Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Search for and retrieve indicators based on custom criteria. The following permissions are required to run this action:
  • Indicators (Falcon Indicator Graph): Read.
External DocumentationTo learn more, visit the CrowdStrike documentation.

Basic Parameters

ParameterDescription
FilterFilter the results by a FQL query.

For a complete list of filterable properties and syntax guidance, refer to the CrowdStrike API documentation.
Return All PagesAutomatically fetch all resources, page by page.
Sort ByThe field to sort results by.
Sort OrderThe direction in which to sort the results.

Advanced Parameters

ParameterDescription
LimitThe number of results to return.
OffsetThe offset to start retrieving records from.

Example Output

{
	"meta": {
		"query_time": 1.454724531,
		"pagination": {
			"limit": 10,
			"offset": "pSFFO1Ctnodv...",
			"next_page": "limit=10&offset=pSFFO1CtnodvTA8G..."
		},
		"powered_by": "fig-api",
		"trace_id": "94efc630-4f99-4345-8d43-d87a6cda41f5",
		"total_hits": 10
	},
	"resources": [
		{
			"ID": "Domain:8c2e3ba5972e6137c8554f4320e14fa410dd9c61b807e030fc04e0834e3ba3eb",
			"Type": "Domain",
			"PublishDate": "2025-01-23T19:24:54Z",
			"LastUpdated": "2025-01-23T19:25:06Z",
			"MaliciousConfidence": "High",
			"MaliciousConfidenceValidatedTime": "2025-01-23T19:24:54Z",
			"ThreatTypes": [
				"Modular",
				"Commodity",
				"OpenSource",
				"Criminal",
				"RAT"
			],
			"Threats": [
				{
					"FamilyName": "AsyncRAT"
				}
			],
			"DomainDetails": {
				"Domain": "example-malicious-domain.com"
			}
		}
	]
}

Workflow Library Example

Search Indicators with Crowdstrike and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop