Creates a custom indicator of compromise in CrowdStrike. You can specify what action to take when the IOC is detected in addition to its severity and what platforms to apply the rule to.

Target: CrowdStrike integration target or an HTTP Endpoint for "api.crowdstrike.com"

Account Key: None if using an integration-provided target, access token if using an HTTP Endpoint target

Steps:
[] Build the request payload and the authorization header
[] Request the IOC be created
[] Check if the API request succeeded:
[]> If it did, set the output variable
[]> If it didn't, output an error

More information about this API can be found in the CrowdStrike documentation.

CrowdStrike - Create Custom IOC