Retrieve process details by ID.

The following permission is required to run this action:

  • IOC Management: Read and Write.

  • IOCs (Indicators of Compromise): Read.

Note:

  • An error with 404 response code may occur if no devices are found for the indicator, or if the host has aged out.
  • The completion of the action doesnt indicate that the action has succeeded - check for errors in the response body.

External Documentation

To learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
Process IDThe running process you want to get details on.

Example Output

{
	"meta": {
		"query_time": 0.036953655,
		"trace_id": ""
	},
	"resources": [
		{
			"device_id": "2dd7xxxxxxxxfb3c2",
			"command_line": "\\AppData\\Local\\Temp\\svchost.exe.4406xxxxxxxx5051.fuzz\"",
			"process_id": "2dd7xxxxxxxxb3c2:922xxx411",
			"process_id_local": "298xxx772",
			"file_name": "\\Users\\example\\AppData\\Local\\Temp\\svchost.exe.4406xxxxxxxx5051.fuzz",
			"start_timestamp": "2016-01-07T08:51:13Z",
			"start_timestamp_raw": "130966302736257500",
			"stop_timestamp": "2016-01-07T08:51:14Z",
			"stop_timestamp_raw": "130966302744226250"
		}
	],
	"errors": []
}

Workflow Library Example

Retrieve Process Details by Id with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop