Search for hosts in your environment.

The following permission is required to run this action:

  • “Hosts`: Read.

External Documentation

To learn more, visit the CrowdStrike documentation.

Basic Parameters

ParameterDescription
FilterFilter detections using a query in Falcon Query Language (FQL) An asterisk wildcard * includes all results. Common filter options include:status, device.device_id, max_severity.The full list of valid filter options is extensive. Review it in CrowdStrike’s documentation inside the Falcon console.
Return All PagesAutomatically fetch all resources, page by page.

Advanced Parameters

ParameterDescription
LimitThe maximum records to return. [1-5000]
OffsetThe offset to start retrieving records from.
SortThe property to sort by (e.g. status.desc or hostname.asc).

Example Output

{
	"meta": {
		"query_time": 0.005809461,
		"pagination": {
			"offset": 2,
			"limit": 100,
			"total": 2
		},
		"powered_by": "device-api",
		"trace_id": "00000000-000000-0000000-0000000"
	},
	"resources": [
		"123456789123456789123456789123456789",
		"123456789123456789123456789123456789"
	],
	"errors": []
}

Workflow Library Example

Remove Crowdstrike Falcon Sensors Inactive in The Last 12 Hours

Preview this Workflow on desktop

Was this page helpful?