List Alerts

Get the list of IDs of alerts.

Optionally, specify a filter query parameter to limit IDs to a particular product:

Return only Endpoint Protection alert IDs: filter=product:'epp'
Return only Identity Protection alert IDs: filter=product:'idp'
Return only Falcon for Mobile alert IDs: filter=product:'mobile'
Return only Falcon XDR IDs: filter=product:'xdr'
Return only OverWatch alert IDs: filter=product:'overwatch'
Return only Cloud Workload Protection alert IDs: filter=product:'cwpp'

External Documentation

To learn more, visit the CrowdStrike documentation.

Parameters

Parameter	Description
Filter	Filter the results based on FQL queries guidelines.

Example Output

{
    "meta": {
        "query_time": 0.044395707,
        "pagination": {
            "offset": 0,
            "limit": 5,
            "total": 10000
        },
        "writes": {
            "resources_affected": 0
        },
        "powered_by": "detectsapi",
        "trace_id": "f755297a-e287-4012-b5e3-ff88691e95e9"
    },
    "resources": [
        "28a1xxxxxxxx3914:ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-3675xxxxxxxx5616",
        "28a1xxxxxxxx3914:ind:8647xxxxxxxxbe64:1328xxxxxxxx9683-5702-7386xxxxxxxx6359",
        "28a1xxxxxxxx3914:ind:8647xxxxxxxxbe64:1328xxxxxxxx2431-5702-6181xxxxxxxx8615",
        "28a1xxxxxxxx3914:ind:8647xxxxxxxxbe64:1328xxxxxxxx0612-5702-3468xxxxxxxx7877",
        "28a1xxxxxxxx3914:ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-1930xxxxxxxx9544"
    ],
    "errors": []
}

Workflow Library Example

List Alerts with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop

List Alerts

Parameters​

Example Output​

Workflow Library Example​

Parameters

Example Output

Workflow Library Example