Set-S1IncidentStatus
SYNOPSIS
Update the incident status for threats in SentinelOne.
SYNTAX
Set-S1IncidentStatus [-Filter] <String> [-FilterValue] <String[]> [-incidentStatus] <String>
[<CommonParameters>]
DESCRIPTION
This function updates the incident status for threats in SentinelOne based on the specified filter and filter values. The incident status can be set to "unresolved", "in_progress", or "resolved".
EXAMPLES
EXAMPLE 1
Set-S1IncidentStatus -Filter "agentIds" -FilterValue @("agent1", "agent2") -incidentStatus "resolved"
Updates the incident status to "resolved" for the specified agents.
EXAMPLE 2
Set-S1IncidentStatus -Filter "ids" -FilterValue @("threat1", "threat2") -incidentStatus "in_progress"
Updates the incident status to "in_progress" for the specified threats.
EXAMPLE 3
Set-S1IncidentStatus -Filter "incidentStatusesNin" -FilterValue "unresolved" -incidentStatus "resolved"
Updates the incident status to "resolved" for all threats that are not currently unresolved.
PARAMETERS
-Filter
The filter type to select threats. Valid values are "agentIds", "incidentStatusesNin", or "ids".
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-FilterValue
The value(s) for the specified filter.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-incidentStatus
The new incident status to set. Valid values are "unresolved", "in_progress", or "resolved".
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.