Skip to main content
Get detailed info about specific indicators. The Indicators ID can be obtained via the List Indicators action. The following permission is required to run this action:
  • IOC Management: Read and Write.
External DocumentationTo learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
IDThe IOC ID to get details on.

Example Output

{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string"
		}
	],
	"meta": {
		"pagination": {
			"after": "string",
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"trace_id": "string"
	},
	"resources": [
		{
			"action": "string",
			"applied_globally": false,
			"created_by": "string",
			"created_on": "date-time",
			"deleted": false,
			"description": "string",
			"expiration": "date-time",
			"expired": false,
			"from_parent": false,
			"host_groups": [
				"string"
			],
			"id": "string",
			"metadata": {
				"av_hits": 0,
				"company_name": "string",
				"file_description": "string",
				"file_version": "string",
				"filename": "string",
				"original_filename": "string",
				"product_name": "string",
				"product_version": "string",
				"signed": false
			},
			"mobile_action": "string",
			"modified_by": "string",
			"modified_on": "date-time",
			"parent_cid_name": "string",
			"platforms": [
				"string"
			],
			"severity": "string",
			"source": "string",
			"tags": [
				"string"
			],
			"type": "string",
			"value": "string"
		}
	]
}

Workflow Library Example

Get Indicator Details with Crowdstrike and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop
I