Search Vulnerabilities
Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria.
Basic Parameters
| Parameter | Description |
|---|---|
| After | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. |
| Facet | Select detail blocks to be returned for each vulnerability entity. |
| Filter | Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that supports exact match: aid, cid, last_seen_within, status, cve.id, cve.is_cisa_kev, cve.remediation_level, cve.cps_rating, cve.exprt_rating, cve.exploit_status_to_include, cve.severity, host_info.asset_criticality, host_info.asset_roles, host_info.internet_exposure, host_info.tags, host_info.groups, host_info.product_type_desc, host_info.platform_name, suppression_info.is_suppressed, suppression_info.reason. Available filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, closed_timestamp, updated_timestamp. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Limit | The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results. |
| Sort | Sort vulnerabilities by their properties. Available sort options: - updated_timestamp |
Example Output
{
"errors": [
{
"code": 0,
"id": "string",
"message": "string"
}
],
"meta": {
"pagination": {
"after": "string",
"limit": 0,
"total": 0
},
"powered_by": "string",
"query_time": 0,
"quota": {
"total": 0,
"used": 0
},
"trace_id": "string"
},
"resources": [
{
"aid": "string",
"app": {
"product_name_version": "string"
},
"apps": [
{
"product_name_version": "string",
"remediation": {
"ids": [
"string"
]
},
"sub_status": "string"
}
],
"cid": "string",
"closed_timestamp": "string",
"created_timestamp": "string",
"cve": {
"base_score": 0,
"description": "string",
"exploit_status": 0,
"exploitability_score": 0,
"exprt_rating": "string",
"id": "string",
"impact_score": 0,
"published_date": "string",
"references": [
"string"
],
"severity": "string",
"vector": "string",
"vendor_advisory": [
"string"
]
},
"host_info": {
"groups": [
{
"id": "string",
"name": "string"
}
],
"host_last_seen_timestamp": "string",
"hostname": "string",
"local_ip": "string",
"machine_domain": "string",
"os_version": "string",
"ou": "string",
"platform": "string",
"site_name": "string",
"system_manufacturer": "string",
"tags": [
"string"
]
},
"id": "string",
"remediation": {
"entities": [
{
"action": "string",
"id": "string",
"link": "string",
"reference": "string",
"title": "string"
}
],
"ids": [
"string"
]
},
"status": "string",
"updated_timestamp": "string"
}
]
}
Workflow Library Example
Search Vulnerabilities with Crowdstrike and Send Results Via Email
Preview this Workflow on desktop