Get the information and properties of an adversary.

The following permissions are required to run this action:

  • Actors (Falcon Intelligence): Read.

External Documentation

To learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
Adversary IDsA comma-separated list of adversary IDs to get information of.
FieldsSpecify which fields to return for each item. You can select individual fields (for example, id, name or slug), or use pre-defined field collections in the format __collection__.

If no fields are specified, the default __basic__ collection will be returned.

Valid fields include: id, name, slug, url, short_description, description, rich_text_description, created_date, last_modified_date, first_activity_date, last_activity_date, image, thumbnail, known_as, kill_chain, target_industries, target_countries, origins and motivations.

Example Output

{
	"meta": {
		"query_time": 0.363
	},
	"resources": [
		{
			"id": 1234567,
			"name": "Anchor Panda",
			"slug": "anchor-panda",
			"url": "https://falcon.crowdstrike.com/actor/anchor-panda",
			"short_description": "Short version of the HTML Some long text.... (stripped html)",
			"description": "Some long text.... (stripped html)",
			"rich_text_description": "HTML Some long text",
			"created_date": 1234567890,
			"first_activity_date": 11122334455,
			"last_modified_date": 1234567890,
			"last_activity_date": 1234567890,
			"active": true,
			"image": {
				"url": "//cdn.crowdstrike.com/image/path.jpeg",
				"width": 300,
				"height": 200
			},
			"thumbnail": {
				"url": "//cdn.crowdstrike.com/thumb/path.jpeg",
				"width": 300,
				"height": 200
			},
			"known_as": "QAZ Team",
			"kill_chain": {
				"reconnaissance": "<p>....escaped html here...</p>",
				"weaponization": "<p>....escaped html here...</p>",
				"delivery": "<p>....escaped html here...</p>",
				"exploitation": "<p>....escaped html here...</p>",
				"installation": "<p>....escaped html here...</p>",
				"command_and_control": "<p>....escaped html here...</p>",
				"actions_and_objects": "<p>....escaped html here...</p>"
			},
			"target_industries": [
				{
					"id": 12345,
					"value": "Aerospace"
				},
				{
					"id": 12345,
					"value": "Chemical"
				}
			],
			"capability": {
				"id": 12345,
				"value": "Below Average"
			},
			"group": {
				"id": 12345,
				"value": "Panda Gang"
			},
			"region": {
				"id": 12345,
				"value": "East Asia"
			},
			"origins": [
				{
					"id": 12345,
					"value": "China"
				}
			],
			"target_countries": [
				{
					"id": 12345,
					"value": "United States"
				}
			],
			"motivations": [
				{
					"id": 12345,
					"value": "great"
				},
				{
					"id": 12345,
					"value": "list"
				},
				{
					"id": 12345,
					"value": "of reasons"
				}
			]
		}
	]
}

Workflow Library Example

Get Adversaries with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop