Check the status of any scheduled MalQuery operation (hunt or exact-search) and retrieve results when completed.

External Documentation

To learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
Operation IDThe unique identifier of the required operation (hunt or exact-search operation).

Example Output

{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string",
			"type": "string"
		}
	],
	"meta": {
		"options": {
			"filter_filetypes": [
				"string"
			],
			"filter_meta": [
				"string"
			],
			"limit": 0,
			"max_date": "Limit results to files first seen before this date. The format is YYYY/MM/DD",
			"max_size": "Maximum file size. The value can be specified either in bytes or in multiples of KB/MB/GB. Examples: 128000, 1.3 KB, 8mb",
			"min_date": "Limit results to files first seen after this date. The format is YYYY/MM/DD",
			"min_size": "Minimum file size. The value can be specified either in bytes or in multiples of KB/MB/GB. Examples: 128000, 1.3 KB, 8mb"
		},
		"pagination": {
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"patterns": [
			{
				"type": "Pattern type. Accepted values: hex, ascii, wide",
				"value": "Pattern value"
			}
		],
		"powered_by": "string",
		"query_time": 0,
		"reqid": "Request ID returned after creating a hunt or exact search",
		"reqtype": "Request type. Possible values: hunt, search",
		"sample": "Sample ID",
		"stats": {
			"clean_count": 0,
			"malware_count": 0,
			"pua_count": 0,
			"total_count": 0,
			"unknown_count": 0
		},
		"status": "Request status. Possible values: inprogress, failed, done",
		"trace_id": "string",
		"writes": {
			"resources_affected": 0
		},
		"yara_rule": "YARA rule to be monitored"
	},
	"resources": [
		{
			"family": "Sample family",
			"filesize": 0,
			"filetype": "Sample file type",
			"first_seen": "Date when it was first seen",
			"ignore_reason": "Reason why the resource is ignored",
			"label": "Sample label",
			"label_confidence": "Resource label confidence",
			"md5": "Sample MD5",
			"pattern": "Search pattern",
			"pattern_type": "Search pattern type",
			"samples": [
				{
					"family": "Sample family",
					"filesize": 0,
					"filetype": "Sample file type",
					"first_seen": "Date when it was first seen",
					"label": "Sample label",
					"md5": "Sample MD5",
					"sha1": "Sample SHA1",
					"sha256": "Sample SHA256"
				}
			],
			"sha1": "Sample SHA1",
			"sha256": "Sample SHA256",
			"tags": [
				"string"
			],
			"yara_rule": "Search YARA rule",
			"yara_rules": [
				"string"
			]
		}
	]
}

Workflow Library Example

Check Malquery Operation Status with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop