Schedule YARA Hunt - Blink Documentation

Basic Parameters
Advanced Parameters
Example Output
Workflow Library Example

Schedule a YARA-based search for execution.

External DocumentationTo learn more, visit the CrowdStrike documentation.

Basic Parameters

Parameter	Description
File Types	A comma-separated list of file types to restrict search results by. For example: * `EMAIL` * `PCAP` * `PDF` * `PE32`
Limit	The maximum number of matching files to return in the response.
YARA Rule	The YARA rule pattern to search for matching files. This value must follow YARA syntax with rule definition, conditions, and strings.

Advanced Parameters

Parameter	Description
Max Date	Only include files first observed before this date.
Max Size	Only include files smaller than this size. Accepts values in bytes or with units. For example: * `128000` * `1.3KB` * `8MB` * `2GB`
Metadata Fields	Select which metadata fields to include in results. For example: * `sha256` * `md5` * `type` * `size` * `first_seen` * `label` * `family` Multiple fields can be comma-separated.
Min Date	Only include files first observed after this date.
Min Size	Only include files larger than this size. Accepts values in bytes or with units. For example: * `128000` * `1.3KB` * `8MB` * `2GB`

Example Output

{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string",
			"type": "string"
		}
	],
	"meta": {
		"pagination": {
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"reqid": "Request ID returned after creating a hunt or exact search",
		"status": "Request status. Possible values: inprogress, failed, done",
		"trace_id": "string",
		"writes": {
			"resources_affected": 0
		}
	},
	"resources": [
		{
			"family": "Sample family",
			"filesize": 0,
			"filetype": "Sample file type",
			"first_seen": "Date when it was first seen",
			"ignore_reason": "Reason why the resource is ignored",
			"label": "Sample label",
			"label_confidence": "Resource label confidence",
			"md5": "Sample MD5",
			"pattern": "Search pattern",
			"pattern_type": "Search pattern type",
			"samples": [
				{
					"family": "Sample family",
					"filesize": 0,
					"filetype": "Sample file type",
					"first_seen": "Date when it was first seen",
					"label": "Sample label",
					"md5": "Sample MD5",
					"sha1": "Sample SHA1",
					"sha256": "Sample SHA256"
				}
			],
			"sha1": "Sample SHA1",
			"sha256": "Sample SHA256",
			"tags": [
				"string"
			],
			"yara_rule": "Search YARA rule",
			"yara_rules": [
				"string"
			]
		}
	]
}