Get Adversaries - Blink Documentation

Parameters
Example Output
Workflow Library Example

Get the information and properties of an adversary. The following permissions are required to run this action:

Actors (Falcon Intelligence): Read.

External DocumentationTo learn more, visit the CrowdStrike documentation.

Parameters

Parameter Description

Adversary IDs A comma-separated list of adversary IDs to get information of.

Fields Specify which fields to return for each item. You can select individual fields (for example, id, name or slug), or use pre-defined field collections in the format __collection__.

If no fields are specified, the default __basic__ collection will be returned.

Valid fields include: id, name, slug, url, short_description, description, rich_text_description, created_date, last_modified_date, first_activity_date, last_activity_date, image, thumbnail, known_as, kill_chain, target_industries, target_countries, origins and motivations.

Parameter	Description
Adversary IDs	A comma-separated list of adversary IDs to get information of.
Fields	Specify which fields to return for each item. You can select individual fields (for example, `id`, `name` or `slug`), or use pre-defined field collections in the format `__collection__`. If no fields are specified, the default `__basic__` collection will be returned. Valid fields include: `id`, `name`, `slug`, `url`, `short_description`, `description`, `rich_text_description`, `created_date`, `last_modified_date`, `first_activity_date`, `last_activity_date`, `image`, `thumbnail`, `known_as`, `kill_chain`, `target_industries`, `target_countries`, `origins` and `motivations`.

Example Output

{
	"meta": {
		"query_time": 0.363
	},
	"resources": [
		{
			"id": 1234567,
			"name": "Anchor Panda",
			"slug": "anchor-panda",
			"url": "https://falcon.crowdstrike.com/actor/anchor-panda",
			"short_description": "Short version of the HTML Some long text.... (stripped html)",
			"description": "Some long text.... (stripped html)",
			"rich_text_description": "HTML Some long text",
			"created_date": 1234567890,
			"first_activity_date": 11122334455,
			"last_modified_date": 1234567890,
			"last_activity_date": 1234567890,
			"active": true,
			"image": {
				"url": "//cdn.crowdstrike.com/image/path.jpeg",
				"width": 300,
				"height": 200
			},
			"thumbnail": {
				"url": "//cdn.crowdstrike.com/thumb/path.jpeg",
				"width": 300,
				"height": 200
			},
			"known_as": "QAZ Team",
			"kill_chain": {
				"reconnaissance": "<p>....escaped html here...</p>",
				"weaponization": "<p>....escaped html here...</p>",
				"delivery": "<p>....escaped html here...</p>",
				"exploitation": "<p>....escaped html here...</p>",
				"installation": "<p>....escaped html here...</p>",
				"command_and_control": "<p>....escaped html here...</p>",
				"actions_and_objects": "<p>....escaped html here...</p>"
			},
			"target_industries": [
				{
					"id": 12345,
					"value": "Aerospace"
				},
				{
					"id": 12345,
					"value": "Chemical"
				}
			],
			"capability": {
				"id": 12345,
				"value": "Below Average"
			},
			"group": {
				"id": 12345,
				"value": "Panda Gang"
			},
			"region": {
				"id": 12345,
				"value": "East Asia"
			},
			"origins": [
				{
					"id": 12345,
					"value": "China"
				}
			],
			"target_countries": [
				{
					"id": 12345,
					"value": "United States"
				}
			],
			"motivations": [
				{
					"id": 12345,
					"value": "great"
				},
				{
					"id": 12345,
					"value": "list"
				},
				{
					"id": 12345,
					"value": "of reasons"
				}
			]
		}
	]
}

Workflow Library Example

Get Adversaries with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop

Find Malicious IPAddresses Get Adversary Report

⌘I

Integrations

​Parameters

​Example Output

​Workflow Library Example

Parameters

Example Output

Workflow Library Example