Actions
Get Processes By IOC
Search for processes associated with a custom IOC.
The following permission is required to run this action:
-
IOC Management
: Read and Write. -
IOCs (Indicators of Compromise)
: Read.
Note: An error with 404 response code may occur if no devices are found for the indicator, or if the host has aged out.
External Documentation
To learn more, visit the CrowdStrike documentation.
Basic Parameters
Parameter | Description |
---|---|
Device ID | Specify a device ID to return only processes from that device. |
Indicator Type | The type of the indicator. |
Return All Pages | Automatically fetch all resources, page by page. |
Value | The string representation of the indicator, can be obtained by using the Get Indicator Details . |
Advanced Parameters
Parameter | Description |
---|---|
Limit | Number of processes to return in the response. |
Offset | The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results. |
Example Output
Workflow Library Example
Get Processes by Ioc with Crowdstrike and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?