Search for incidents by providing an FQL filter, sorting, and paging details.

Basic Parameters

ParameterDescription
FilterOptional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon.
Return All PagesAutomatically fetch all resources, page by page.

Advanced Parameters

ParameterDescription
LimitThe maximum records to return. [1-500].
OffsetStarting index of overall result set from which to return ids.
SortThe property to sort on, followed by a dot (.), followed by the sort direction, either “asc” or “desc”.

Example Output

{
	"meta": {
		"query_time": 2,
		"pagination": {
			"offset": 0,
			"limit": 95,
			"total": 16
		},
		"powered_by": "<string>",
		"trace_id": "<string>"
	},
	"resources": [
		"<string>",
		"<string>"
	],
	"errors": []
}

Workflow Library Example

List Incidents with Crowdstrike and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop