Gets a list of Alert IDs.

External Documentation

To learn more, visit the CrowdStrike documentation.

Basic Parameters

ParameterDescription
FilterFilter the results based on FQL queries guidelines.Usage examples: - Return only Endpoint Protection alert IDs: product:'epp' - Return only Identity Protection alert IDs: product:'idp' - Return only Falcon for Mobile alert IDs: product:'mobile' - Return only Falcon XDR IDs: product:'xdr' - Return only OverWatch alert IDs: product:'overwatch' - Return only Cloud Workload Protection alert IDs: product:'cwpp'
Include HiddenDetermines whether hidden alerts will be included in the results.
QuerySearch all alert metadata for the provided string.
Return All PagesAutomatically fetch all resources, page by page.

Advanced Parameters

ParameterDescription
LimitThe maximum number of records to return. [1-5000]. Default value: 100.
OffsetThe zero-based position of the first record to return. Default value: 0.
SortSort the results based on a field.The format of the sort criteria is: field|direction. Direction can be either asc (ascending) or desc (descending) order.For example: status|asc.

Example Output

{
	"meta": {
		"query_time": 0.044395707,
		"pagination": {
			"offset": 0,
			"limit": 5,
			"total": 10000
		},
		"writes": {
			"resources_affected": 0
		},
		"powered_by": "detectsapi",
		"trace_id": "f755297a-e287-4012-b5e3-ff88691e95e9"
	},
	"resources": [
		"28a1xxxxxxxx3914:ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-3675xxxxxxxx5616",
		"28a1xxxxxxxx3914:ind:8647xxxxxxxxbe64:1328xxxxxxxx9683-5702-7386xxxxxxxx6359",
		"28a1xxxxxxxx3914:ind:8647xxxxxxxxbe64:1328xxxxxxxx2431-5702-6181xxxxxxxx8615",
		"28a1xxxxxxxx3914:ind:8647xxxxxxxxbe64:1328xxxxxxxx0612-5702-3468xxxxxxxx7877",
		"28a1xxxxxxxx3914:ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-1930xxxxxxxx9544"
	],
	"errors": []
}

Workflow Library Example

List Alerts with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop

Was this page helpful?