This endpoint does not support detection IDs prefixed with ldt.

To learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
Alert IDsComma separated list of alert IDs to get details on. This endpoint does not support detection IDs prefixed with ldt.

Example Output

{    "meta": {        "query_time": 0.004553092,        "writes": {            "resources_affected": 0        },        "powered_by": "detectsapi",        "trace_id": "e3a17704-d33e-4f70-a769-6a3ddc01844f"    },    "errors": [],    "resources": [        {            "activity_id": "3D14C6B6-XXXX-460EC4FCD27D",            "aggregate_id": "aggind:dca1XXXX1660:097877B9-C71F-42C7-A836-2944D119B6CB",            "cid": "0123456789ABCDEFGHIJKLMNOPQRSTUV-WX",            "composite_id": "28a1xxxxxxxx3914:ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-1930xxxxxxxx9544",            "confidence": 30,            "context_timestamp": "2022-05-15T10:32:00.000Z",            "created_timestamp": "2022-05-15T11:34:56.887790892Z",            "description": "User access from an unusual location",            "display_name": "Unusual user geolocation",            "end_time": "2022-05-15T10:32:00.000Z",            "falcon_host_link": "https://falcon.crowdstrike.com/identity-protection/detections/dca1xxxx1660",            "id": "ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-1930xxxxxxxx9544",            "location_country_code": "US",            "name": "AnomalousGeoLocationAccess",            "objective": "Gain Access",            "okta_application_id": "0oa1xxxxL5d7",            "pattern_id": 51125,            "product": "idp",            "scenario": "machine_learning",            "severity": 31,            "show_in_ui": true,            "source_account_name": "demo.user@example.com",            "source_account_okta_id": "00u4xxxxf5d7",            "source_endpoint_address_ip4": "192.0.2.100",            "source_endpoint_ip_address": "192.0.2.100",            "sso_application_identifier": "Okta Admin Console",            "sso_application_uri": "0oa1xxxxL5d7",            "start_time": "2022-05-15T10:32:00.000Z",            "status": "new",            "tactic": "Initial Access",            "tactic_id": "TA0001",            "technique": "Valid Accounts",            "technique_id": "T1078",            "timestamp": "2022-05-15T10:34:56.509Z",            "type": "idp-session-source-user-endpoint-target-info",            "updated_timestamp": "2022-05-15T11:34:56.887790892Z"        }    ]}

Workflow Library Example

Get Alert Details with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop