_oauth2(
+                action_result,
+                CROWDSTRIKE_UPDATE_PREVENTION_ACTIONS_ENDPOINT,
+                params={
+                    'action_name': 'add-rule-group'
+                },
+                json_data=assign_params,
+                method='post'
+            )
+
+            if phantom.is_fail(assign_ret_val):
+                return action_result.get_status()
+
+        remove_policy_ids_str = param.get('remove_policy_id', '')
+        remove_policy_ids_list = phantom.get_list_from_string(remove_policy_ids_str)
+        for policy_id in remove_policy_ids_list:
+            remove_params = {
+                'action_parameters': [
+                    {
+                        'name': 'rule_group_id',
+                        'value': rulegroup_id
+                    }
+                ],
+                'ids': [
+                    policy_id
+                ]
+            }
+            remove_ret_val, remove_resp_json = self._make_rest_call_helper_oauth2(
+                action_result,
+                CROWDSTRIKE_UPDATE_PREVENTION_ACTIONS_ENDPOINT,
+                params={
+                    'action_name': 'remove-rule-group'
+                },
+                json_data=remove_params,
+                method='post'
+            )
+
+            if phantom.is_fail(remove_ret_val):
+                return action_result.get_status()
+
+        resp_json['resources'][0]['assigned_policy_ids'] = assign_policy_ids_list
+        resp_json['resources'][0]['removed_policy_ids'] = remove_policy_ids_list
+        action_result.add_data(resp_json)
+
+        action_result.update_summary({
+            'rule_group_id': rulegroup_id
+        })
+
+        return action_result.set_status(phantom.APP_SUCCESS, "Rule group updated successfully")
+
     def _handle_update_iocs(self, param):
 
         # Add an action result to the App Run
@@ -3572,7 +4136,17 @@ def handle_action(self, param):
             'detonate_url': self._handle_detonate_url,
             'check_detonate_status': self._handle_check_detonate_status,
             'get_device_scroll': self._handle_get_device_scroll,
-            'get_zta_data': self._handle_get_zta_data
+            'get_zta_data': self._handle_get_zta_data,
+            'create_ioa_rule_group': self._handle_create_ioa_rule_group,
+            'update_ioa_rule_group': self._handle_update_ioa_rule_group,
+            'delete_ioa_rule_group': self._handle_delete_ioa_rule_group,
+            'list_ioa_rule_groups': self._handle_list_ioa_rule_groups,
+            'list_ioa_platforms': self._handle_list_ioa_platforms,
+            'list_ioa_severities': self._handle_list_ioa_severities,
+            'list_ioa_types': self._handle_list_ioa_types,
+            'create_ioa_rule': self._handle_create_ioa_rule,
+            'update_ioa_rule': self._handle_update_ioa_rule,
+            'delete_ioa_rule': self._handle_delete_ioa_rule
         }
 
         action = self.get_action_identifier()
diff --git a/crowdstrikeoauthapi_consts.py b/crowdstrikeoauthapi_consts.py
index dbac3d4..c2fc0d7 100644
--- a/crowdstrikeoauthapi_consts.py
+++ b/crowdstrikeoauthapi_consts.py
@@ -1,6 +1,6 @@
 # File: crowdstrikeoauthapi_consts.py
 #
-# Copyright (c) 2019-2023 Splunk Inc.
+# Copyright (c) 2019-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -217,3 +217,13 @@
     "closed",
     "reopened"
 ]
+
+CROWDSTRIKE_IOA_CREATE_RULE_GROUP_ENDPOINT = "/ioarules/entities/rule-groups/v1"
+CROWDSTRIKE_IOA_QUERY_RULE_GROUPS_ENDPOINT = "/ioarules/queries/rule-groups-full/v1"
+CROWDSTRIKE_IOA_LIST_PLATFORMS_ENDPOINT = "/ioarules/queries/platforms/v1"
+CROWDSTRIKE_IOA_LIST_SEVERITIES_ENDPOINT = "/ioarules/queries/pattern-severities/v1"
+CROWDSTRIKE_IOA_LIST_TYPES_ENDPOINT = "/ioarules/queries/rule-types/v1"
+CROWDSTRIKE_IOA_GET_TYPE_ENDPOINT = "/ioarules/entities/rule-types/v1"
+CROWDSTRIKE_IOA_CREATE_RULE_ENDPOINT = "/ioarules/entities/rules/v1"
+
+CROWDSTRIKE_UPDATE_PREVENTION_ACTIONS_ENDPOINT = "/policy/entities/prevention-actions/v1"
diff --git a/manual_readme_content.md b/manual_readme_content.md
index 29d638f..e4356ee 100644
--- a/manual_readme_content.md
+++ b/manual_readme_content.md
@@ -1,5 +1,5 @@
 [comment]: # " File: README.md"
-[comment]: # "  Copyright (c) 2019-2023 Splunk Inc."
+[comment]: # "  Copyright (c) 2019-2024 Splunk Inc."
 [comment]: # ""
 [comment]: # "  Licensed under Apache 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt)"
 [comment]: # ""
diff --git a/parse_cs_events.py b/parse_cs_events.py
index afd91f2..1f61c67 100644
--- a/parse_cs_events.py
+++ b/parse_cs_events.py
@@ -1,6 +1,6 @@
 # File: parse_cs_events.py
 #
-# Copyright (c) 2019-2023 Splunk Inc.
+# Copyright (c) 2019-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
diff --git a/release_notes/4.2.0.md b/release_notes/4.2.0.md
new file mode 100644
index 0000000..7a755f5
--- /dev/null
+++ b/release_notes/4.2.0.md
@@ -0,0 +1,12 @@
+* Add the following actions to manage CrowdStrike IOA Rule Groups [PAPP-33058]
+    * list ioa platforms
+    * create ioa rule group
+    * list ioa rule groups
+    * update ioa rule group
+    * delete ioa rule group
+* Add the following actions to manage IOA Rules [PAPP-33233]
+    * list ioa severities
+    * list ioa types
+    * create ioa rule
+    * update ioa rule
+    * delete ioa rule
\ No newline at end of file