> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# MalQuery Fuzzy Search

Search for malware samples using partial pattern matching for faster results but with potential for false positives.

**Note**: In order to get more accurate results, use `MalQuery Exact Search` action.

<Note>
  External Documentation

  To learn more, visit the [CrowdStrike documentation](https://falcon.us-2.crowdstrike.com/documentation/page/ea96c592/malquery-apis#x19e9c22).
</Note>

## Basic Parameters

<div className="integrations-table">
  | Parameter | Description                                                                                                                                                                                                                                                                                                                                                                                                                  |
  | --------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  | Patterns  | Specify an array of hex patterns or strings to search for within file contents at the byte level.<br /><br />Each pattern should be an object with "type" and "value" fields. For example:<br /><pre><code>\[<br />  \{<br />    "type":"hex",<br />    "value":"8948208b480833ca33f989502489482889782c8bd7"<br />  },<br />  \{<br />    "type":"ascii",<br />    "value":"suspicious\_string"<br />  }<br />]</code></pre> |
</div>

## Advanced Parameters

<div className="integrations-table">
  | Parameter       | Description                                                                                                                                                                                                 |
  | --------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  | Limit           | The maximum number of matching files to return in the response.                                                                                                                                             |
  | Metadata Fields | A comma-separated list of metadata fields to include in results.<br /><br />For example:<br />\* `sha256`<br />\* `md5`<br />\* `type`<br />\* `size`<br />\* `first_seen`<br />\* `label`<br />\* `family` |
</div>

## Example Output

```json theme={"dark"}
{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string",
			"type": "string"
		}
	],
	"meta": {
		"pagination": {
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"reqid": "Request ID returned after creating a hunt or exact search",
		"stats": {
			"clean_count": 0,
			"malware_count": 0,
			"pua_count": 0,
			"total_count": 0,
			"unknown_count": 0
		},
		"status": "Request status. Possible values: inprogress, failed, done",
		"trace_id": "string",
		"writes": {
			"resources_affected": 0
		}
	},
	"resources": [
		{
			"family": "Sample family",
			"filesize": 0,
			"filetype": "Sample file type",
			"first_seen": "Date when it was first seen",
			"label": "Sample label",
			"md5": "Sample MD5",
			"sha1": "Sample SHA1",
			"sha256": "Sample SHA256"
		}
	]
}
```

## Workflow Library Example

[Malquery Fuzzy Search with Crowdstrike and Send Results Via Email](https://library.blinkops.com/workflows/malquery-fuzzy-search-with-crowdstrike-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/malquery-fuzzy-search-with-crowdstrike-and-send-results-via-email/canvas" />
</div>
