Schedule a YARA-based search for execution.

External Documentation

To learn more, visit the CrowdStrike documentation.

Basic Parameters

ParameterDescription
File TypesA comma-separated list of file types to restrict search results by.For example:* EMAIL* PCAP* PDF* PE32
LimitThe maximum number of matching files to return in the response.
YARA RuleThe YARA rule pattern to search for matching files. This value must follow YARA syntax with rule definition, conditions, and strings.

Advanced Parameters

ParameterDescription
Max DateOnly include files first observed before this date.
Max SizeOnly include files smaller than this size. Accepts values in bytes or with units.For example:* 128000* 1.3KB* 8MB* 2GB
Metadata FieldsSelect which metadata fields to include in results.For example:* sha256* md5* type* size* first_seen* label* familyMultiple fields can be comma-separated.
Min DateOnly include files first observed after this date.
Min SizeOnly include files larger than this size. Accepts values in bytes or with units.For example:* 128000* 1.3KB* 8MB* 2GB

Example Output

{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string",
			"type": "string"
		}
	],
	"meta": {
		"pagination": {
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"reqid": "Request ID returned after creating a hunt or exact search",
		"status": "Request status. Possible values: inprogress, failed, done",
		"trace_id": "string",
		"writes": {
			"resources_affected": 0
		}
	},
	"resources": [
		{
			"family": "Sample family",
			"filesize": 0,
			"filetype": "Sample file type",
			"first_seen": "Date when it was first seen",
			"ignore_reason": "Reason why the resource is ignored",
			"label": "Sample label",
			"label_confidence": "Resource label confidence",
			"md5": "Sample MD5",
			"pattern": "Search pattern",
			"pattern_type": "Search pattern type",
			"samples": [
				{
					"family": "Sample family",
					"filesize": 0,
					"filetype": "Sample file type",
					"first_seen": "Date when it was first seen",
					"label": "Sample label",
					"md5": "Sample MD5",
					"sha1": "Sample SHA1",
					"sha256": "Sample SHA256"
				}
			],
			"sha1": "Sample SHA1",
			"sha256": "Sample SHA256",
			"tags": [
				"string"
			],
			"yara_rule": "Search YARA rule",
			"yara_rules": [
				"string"
			]
		}
	]
}

Workflow Library Example

Schedule Yara Hunt with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop