Skip to main content
Get the properties of an adversary intel report. Note: Verify operation success by checking the response body. If the resources property is empty, the action failed. This typically indicates invalid parameters. The following permissions are required to run this action:
  • Reports (Falcon Intelligence): Read.
External DocumentationTo learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
Adversary IDThe unique identifier of the required adversary.
FieldsSpecify which fields to return for each item. You can select individual fields (for example, id, name or slug), or use pre-defined field collections in the format __collection__.

If no fields are specified, the default __basic__ collection will be returned.

Valid fields include: id, name, slug, type, sub_type, url, short_description, description, rich_text_description, created_date, last_modified_date, image, thumbnail, attachments, actors, tags, target_industries, target_countries and motivations.

Example Output

{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string"
		}
	],
	"meta": {
		"pagination": {
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"trace_id": "string",
		"writes": {
			"resources_affected": 0
		}
	},
	"resources": [
		{
			"active": false,
			"actors": [
				{
					"id": 0,
					"name": "string",
					"slug": "string",
					"thumbnail": {
						"height": 0,
						"url": "string",
						"width": 0
					},
					"url": "string"
				}
			],
			"attachments": [
				{
					"id": 0,
					"url": "string"
				}
			],
			"created_date": 0,
			"description": "string",
			"entitlements": [
				{
					"id": 0,
					"name": "string",
					"slug": "string",
					"value": "string"
				}
			],
			"id": 0,
			"image": {
				"height": 0,
				"url": "string",
				"width": 0
			},
			"last_modified_date": 0,
			"motivations": [
				{
					"id": 0,
					"name": "string",
					"slug": "string",
					"value": "string"
				}
			],
			"name": "string",
			"notify_users": false,
			"rich_text_description": "string",
			"short_description": "string",
			"slug": "string",
			"sub_type": {
				"id": 0,
				"name": "string",
				"slug": "string",
				"value": "string"
			},
			"tags": [
				{
					"id": 0,
					"name": "string",
					"slug": "string",
					"value": "string"
				}
			],
			"target_countries": [
				{
					"id": 0,
					"name": "string",
					"slug": "string",
					"value": "string"
				}
			],
			"target_industries": [
				{
					"id": 0,
					"name": "string",
					"slug": "string",
					"value": "string"
				}
			],
			"thumbnail": {
				"height": 0,
				"url": "string",
				"width": 0
			},
			"topic": {
				"id": 0,
				"name": "string",
				"slug": "string",
				"value": "string"
			},
			"type": {
				"id": 0,
				"name": "string",
				"slug": "string",
				"value": "string"
			},
			"url": "string"
		}
	]
}

Workflow Library Example

Get Adversary Report with Crowdstrike and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop
I