Actions
MalQuery Exact Search
Search the malware corpus for exact binary patterns and strings with byte-level precision.
External Documentation
To learn more, visit the CrowdStrike documentation.
Basic Parameters
Parameter | Description |
---|---|
Patterns | Specify an array of hex patterns or strings to search for within file contents at the byte level.Each pattern should be an object with “type” and “value” fields. For example:[ { "type":"hex", "value":"8948208b480833ca33f989502489482889782c8bd7" }, { "type":"ascii", "value":"suspicious_string" }] |
Advanced Parameters
Parameter | Description |
---|---|
File Types | A comma-separated list of file types to restrict search results by.For example:* EMAIL * PCAP * PDF * PE32 |
Limit | The maximum number of matching files to return in the response. |
Max Date | Only include files first observed before this date. |
Max Size | Only include files smaller than this size. Accepts values in bytes or with units.For example:* 128000 * 1.3KB * 8MB * 2GB |
Metadata Fields | A comma-separated list of metadata fields to include in results.For example:* sha256 * md5 * type * size * first_seen * label * family |
Min Date | Only include files first observed after this date. |
Min Size | Only include files larger than this size. Accepts values in bytes or with units.For example:* 128000 * 1.3KB * 8MB * 2GB |
Example Output
Workflow Library Example
Malquery Exact Search with Crowdstrike and Send Results Via Email
Preview this Workflow on desktop