Invoke FalconIncidentAction
Perform actions on incidents
Requires 'Incidents: Write'.
| Name | Type | Min | Max | Allowed | Pipeline | PipelineByName | Description |
|---|---|---|---|---|---|---|---|
| Name | String |
add_tagdelete_tagunassignupdate_descriptionupdate_nameupdate_statusupdate_assigned_to_v2
|
Action to perform | ||||
| Value | String | Value for the chosen action | |||||
| UpdateDetects | Boolean | Update status of related 'new' detections | |||||
| OverwriteDetects | Boolean | Replace existing status for related detections | |||||
| Id | String[] | X | X | Incident identifier |
Invoke-FalconIncidentAction [-Name] <String> [-Value] <String> [[-UpdateDetects] <Boolean>] [[-OverwriteDetects] <Boolean>] [-Id] <String[]> [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-FalconIncidentAction -Name update_status -Value in_progress -Id <id>, <id>Invoke-FalconIncidentAction -Name update_status -Value in_progress -Id <id>, <id> -UpdateDetects $true -OverwriteDetects $true2022-10-31: PSFalcon v2.2.3
