Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Find domains associated with malicious activity. The following permissions are required to run this action:
  • Indicators (Falcon Indicator Graph): Read.
External DocumentationTo learn more, visit the CrowdStrike documentation.

Basic Parameters

ParameterDescription
FilterFilter the results by a FQL query.

For a complete list of filterable properties and syntax guidance, refer to the CrowdStrike API documentation.
Sort ByThe field to sort the results by.
Sort OrderThe direction in which to sort the results.

Advanced Parameters

ParameterDescription
LimitThe number of results to return. Valid range is 0 - 100.

Example Output

{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string"
		}
	],
	"meta": {
		"pagination": {
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"trace_id": "string",
		"writes": {
			"resources_affected": 0
		}
	},
	"resources": [
		{
			"Adversaries": [
				{
					"Name": "string"
				}
			],
			"AffectedCustomers": "string",
			"Certificates": [
				{
					"CertificateHash": "string",
					"CommonName": "string",
					"EmailAddress": "string",
					"IssuerCommonName": "string",
					"Organization": "string",
					"PublicKeyType": "string",
					"SignatureAlgorithm": "string",
					"Subject": "string"
				}
			],
			"Countries": [
				{
					"CountryCode": "string",
					"Name": "string"
				}
			],
			"DomainDetails": {
				"CreationDate": "string",
				"Domain": "string",
				"DomainUpdatedDate": "string",
				"EmailAddresses": [
					{
						"Address": "string",
						"ContactRole": "string",
						"Source": "string"
					}
				],
				"ExpirationDate": "string",
				"IPv4Addresses": [
					{
						"ASN": [
							0
						],
						"IPProperties": [
							"string"
						],
						"IPv4": "string",
						"ISP": "string"
					}
				],
				"IPv6Addresses": [
					{
						"ASN": [
							0
						],
						"IPProperties": [
							"string"
						],
						"IPv6": "string",
						"ISP": "string"
					}
				],
				"MXRecords": [
					{
						"Domain": "string",
						"Hostname": "string",
						"IPv4Addresses": [
							{
								"ASN": [
									0
								],
								"IPProperties": [
									"string"
								],
								"IPv4": "string",
								"ISP": "string"
							}
						],
						"IPv6Addresses": [
							{
								"ASN": [
									0
								],
								"IPProperties": [
									"string"
								],
								"IPv6": "string",
								"ISP": "string"
							}
						],
						"Priority": 0
					}
				],
				"NameServers": [
					{
						"Domain": "string",
						"Hostname": "string",
						"IPAddresses": [
							{
								"ASN": [
									0
								],
								"IPProperties": [
									"string"
								],
								"IPv4": "string",
								"ISP": "string"
							}
						]
					}
				],
				"Registrar": "string",
				"RegistrarStatus": [
					"string"
				],
				"WhoIS": {
					"AdminContact": {
						"City": "string",
						"Country": "string",
						"Fax": "string",
						"Name": "string",
						"Org": "string",
						"Phone": "string",
						"PostalCode": "string",
						"State": "string",
						"Street": "string"
					},
					"BillingContact": {
						"City": "string",
						"Country": "string",
						"Fax": "string",
						"Name": "string",
						"Org": "string",
						"Phone": "string",
						"PostalCode": "string",
						"State": "string",
						"Street": "string"
					},
					"RegistrantContact": {
						"City": "string",
						"Country": "string",
						"Fax": "string",
						"Name": "string",
						"Org": "string",
						"Phone": "string",
						"PostalCode": "string",
						"State": "string",
						"Street": "string"
					},
					"TechnicalContact": {
						"City": "string",
						"Country": "string",
						"Fax": "string",
						"Name": "string",
						"Org": "string",
						"Phone": "string",
						"PostalCode": "string",
						"State": "string",
						"Street": "string"
					}
				}
			},
			"FileDetails": {
				"FileProperties": [
					"string"
				],
				"FileSize": 0,
				"FileType": [
					"string"
				],
				"MD5": "string",
				"MagicFileType": "string",
				"SHA1": "string",
				"SHA256": "string"
			},
			"FirstSeen": "string",
			"ID": "string",
			"IPv4Details": {
				"ASN": [
					0
				],
				"IPProperties": [
					"string"
				],
				"IPv4": "string",
				"ISP": "string"
			},
			"IPv6Details": {
				"ASN": [
					0
				],
				"IPProperties": [
					"string"
				],
				"IPv6": "string",
				"ISP": "string"
			},
			"KillChain": [
				"string"
			],
			"LastSeen": "string",
			"LastUpdated": "string",
			"MaliciousConfidence": "string",
			"MaliciousConfidenceValidatedTime": "string",
			"PublishDate": "string",
			"Reports": [
				{
					"Title": "string"
				}
			],
			"Sectors": [
				{
					"Definition": "string",
					"Name": "string"
				}
			],
			"ThreatTypes": [
				"string"
			],
			"Threats": [
				{
					"FamilyName": "string"
				}
			],
			"Type": "string",
			"URLDetails": {
				"URL": "string",
				"URLProperties": [
					"string"
				]
			},
			"Vulnerabilities": [
				{
					"CPEEdition": "string",
					"CPELanguage": "string",
					"CPEOther": "string",
					"CPEPart": "string",
					"CPEProduct": "string",
					"CPESoftwareEdition": "string",
					"CPETargetHardware": "string",
					"CPETargetSoftware": "string",
					"CPEUpdate": "string",
					"CPEVendor": "string",
					"CPEVersion": "string",
					"CVE": "string",
					"Description": "string",
					"ExploitStatus": "string",
					"LastUpdated": "string",
					"PublishedDate": "string"
				}
			]
		}
	]
}

Workflow Library Example

Find Malicious Domains with Crowdstrike and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop