Update one or more individual indicators by IOC ID. Include only the fields that need to be updated. Omit fields that you want left unchanged. The following permission is required to run this action:
  • IOC Management: Read and Write.
External DocumentationTo learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
CommentLeave a comment of the update in CrowdStrike.
Indicators Updated ObjectsA list of indicator objects with the fields and new values to update in each indicator.
Include only the fields that need to be updated. Omit fields that you want left unchanged.

Example Output

{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string"
		}
	],
	"meta": {
		"pagination": {
			"after": "string",
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"trace_id": "string"
	},
	"resources": [
		{
			"action": "string",
			"applied_globally": false,
			"created_by": "string",
			"created_on": "date-time",
			"deleted": false,
			"description": "string",
			"expiration": "date-time",
			"expired": false,
			"from_parent": false,
			"host_groups": [
				"string"
			],
			"id": "string",
			"metadata": {
				"av_hits": 0,
				"company_name": "string",
				"file_description": "string",
				"file_version": "string",
				"filename": "string",
				"original_filename": "string",
				"product_name": "string",
				"product_version": "string",
				"signed": false
			},
			"mobile_action": "string",
			"modified_by": "string",
			"modified_on": "date-time",
			"parent_cid_name": "string",
			"platforms": [
				"string"
			],
			"severity": "string",
			"source": "string",
			"tags": [
				"string"
			],
			"type": "string",
			"value": "string"
		}
	]
}

Workflow Library Example

Update Indicators with Crowdstrike and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop