To learn more, visit the CrowdStrike documentation.

Basic Parameters

ParameterDescription
FilterFilter the results based on FQL queries guidelines.Usage examples:- Return only Endpoint Protection alert IDs: product:'epp'
  • Return only Identity Protection alert IDs: product:'idp'
  • Return only Falcon for Mobile alert IDs: product:'mobile'
  • Return only Falcon XDR IDs: product:'xdr'
  • Return only OverWatch alert IDs: product:'overwatch'
  • Return only Cloud Workload Protection alert IDs: product:'cwpp' | | Include Hidden | Determines whether hidden alerts will be included in the results. | | Query | Search all alert metadata for the provided string. |

Advanced Parameters

ParameterDescription
LimitThe maximum number of records to return. [1-5000]. Default value: 100.
OffsetThe zero-based position of the first record to return. Default value: 0.
SortSort the results based on a field.The format of the sort criteria is: field|direction. Direction can be either asc (ascending) or desc (descending) order.For example: status|asc.

Example Output

{    "meta": {        "query_time": 0.044395707,        "pagination": {            "offset": 0,            "limit": 5,            "total": 10000        },        "writes": {            "resources_affected": 0        },        "powered_by": "detectsapi",        "trace_id": "f755297a-e287-4012-b5e3-ff88691e95e9"    },    "resources": [        "28a1xxxxxxxx3914:ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-3675xxxxxxxx5616",        "28a1xxxxxxxx3914:ind:8647xxxxxxxxbe64:1328xxxxxxxx9683-5702-7386xxxxxxxx6359",        "28a1xxxxxxxx3914:ind:8647xxxxxxxxbe64:1328xxxxxxxx2431-5702-6181xxxxxxxx8615",        "28a1xxxxxxxx3914:ind:8647xxxxxxxxbe64:1328xxxxxxxx0612-5702-3468xxxxxxxx7877",        "28a1xxxxxxxx3914:ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-1930xxxxxxxx9544"    ],    "errors": []}

Workflow Library Example

List Alerts with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop