Actions
MalQuery Exact Search
Search the malware corpus for exact binary patterns and strings with byte-level precision.
External Documentation
To learn more, visit the CrowdStrike documentation.
Basic Parameters
Parameter | Description |
---|---|
Patterns | Specify an array of hex patterns or strings to search for within file contents at the byte level. Each pattern should be an object with “type” and “value” fields. For example: [ { "type":"hex", "value":"8948208b480833ca33f989502489482889782c8bd7" }, { "type":"ascii", "value":"suspicious_string" } ] |
Advanced Parameters
Parameter | Description |
---|---|
File Types | A comma-separated list of file types to restrict search results by. For example: * EMAIL * PCAP * PDF * PE32 |
Limit | The maximum number of matching files to return in the response. |
Max Date | Only include files first observed before this date. |
Max Size | Only include files smaller than this size. Accepts values in bytes or with units. For example: * 128000 * 1.3KB * 8MB * 2GB |
Metadata Fields | A comma-separated list of metadata fields to include in results. For example: * sha256 * md5 * type * size * first_seen * label * family |
Min Date | Only include files first observed after this date. |
Min Size | Only include files larger than this size. Accepts values in bytes or with units. For example: * 128000 * 1.3KB * 8MB * 2GB |
Example Output
Workflow Library Example
Malquery Exact Search with Crowdstrike and Send Results Via Email
Preview this Workflow on desktop