Search and retrieve adversary intel reports.

The following permissions are required to run this action:

  • Reports (Falcon Intelligence): Read.

External Documentation

To learn more, visit the CrowdStrike documentation.

Basic Parameters

ParameterDescription
FieldsSpecify which fields to return for each item. You can select individual fields (for example, id, name or slug), or use pre-defined field collections in the format __collection__.If no fields are specified, the default __basic__ collection will be returned.Valid fields include: id, name, slug, type, sub_type, url, short_description, description, rich_text_description, created_date, last_modified_date, image, thumbnail, attachments, actors, tags, target_industries, target_countries and motivations.
FilterFilter the results by a FQL query.For a complete list of filterable properties and syntax guidance, refer to the CrowdStrike API documentation.
QuerySearch term that matches against all fields of all adversaries.
Return All PagesAutomatically fetch all resources, page by page.

Advanced Parameters

ParameterDescription
LimitThe number of results to return.
OffsetThe offset to start retrieving records from.
SortSort applications by their properties.The format of the sort criteria is: field|direction. Direction can be either asc (ascending) or desc (descending) order.

Example Output

{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string"
		}
	],
	"meta": {
		"pagination": {
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"trace_id": "string",
		"writes": {
			"resources_affected": 0
		}
	},
	"resources": [
		{
			"active": false,
			"actors": [
				{
					"id": 0,
					"name": "string",
					"slug": "string",
					"thumbnail": {
						"height": 0,
						"url": "string",
						"width": 0
					},
					"url": "string"
				}
			],
			"attachments": [
				{
					"id": 0,
					"url": "string"
				}
			],
			"created_date": 0,
			"description": "string",
			"entitlements": [
				{
					"id": 0,
					"name": "string",
					"slug": "string",
					"value": "string"
				}
			],
			"id": 0,
			"image": {
				"height": 0,
				"url": "string",
				"width": 0
			},
			"last_modified_date": 0,
			"motivations": [
				{
					"id": 0,
					"name": "string",
					"slug": "string",
					"value": "string"
				}
			],
			"name": "string",
			"notify_users": false,
			"rich_text_description": "string",
			"short_description": "string",
			"slug": "string",
			"sub_type": {
				"id": 0,
				"name": "string",
				"slug": "string",
				"value": "string"
			},
			"tags": [
				{
					"id": 0,
					"name": "string",
					"slug": "string",
					"value": "string"
				}
			],
			"target_countries": [
				{
					"id": 0,
					"name": "string",
					"slug": "string",
					"value": "string"
				}
			],
			"target_industries": [
				{
					"id": 0,
					"name": "string",
					"slug": "string",
					"value": "string"
				}
			],
			"thumbnail": {
				"height": 0,
				"url": "string",
				"width": 0
			},
			"topic": {
				"id": 0,
				"name": "string",
				"slug": "string",
				"value": "string"
			},
			"type": {
				"id": 0,
				"name": "string",
				"slug": "string",
				"value": "string"
			},
			"url": "string"
		}
	]
}

Workflow Library Example

Query Adversary Reports with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop