Search for Vulnerabilities in your environment by providing an FQL filter and paging details. The following permission is required to run this action:
  • Vulnerabilities: Read.
External DocumentationTo learn more, visit the CrowdStrike documentation.

Basic Parameters

ParameterDescription
AfterA pagination token used with the limit parameter to manage pagination of results. On your first request, don’t provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results.
FacetSelect detail blocks to be returned for each vulnerability entity.
FilterFilter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported.
Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason.
Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp.

Advanced Parameters

ParameterDescription
LimitThe number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results.
SortSort vulnerabilities by their properties.
Available sort options:
- updated_timestamp|asc/desc
- closed_timestamp|asc/desc

Can be used in a format |asc for ascending order or |desc for descending order.

Example Output

{
	"meta": {
		"query_time": 0,
		"pagination": {
			"limit": 19,
			"total": 1784670,
			"after": "<string>"
		},
		"powered_by": "<string>",
		"trace_id": "<string>"
	},
	"resources": [
		{
			"id": "<string>",
			"cid": "<string>",
			"aid": "<string>",
			"vulnerability_id": "<string>",
			"data_providers": [
				{
					"provider": "<string>"
				}
			],
			"created_timestamp": "<string>",
			"updated_timestamp": "<string>",
			"status": "<string>",
			"apps": [
				{
					"vendor_normalized": "<string>",
					"product_name_version": "<string>",
					"product_name_normalized": "<string>",
					"sub_status": "<string>",
					"remediation": {
						"ids": [
							"<string>"
						]
					},
					"evaluation_logic": {
						"id": "<string>"
					},
					"remediation_info": {
						"recommended_id": "<string>"
					}
				}
			],
			"suppression_info": {
				"is_suppressed": false
			},
			"confidence": "<string>",
			"cve": {
				"id": "<string>"
			}
		},
		{
			"id": "<string>",
			"cid": "<string>",
			"aid": "<string>",
			"vulnerability_id": "<string>",
			"data_providers": [
				{
					"provider": "<string>"
				}
			],
			"created_timestamp": "<string>",
			"updated_timestamp": "<string>",
			"status": "<string>",
			"apps": [
				{
					"vendor_normalized": "<string>",
					"product_name_version": "<string>",
					"product_name_normalized": "<string>",
					"sub_status": "<string>",
					"remediation": {
						"ids": [
							"<string>"
						]
					},
					"evaluation_logic": {
						"id": "<string>"
					},
					"remediation_info": {
						"recommended_id": "<string>"
					}
				}
			],
			"suppression_info": {
				"is_suppressed": false
			},
			"confidence": "<string>",
			"cve": {
				"id": "<string>"
			}
		}
	]
}

Workflow Library Example

Search Vulnerabilities with Crowdstrike and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop