Skip to main content
Perform an action on selected prevention policies. Note: Verify operation success by checking the response body. If the resources property is empty, the action failed. This typically indicates invalid parameters. The following permissions are required to run this action:
  • Prevention policies: Read and Write.
  • Host groups: Read.
External DocumentationTo learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
Action To PerformSelect the required action to perform on the specified prevention policies.
Group IDThe unique identifier of the group to perform the action with.
IDsA comma-separated list of prevention policies identifiers to perform this action on.

Example Output

{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string"
		}
	],
	"meta": {
		"pagination": {
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"trace_id": "string",
		"writes": {
			"resources_affected": 0
		}
	},
	"resources": [
		{
			"cid": "The customer id associated with the policy",
			"created_by": "The email of the user which created the policy",
			"created_timestamp": "The time at which the policy was created",
			"description": "The description of a policy. Use this field to provide a high level summary of what this policy enforces",
			"enabled": false,
			"groups": [
				{
					"assignment_rule": "The assignment rule of a group",
					"created_by": "The email of the user which created the policy",
					"created_timestamp": "The time at which the policy was created",
					"description": "An additional description of the group or the devices it targets",
					"group_type": "The method by which this host group is managed",
					"id": "The identifier of this host group",
					"modified_by": "The email of the user which last modified the policy",
					"modified_timestamp": "The time at which the policy was last modified",
					"name": "The name of the group"
				}
			],
			"id": "The unique id of the policy",
			"ioa_rule_groups": [
				{
					"comment": "string",
					"committed_timestamp": "The last attempted time CFS got this data on the rule group",
					"created_by": "The email of the user which created the rule group",
					"created_timestamp": "The time at which the policy was created",
					"customer_id": "string",
					"deleted": false,
					"description": "An additional description of the group or the rules it contains",
					"enabled": false,
					"id": "The identifier of this IOA rule group",
					"modified_by": "The email of the user which last modified the rule group",
					"modified_timestamp": "The time at which the policy was last modified",
					"name": "The name of the group",
					"platform": "string",
					"rule_ids": [
						"string"
					],
					"version": 0
				}
			],
			"modified_by": "The email of the user which last modified the policy",
			"modified_timestamp": "The time at which the policy was last modified",
			"name": "The human readable name of the policy",
			"platform_name": "The name of the platform",
			"prevention_settings": [
				{
					"name": "The name of the category",
					"settings": [
						{
							"description": "The human readable description of the setting",
							"id": "The id of the setting",
							"name": "The name of the setting",
							"type": "The type of the setting which can be used as a hint when displaying in the UI",
							"value": {}
						}
					]
				}
			]
		}
	]
}

Workflow Library Example

Perform Prevention Policies Action with Crowdstrike and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop