Actions
List Alerts
Gets a list of Alert IDs.
To learn more, visit the CrowdStrike documentation.
Basic Parameters
Parameter | Description |
---|---|
Filter | Filter the results based on FQL queries guidelines.Usage examples:- Return only Endpoint Protection alert IDs: product:'epp' |
- Return only Identity Protection alert IDs:
product:'idp'
- Return only Falcon for Mobile alert IDs:
product:'mobile'
- Return only Falcon XDR IDs:
product:'xdr'
- Return only OverWatch alert IDs:
product:'overwatch'
- Return only Cloud Workload Protection alert IDs:
product:'cwpp'
| | Include Hidden | Determines whether hidden alerts will be included in the results. | | Query | Search all alert metadata for the provided string. |
Advanced Parameters
Parameter | Description |
---|---|
Limit | The maximum number of records to return. [1-5000]. Default value: 100. |
Offset | The zero-based position of the first record to return. Default value: 0. |
Sort | Sort the results based on a field.The format of the sort criteria is: field|direction . Direction can be either asc (ascending) or desc (descending) order.For example: status|asc . |
Example Output
Workflow Library Example
List Alerts with Crowdstrike and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?