Closed datorr2 closed 4 months ago
Thanks! I'm out of the office but I will take a look at this next week.
@datorr2
I've implemented a draft of your suggestion that uses an array of Hashtable values to supply the name and value. Example:
Invoke-FalconIncidentAction -Action @{ add_tag = 'example_tag' },@{ update_status = 'closed' } -Id <id>,<id>
You can also supply the proper integer value for update_status
like so:
Invoke-FalconIncidentAction -Action @{ add_tag = 'example_tag' },@{ update_status = 40 } -Id <id>,<id>
I chose [hashtable[]]
because I've seen it used in other PowerShell commands, so it fit PowerShell style and was a bit easier for me to validate.
Looks fine and makes sense to me.
For the record: A single hashtable with multiple action/values would be simpler for the user, but I just figured the array of hashtables would be most consistent with how the API works and would require the least amount of work to the module code.
Thanks for the suggestion and your feedback! I have added the Action
parameter to both Invoke-FalconAlertAction
and Invoke-FalconIncidentAction
, along with a supporting private function (Test-ActionParameter
) that is used to validate user input.
These changes will be available in the next PSFalcon release.
Description of your enhancement Both of the following API calls:
PATCH /alerts/entities/alerts/v3
POST /incidents/entities/incident-actions/v1
... allow for multiple Name/Value pairs in an array to group multiple actions in one API call, instead of having to make multiple API calls for each action.
It would be nice to be able to provide an array of name/value hashes to a parameter, perhaps called
-Action
.How it would work
Expected result All applicable incidents are modified.
Additional context Body for Incident Actions:
Body for Alert Actions: