Update Indicators
Update one or more individual indicators by IOC ID.
Include only the fields that need to be updated. Omit fields that you want left unchanged.
External Documentation
To learn more, visit the CrowdStrike documentation.
Parameters
| Parameter | Description |
|---|---|
| Comment | Leave a comment of the update in CrowdStrike. |
| Indicators Updated Objects | A list of indicator objects with the fields and new values to update in each indicator. Include only the fields that need to be updated. Omit fields that you want left unchanged. |
Example Output
{
"errors": [
{
"code": 0,
"id": "string",
"message": "string"
}
],
"meta": {
"pagination": {
"after": "string",
"limit": 0,
"offset": 0,
"total": 0
},
"powered_by": "string",
"query_time": 0,
"trace_id": "string"
},
"resources": [
{
"action": "string",
"applied_globally": false,
"created_by": "string",
"created_on": "date-time",
"deleted": false,
"description": "string",
"expiration": "date-time",
"expired": false,
"from_parent": false,
"host_groups": [
"string"
],
"id": "string",
"metadata": {
"av_hits": 0,
"company_name": "string",
"file_description": "string",
"file_version": "string",
"filename": "string",
"original_filename": "string",
"product_name": "string",
"product_version": "string",
"signed": false
},
"mobile_action": "string",
"modified_by": "string",
"modified_on": "date-time",
"parent_cid_name": "string",
"platforms": [
"string"
],
"severity": "string",
"source": "string",
"tags": [
"string"
],
"type": "string",
"value": "string"
}
]
}
Workflow Library Example
Update Indicators with Crowdstrike and Send Results Via Email
Preview this Workflow on desktop