Skip to content

Filtering detections for tactic and technique #196

Answered by bk-cs
Sl1m007 asked this question in Q&A
Discussion options

You must be logged in to vote

You need to add behaviors.tactic and/or behaviors.technique to the query.

Get-FalconDetection -Filter "status:'true_postive'+first_behavior:>'YYYY-MM-DD'+behaviors.tactic:'tactic'+behaviors.technique:'technique'" -Sort first_behavior.desc

See "Incident and Detection Monitoring APIs" for more examples. [ US-1 | US-2 | EU-1 | US-GOV-1 ]

Replies: 2 comments 4 replies

Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
4 replies
@Sl1m007
Comment options

@bk-cs
Comment options

@Sl1m007
Comment options

@bk-cs
Comment options

Answer selected by bk-cs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants