Actions
Search Across Devices
Find hosts that have observed a given custom Indicator of Compromise (IOC). IOC is a piece of digital forensics (identification, investigation, and remediation of cyberattacks) that suggests that an endpoint or network may have been breached. You can find the custom indicators in the .
Basic Parameters
Parameter | Description |
---|---|
Indicator Description | Search by the indicator’s description. |
Search By | Search by the type of the indicator. An indicator is a value based on metrics obtained by comparing logically related attributes about the behavior of an activity.You can find the indicators in the IOC Management page.Valid types include:- sha256 : A hex-encoded sha256 hash string. Length - min: 64, max: 64. |
md5
: A hex-encoded md5 hash string. Length - min 32, max: 32.domain
: A domain name. Length - min: 1, max: 200.ipv4
: An IPv4 address. Must be a valid IP address.ipv6
: An IPv6 address. Must be a valid IP address. |
Advanced Parameters
Parameter | Description |
---|---|
Limit | The first process to return, where 0 is the latest offset. |
Offset | The first process to return, where 0 is the latest offset. |
Example Output
Workflow Library Example
Search Crowdstrike Ioc Across Devices
Preview this Workflow on desktop
Was this page helpful?