Skip to main content

Search Vulnerabilities

Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria.

Basic Parameters

ParameterDescription
AfterA pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results.
FacetSelect detail blocks to be returned for each vulnerability entity.
FilterFilter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported.Available filter fields that supports exact match: aid, cid, lastseenwithin, status, cve.id, cve.iscisakev, cve.remediationlevel, cve.cpsrating, cve.exprtrating, cve.exploitstatustoinclude, cve.severity, hostinfo.assetcriticality, hostinfo.assetroles, hostinfo.internetexposure, hostinfo.tags, hostinfo.groups, hostinfo.producttypedesc, hostinfo.platformname, suppressioninfo.issuppressed, suppressioninfo.reason.Available filter fields that supports range comparisons (>, <, >=, <=): createdtimestamp, closedtimestamp, updated_timestamp.

Advanced Parameters

ParameterDescription
LimitThe number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results.
SortSort vulnerabilities by their properties.Available sort options:
  • updated_timestamp|asc/desc
  • closed_timestamp|asc/desc
Can be used in a format |asc for ascending order or |desc for descending order.

Example Output

{
"errors": [
{
"code": 0,
"id": "string",
"message": "string"
}
],
"meta": {
"pagination": {
"after": "string",
"limit": 0,
"total": 0
},
"powered_by": "string",
"query_time": 0,
"quota": {
"total": 0,
"used": 0
},
"trace_id": "string"
},
"resources": [
{
"aid": "string",
"app": {
"product_name_version": "string"
},
"apps": [
{
"product_name_version": "string",
"remediation": {
"ids": [
"string"
]
},
"sub_status": "string"
}
],
"cid": "string",
"closed_timestamp": "string",
"created_timestamp": "string",
"cve": {
"base_score": 0,
"description": "string",
"exploit_status": 0,
"exploitability_score": 0,
"exprt_rating": "string",
"id": "string",
"impact_score": 0,
"published_date": "string",
"references": [
"string"
],
"severity": "string",
"vector": "string",
"vendor_advisory": [
"string"
]
},
"host_info": {
"groups": [
{
"id": "string",
"name": "string"
}
],
"host_last_seen_timestamp": "string",
"hostname": "string",
"local_ip": "string",
"machine_domain": "string",
"os_version": "string",
"ou": "string",
"platform": "string",
"site_name": "string",
"system_manufacturer": "string",
"tags": [
"string"
]
},
"id": "string",
"remediation": {
"entities": [
{
"action": "string",
"id": "string",
"link": "string",
"reference": "string",
"title": "string"
}
],
"ids": [
"string"
]
},
"status": "string",
"updated_timestamp": "string"
}
]
}

Workflow Library Example

Search Vulnerabilities with Crowdstrike and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop