IOC
Searching, creating, and deleting custom IOCs using Falcon IOC Service Collection endpoints
API Scopes
Section titled “API Scopes”IOC Management:readIOC Management:write
falcon_add_ioc
Section titled “falcon_add_ioc”Required scopes: IOC Management:write
Create one or more custom IOCs.
Example prompts:
- “Block the domain evil.example.com”
- “Add a SHA256 hash IOC with prevent action”
falcon_remove_iocs
Section titled “falcon_remove_iocs”Required scopes: IOC Management:write
Remove custom IOCs by IDs or FQL filter.
Example prompts:
- “Delete IOC with ID abc123”
- “Remove all expired IOCs”
falcon_search_iocs
Section titled “falcon_search_iocs”Required scopes: IOC Management:read
Search custom IOCs and return full IOC details.
Example prompts:
- “Find all active domain IOCs”
- “Show me SHA256 hash IOCs with prevent action”
Resources
Section titled “Resources”falcon://ioc/search/fql-guide: Contains the guide for thefilterparam of thefalcon_search_iocstool.