List Alerts
Gets a list of Alert IDs.
External Documentation
To learn more, visit the CrowdStrike documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Filter | Filter the results based on FQL queries guidelines. Usage examples: - Return only Endpoint Protection alert IDs: product:'epp'- Return only Identity Protection alert IDs: product:'idp'- Return only Falcon for Mobile alert IDs: product:'mobile'- Return only Falcon XDR IDs: product:'xdr'- Return only OverWatch alert IDs: product:'overwatch'- Return only Cloud Workload Protection alert IDs: product:'cwpp' |
| Include Hidden | Determines whether hidden alerts will be included in the results. |
| Query | Search all alert metadata for the provided string. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Limit | The maximum number of records to return. [1-5000]. Default value: 100. |
| Offset | The zero-based position of the first record to return. Default value: 0. |
| Sort | Sort the results based on a field. The format of the sort criteria is: `field |
Example Output
{
"meta": {
"query_time": 0.044395707,
"pagination": {
"offset": 0,
"limit": 5,
"total": 10000
},
"writes": {
"resources_affected": 0
},
"powered_by": "detectsapi",
"trace_id": "f755297a-e287-4012-b5e3-ff88691e95e9"
},
"resources": [
"28a1xxxxxxxx3914:ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-3675xxxxxxxx5616",
"28a1xxxxxxxx3914:ind:8647xxxxxxxxbe64:1328xxxxxxxx9683-5702-7386xxxxxxxx6359",
"28a1xxxxxxxx3914:ind:8647xxxxxxxxbe64:1328xxxxxxxx2431-5702-6181xxxxxxxx8615",
"28a1xxxxxxxx3914:ind:8647xxxxxxxxbe64:1328xxxxxxxx0612-5702-3468xxxxxxxx7877",
"28a1xxxxxxxx3914:ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-1930xxxxxxxx9544"
],
"errors": []
}
Workflow Library Example
List Alerts with Crowdstrike and Send Results Via Email
Preview this Workflow on desktop