Actions
Find Hosts That Observed IOC
Find hosts that have observed a given custom Indicator of Compromise (IOC). IOC is a piece of digital forensics (identification, investigation, and remediation of cyberattacks) that suggests that an endpoint or network may have been breached. You can find the custom indicators in the IOC Management page.
The following permissions are required to run this action:
IOC Management
: Read and Write.IOCs (Indicators of Compromise)
: Read.
External Documentation
To learn more, visit the CrowdStrike documentation.
Basic Parameters
Parameter | Description |
---|---|
Indicator Type | The type of indicator used to search for hosts. |
Return All Pages | Automatically fetch all resources, page by page. |
Value | The string representation of the indicator, can be obtained by using the Get Indicator Details action. |
Advanced Parameters
Parameter | Description |
---|---|
Limit | Maximum number of hosts to return in the response. |
Offset | The offset at which to start record retrieval.Use with the Limit parameter to manage pagination of results. |
Example Output
Workflow Library Example
Search Crowdstrike Ioc Across Devices
Preview this Workflow on desktop
Was this page helpful?