Actions
Query Adversary Reports
Search and retrieve adversary intel reports.
The following permissions are required to run this action:
Reports (Falcon Intelligence)
: Read.
External Documentation
To learn more, visit the CrowdStrike documentation.
Basic Parameters
Parameter | Description |
---|---|
Fields | Specify which fields to return for each item. You can select individual fields (for example, id , name or slug ), or use pre-defined field collections in the format __collection__ .If no fields are specified, the default __basic__ collection will be returned.Valid fields include: id , name , slug , type , sub_type , url , short_description , description , rich_text_description , created_date , last_modified_date , image , thumbnail , attachments , actors , tags , target_industries , target_countries and motivations . |
Filter | Filter the results by a FQL query.For a complete list of filterable properties and syntax guidance, refer to the CrowdStrike API documentation. |
Query | Search term that matches against all fields of all adversaries. |
Return All Pages | Automatically fetch all resources, page by page. |
Advanced Parameters
Parameter | Description |
---|---|
Limit | The number of results to return. |
Offset | The offset to start retrieving records from. |
Sort | Sort applications by their properties.The format of the sort criteria is: field|direction . Direction can be either asc (ascending) or desc (descending) order. |
Example Output
Workflow Library Example
Query Adversary Reports with Crowdstrike and Send Results Via Email
Preview this Workflow on desktop