intel_rule_info
Search for and retrieve details about Intel rules in the CrowdStrike Falcon platform.
Parameters
Section titled “Parameters”| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
description | list | No | Substring match on the description field. | |
limit | int | No | The maximum number of rule IDs to return. [integer, 1-5000] | |
name | list | No | Search by rule title. | |
q | str | No | Perform a generic substring search across all fields. | |
sort | str | No | The property to sort by in FQL (Falcon Query Language) syntax (e.g. created_date|asc). See the L(FalconPy documentation,https://www.falconpy.io/Usage/Falcon-Query-Language.html#using-fql-in-a-sort) | |
tags | list | No | Search for rule tags. | |
type | str | Yes | The rule news report type. common-event-format netwitness snort-suricata-changelog snort-suricata-master snort-suricata-update yara-changelog yara-master yara-update cql-master cql-changelog cql-update |
Examples
Section titled “Examples”- name: Get details on the latest 50 YARA rules crowdstrike.falcon.intel_rule_info: type: "yara-master" limit: 50 sort: "created_date|desc"
- name: Get Snort/Suricata rules with a specific description pattern crowdstrike.falcon.intel_rule_info: type: "snort-suricata-master" description: - "FANCY BEAR"
- name: Search for rules with specific tags crowdstrike.falcon.intel_rule_info: type: "yara-master" tags: - "intel_feed" - "yara"Return Values
Section titled “Return Values”| Key | Type | Description |
|---|---|---|
rules | L |