Search Across Devices
Find hosts that have observed a given custom Indicator of Compromise (IOC). IOC is a piece of digital forensics (identification, investigation, and remediation of cyberattacks) that suggests that an endpoint or network may have been breached. You can find the custom indicators in the IOC Management page.
Basic Parameters
Parameter | Description |
---|---|
Indicator Description | Search by the indicator's description. |
Search By | Search by the type of the indicator. An indicator is a value based on metrics obtained by comparing logically related attributes about the behavior of an activity.You can find the indicators in the IOC Management page.Valid types include:
|
Advanced Parameters
Parameter | Description |
---|---|
Limit | The first process to return, where 0 is the latest offset. |
Offset | The first process to return, where 0 is the latest offset. |
Example Output
{
"meta": {
"query_time": 7.444444,
"pagination": {
"offset": "",
"limit": 100
},
"trace_id": ""0000000-00000-0000-0000-000000000000"",
"entity": "/path/to/device{?ids*}"
},
"resources": [
"000000111111222233333"
],
"errors": []
}
Workflow Library Example
Search Crowdstrike Ioc Across Devices
Preview this Workflow on desktop