Perform Incident Action
Update the status or other aspects of one or more incidents. You can modify a maximum of 5,000 incidents in a request.
To learn more, visit the CrowdStrike documentation.
Parameters
| Parameter | Description |
|---|---|
| Action Parameters | A comma-separated list of the parameters for the prospective action.Each action_parameter value will be applied to each incident whose id is listed in Incident IDs.Action Parameters Name:- add_tag: Adds the associated value as a new tag on all the incidents of the Incident IDs list. |
-
delete_tag: Deletes tags matching the value from all the incidents in the Incident IDs list. -
unassign: Unassigns all users from all of the incidents in the Incident IDs list.This action does not require a value parameter. For example:“action_parameters”: [{“name”: “unassign”}] -
update_name: Updates the name to the parameter value of all the incidents in the Incident IDs list. -
update_assigned_to_v2: Assigns the user matching the UUID in the parameter value to all of the incidents in the Incident IDs list.Tip: For information on getting the UUID of a user, see Find existing users.-update_description: Updates the description to the parameter value of all the incidents listed in the Incident IDs list. -
update_status: Updates the status to the parameter value of all the incidents in the Incident IDs list.Valid status values are 20, 25, 30, or 40:- 20: New
- 25: Reopened
- 30: In Progress
- 40: Closed |
| Incident IDs | A comma-separated list of incident IDs to perform the action on. Can be obtained via the
List Incidentsaction. |
Example Output
Workflow Library Example
Perform Incident Action with Crowdstrike and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?