Find Hosts That Observed IOC - Blink Documentation

Find hosts that have observed a given custom Indicator of Compromise (IOC). IOC is a piece of digital forensics (identification, investigation, and remediation of cyberattacks) that suggests that an endpoint or network may have been breached. You can find the custom indicators in the IOC Management page. The following permissions are required to run this action:

IOC Management: Read and Write.
IOCs (Indicators of Compromise): Read.

External DocumentationTo learn more, visit the CrowdStrike documentation.

Basic Parameters

Parameter	Description
Indicator Type	The type of indicator used to search for hosts.
Return All Pages	Automatically fetch all resources, page by page.
Value	The string representation of the indicator, can be obtained by using the `Get Indicator Details` action.

Advanced Parameters

Parameter	Description
Limit	Maximum number of hosts to return in the response.
Offset	The offset at which to start record retrieval. Use with the `Limit` parameter to manage pagination of results.

Example Output

{
  "meta": {
    "query_time": 7.444444,
    "pagination": {
      "offset": "",
      "limit": 100
    },
    "trace_id": ""0000000-00000-0000-0000-000000000000"",
    "entity": "/path/to/device{?ids*}"
  },
  "resources": [
    "000000111111222233333"
  ],
  "errors": []
}

Workflow Library Example

Find Hosts That Observed Ioc with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Basic Parameters

​Advanced Parameters

​Example Output

​Workflow Library Example

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example