Find all rule groups matching the query with optional filter.

The following permission is required to run this action:

  • Custom IOA rules.

External Documentation

To learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
FilterFQL query specifying the filter parameters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as ‘2010-05-15T14:55:21.892315096Z’.
QueryMatch query criteria, which includes all the filter string fields.
Return All PagesAutomatically fetch all resources, page by page.

Example Output

{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string"
		}
	],
	"meta": {
		"pagination": {
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"trace_id": "string",
		"writes": {
			"resources_affected": 0
		}
	},
	"resources": [
		"string"
	]
}

Workflow Library Example

List Parent Rule Groups with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop