Actions
List Detections
Search for detections in your environment.
Basic Parameters
Parameter | Description |
---|---|
Filter | Filter detections using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. Common filter options include:status , device.device_id , max_severity . The full list of valid filter options is extensive. Review it in CrowdStrike’s documentation inside the Falcon console. |
Return All Pages | Automatically fetch all resources, page by page. |
Advanced Parameters
Parameter | Description |
---|---|
Limit | The maximum number of detections to return in this response (default: 9999, max: 9999). |
Offset | The first detection to return, where 0 is the latest detection. |
Query | Search for specific detections using the detection metadata. |
Sort | Sort detections using these options:- first_behavior : Timestamp of the first behavior associated with this detection- last_behavior : Timestamp of the last behavior associated with this detection- max_severity : Highest severity of the behaviors associated with this detection- max_confidence : Highest confidence of the behaviors associated with this detection- adversary_id : ID of the adversary associated with this detection, if any- devices.hostname : Hostname of the host where this detection was detectedSort either asc (ascending) or desc (descending). For example: last_behavior|asc . |
Example Output
Workflow Library Example
Preview this Workflow on desktop
Was this page helpful?