> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Processes By IOC

Search for processes associated with a custom IOC.

The following permission is required to run this action:

* `IOC Management`: **Read** and **Write**.

* `IOCs (Indicators of Compromise)`: **Read**.

**Note:** An error with 404 response code may occur if no devices are found for the indicator, or if the host has aged out.

<Note>
  External Documentation

  To learn more, visit the [CrowdStrike documentation](https://falcon.us-2.crowdstrike.com/documentation/page/ed1b4a95/detection-and-prevention-policy-apis#y38b3568).
</Note>

## Basic Parameters

<div className="integrations-table">
  | Parameter        | Description                                                                                       |
  | ---------------- | ------------------------------------------------------------------------------------------------- |
  | Device ID        | Specify a device ID to return only processes from that device.                                    |
  | Indicator Type   | The type of the indicator.                                                                        |
  | Return All Pages | Automatically fetch all resources, page by page.                                                  |
  | Value            | The string representation of the indicator, can be obtained by using the `Get Indicator Details`. |
</div>

## Advanced Parameters

<div className="integrations-table">
  | Parameter | Description                                                                                                              |
  | --------- | ------------------------------------------------------------------------------------------------------------------------ |
  | Limit     | Number of processes to return in the response.                                                                           |
  | Offset    | The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results. |
</div>

## Example Output

```json theme={"dark"}
{
	"meta": {
		"query_time": 0.10,
		"pagination": {
			"offset": "1364242733:397800512",
			"limit": 2,
			"next_page": "/indicators/queries/processes/v1?type=domain&value=example.com&device_id=2dd7xxxxxxxxfb3c2&offset=1364242733:397800512&limit=1"
		},
		"trace_id": "a4d3ba63-28e4-473e-9b6f-61dd0b8be4fe",
		"entity": "https://falconapi.crowdstrike.com/processes/entities/processes/v1{?ids*}"
	},
	"resources": [
		"pid:2dd7xxxxxxxxb3c2:298xxx772",
		"pid:2dd7xxxxxxxxb3c2:922xxx411"
	],
	"errors": []
}
```

## Workflow Library Example

[Get Processes by Ioc with Crowdstrike and Send Results Via Email](https://library.blinkops.com/workflows/get-processes-by-ioc-with-crowdstrike-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/get-processes-by-ioc-with-crowdstrike-and-send-results-via-email/canvas" />
</div>
