Test FalconIoaRule

Test-FalconIoaRule

SYNOPSIS

Validate fields and patterns of a custom Indicator of Attack rule

DESCRIPTION

Requires 'Custom IOA Rules: Write'.

PARAMETERS

Name	Type	Min	Max	Allowed	Pipeline	PipelineByName	Description
Field	Object[]					X	An array of rule properties

SYNTAX

Test-FalconIoaRule [-Field] <Object[]> [-WhatIf] [-Confirm] [<CommonParameters>]

USAGE

Validating field values

$Field = @(
    @{
        label = 'Grandparent Image Filename'
        name = 'GrandparentImageFilename'
        type = 'excludable'
        values = @(
            @{
                label = 'include'
                value = '.+attacker.exe'
            }
        )
    }
)
Test-FalconIoaRule -Field $Field

2022-10-10: PSFalcon v2.2.3

Using PSFalcon
Commands by Permission
Other Commands
Examples
- Code Examples
- Samples
CrowdStrike SDKs
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Test FalconIoaRule

Test-FalconIoaRule

SYNOPSIS

DESCRIPTION

PARAMETERS

SYNTAX

USAGE

Validating field values

Clone this wiki locally