Get Indicator Details
Get detailed info about specific indicators. The Indicators ID can be obtained via the List Indicators action.
The following permission is required to run this action:
IOC Management: Read and Write.
External Documentation
To learn more, visit the CrowdStrike documentation.
Parameters
| Parameter | Description |
|---|---|
| ID | The IOC ID to get details on. |
Example Output
{
"errors": [
{
"code": 0,
"id": "string",
"message": "string"
}
],
"meta": {
"pagination": {
"after": "string",
"limit": 0,
"offset": 0,
"total": 0
},
"powered_by": "string",
"query_time": 0,
"trace_id": "string"
},
"resources": [
{
"action": "string",
"applied_globally": false,
"created_by": "string",
"created_on": "date-time",
"deleted": false,
"description": "string",
"expiration": "date-time",
"expired": false,
"from_parent": false,
"host_groups": [
"string"
],
"id": "string",
"metadata": {
"av_hits": 0,
"company_name": "string",
"file_description": "string",
"file_version": "string",
"filename": "string",
"original_filename": "string",
"product_name": "string",
"product_version": "string",
"signed": false
},
"mobile_action": "string",
"modified_by": "string",
"modified_on": "date-time",
"parent_cid_name": "string",
"platforms": [
"string"
],
"severity": "string",
"source": "string",
"tags": [
"string"
],
"type": "string",
"value": "string"
}
]
}
Workflow Library Example
Get Indicator Details with Crowdstrike and Send Results Via Email
Preview this Workflow on desktop