List Incidents

Search for incidents by providing an FQL filter, sorting, and paging details.

Basic Parameters

Parameter	Description
Filter	Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon.

Advanced Parameters

Parameter	Description
Limit	The maximum records to return. [1-500].
Offset	Starting index of overall result set from which to return ids.
Sort	The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".

Example Output

{
    "errors": [
        {
            "code": 0,
            "id": "string",
            "message": "string"
        }
    ],
    "meta": {
        "pagination": {
            "limit": 0,
            "offset": 0,
            "total": 0
        },
        "powered_by": "string",
        "query_time": 0,
        "trace_id": "string",
        "writes": {
            "resources_affected": 0
        }
    },
    "resources": [
        {}
    ]
}

Workflow Library Example

List Incidents with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop

List Incidents

Basic Parameters​

Advanced Parameters​

Example Output​

Workflow Library Example​

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example