Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Retrieve aggregated alert data based on specified queries.
External DocumentationTo learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
Aggregate QueriesA list of queries by which to aggregate the retrieved alerts.

For example:

[
  {
    “date_ranges”: [
      {
        “from”: “string”,
        “to”: “string”
      }
    ],
    “exclude”: “string”,
    “field”: “string”,
    “filter”: “string”,
    “from”: 0,
    “include”: “string”,
    “interval”: “string”,
    “max_doc_count”: 0,
    “min_doc_count”: 0,
    “missing”: “string”,
    “name”: “string”,
    “q”: “string”,
    “ranges”: [
      {
        “From”: 0,
        “To”: 0
      }
    ],
    “size”: 0,
    “sort”: “string”,
    “sub_aggregates”: [
      null
    ],
    “time_zone”: “string”,
    “type”: “string”
  }
]
Include HiddenSelect to allow hidden alerts to be retrieved.

Example Output

{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string"
		}
	],
	"meta": {
		"pagination": {
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"trace_id": "string",
		"writes": {
			"resources_affected": 0
		}
	},
	"resources": [
		{
			"buckets": [
				{
					"count": 0,
					"from": 0,
					"key_as_string": "string",
					"string_from": "string",
					"string_to": "string",
					"sub_aggregates": [
						null
					],
					"to": 0,
					"value": 0,
					"value_as_string": "string"
				}
			],
			"name": "string",
			"sum_other_doc_count": 0
		}
	]
}

Workflow Library Example

List Aggregated Alerts with Crowdstrike and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop