Find domains associated with malicious activity.

The following permissions are required to run this action:

  • Indicators (Falcon Indicator Graph): Read.

External Documentation

To learn more, visit the CrowdStrike documentation.

Basic Parameters

ParameterDescription
FilterFilter the results by a FQL query.For a complete list of filterable properties and syntax guidance, refer to the CrowdStrike API documentation.
Sort ByThe field to sort the results by.
Sort OrderThe direction in which to sort the results.

Advanced Parameters

ParameterDescription
LimitThe number of results to return. Valid range is 0 - 100.

Example Output

{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string"
		}
	],
	"meta": {
		"pagination": {
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"trace_id": "string",
		"writes": {
			"resources_affected": 0
		}
	},
	"resources": [
		{
			"Adversaries": [
				{
					"Name": "string"
				}
			],
			"AffectedCustomers": "string",
			"Certificates": [
				{
					"CertificateHash": "string",
					"CommonName": "string",
					"EmailAddress": "string",
					"IssuerCommonName": "string",
					"Organization": "string",
					"PublicKeyType": "string",
					"SignatureAlgorithm": "string",
					"Subject": "string"
				}
			],
			"Countries": [
				{
					"CountryCode": "string",
					"Name": "string"
				}
			],
			"DomainDetails": {
				"CreationDate": "string",
				"Domain": "string",
				"DomainUpdatedDate": "string",
				"EmailAddresses": [
					{
						"Address": "string",
						"ContactRole": "string",
						"Source": "string"
					}
				],
				"ExpirationDate": "string",
				"IPv4Addresses": [
					{
						"ASN": [
							0
						],
						"IPProperties": [
							"string"
						],
						"IPv4": "string",
						"ISP": "string"
					}
				],
				"IPv6Addresses": [
					{
						"ASN": [
							0
						],
						"IPProperties": [
							"string"
						],
						"IPv6": "string",
						"ISP": "string"
					}
				],
				"MXRecords": [
					{
						"Domain": "string",
						"Hostname": "string",
						"IPv4Addresses": [
							{
								"ASN": [
									0
								],
								"IPProperties": [
									"string"
								],
								"IPv4": "string",
								"ISP": "string"
							}
						],
						"IPv6Addresses": [
							{
								"ASN": [
									0
								],
								"IPProperties": [
									"string"
								],
								"IPv6": "string",
								"ISP": "string"
							}
						],
						"Priority": 0
					}
				],
				"NameServers": [
					{
						"Domain": "string",
						"Hostname": "string",
						"IPAddresses": [
							{
								"ASN": [
									0
								],
								"IPProperties": [
									"string"
								],
								"IPv4": "string",
								"ISP": "string"
							}
						]
					}
				],
				"Registrar": "string",
				"RegistrarStatus": [
					"string"
				],
				"WhoIS": {
					"AdminContact": {
						"City": "string",
						"Country": "string",
						"Fax": "string",
						"Name": "string",
						"Org": "string",
						"Phone": "string",
						"PostalCode": "string",
						"State": "string",
						"Street": "string"
					},
					"BillingContact": {
						"City": "string",
						"Country": "string",
						"Fax": "string",
						"Name": "string",
						"Org": "string",
						"Phone": "string",
						"PostalCode": "string",
						"State": "string",
						"Street": "string"
					},
					"RegistrantContact": {
						"City": "string",
						"Country": "string",
						"Fax": "string",
						"Name": "string",
						"Org": "string",
						"Phone": "string",
						"PostalCode": "string",
						"State": "string",
						"Street": "string"
					},
					"TechnicalContact": {
						"City": "string",
						"Country": "string",
						"Fax": "string",
						"Name": "string",
						"Org": "string",
						"Phone": "string",
						"PostalCode": "string",
						"State": "string",
						"Street": "string"
					}
				}
			},
			"FileDetails": {
				"FileProperties": [
					"string"
				],
				"FileSize": 0,
				"FileType": [
					"string"
				],
				"MD5": "string",
				"MagicFileType": "string",
				"SHA1": "string",
				"SHA256": "string"
			},
			"FirstSeen": "string",
			"ID": "string",
			"IPv4Details": {
				"ASN": [
					0
				],
				"IPProperties": [
					"string"
				],
				"IPv4": "string",
				"ISP": "string"
			},
			"IPv6Details": {
				"ASN": [
					0
				],
				"IPProperties": [
					"string"
				],
				"IPv6": "string",
				"ISP": "string"
			},
			"KillChain": [
				"string"
			],
			"LastSeen": "string",
			"LastUpdated": "string",
			"MaliciousConfidence": "string",
			"MaliciousConfidenceValidatedTime": "string",
			"PublishDate": "string",
			"Reports": [
				{
					"Title": "string"
				}
			],
			"Sectors": [
				{
					"Definition": "string",
					"Name": "string"
				}
			],
			"ThreatTypes": [
				"string"
			],
			"Threats": [
				{
					"FamilyName": "string"
				}
			],
			"Type": "string",
			"URLDetails": {
				"URL": "string",
				"URLProperties": [
					"string"
				]
			},
			"Vulnerabilities": [
				{
					"CPEEdition": "string",
					"CPELanguage": "string",
					"CPEOther": "string",
					"CPEPart": "string",
					"CPEProduct": "string",
					"CPESoftwareEdition": "string",
					"CPETargetHardware": "string",
					"CPETargetSoftware": "string",
					"CPEUpdate": "string",
					"CPEVendor": "string",
					"CPEVersion": "string",
					"CVE": "string",
					"Description": "string",
					"ExploitStatus": "string",
					"LastUpdated": "string",
					"PublishedDate": "string"
				}
			]
		}
	]
}

Workflow Library Example

Find Malicious Domains with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop