> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Search Vulnerabilities

Search for Vulnerabilities in your environment by providing an FQL
filter and paging details.

The following permission is required to run this action:

* `Vulnerabilities`: **Read**.

<Note>
  External Documentation

  To learn more, visit the [CrowdStrike documentation](https://falcon.us-2.crowdstrike.com/documentation/page/ab572b16/vulnerability-management-apis#n16977a7).
</Note>

## Basic Parameters

<div className="integrations-table">
  | Parameter | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
  | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  | After     | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an `after` token. On subsequent requests, provide the `after` token from the previous response to continue from that place in the results.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
  | Facet     | Select detail blocks to be returned for each vulnerability entity.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
  | Filter    | Filter items using a query in Falcon Query Language (FQL). Wildcards \* and empty filter values are unsupported.<br />Available filter fields that supports exact match: aid, cid, last\_seen\_within, status, cve.id, cve.is\_cisa\_kev, cve.remediation\_level, cve.cps\_rating, cve.exprt\_rating, cve.exploit\_status\_to\_include, cve.severity, host\_info.asset\_criticality, host\_info.asset\_roles, host\_info.internet\_exposure, host\_info.tags, host\_info.groups, host\_info.product\_type\_desc, host\_info.platform\_name, suppression\_info.is\_suppressed, suppression\_info.reason.<br />Available filter fields that supports range comparisons (`>`, `<`, `>=`, `<=`): created\_timestamp, closed\_timestamp, updated\_timestamp. |
</div>

## Advanced Parameters

<div className="integrations-table">
  | Parameter | Description                                                                                                                                                                                                                                    |
  | --------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  | Limit     | The number of items to return in this response (default: 100, max: 5000). Use with the after parameter to manage pagination of results.                                                                                                        |
  | Sort      | Sort vulnerabilities by their properties.<br />Available sort options:<br />  - updated\_timestamp\|asc/desc<br />  - closed\_timestamp\|asc/desc<br /><br />Can be used in a format \|asc for ascending order or \|desc for descending order. |
</div>

## Example Output

```json theme={"dark"}
{
	"meta": {
		"query_time": 0,
		"pagination": {
			"limit": 19,
			"total": 1784670,
			"after": "<string>"
		},
		"powered_by": "<string>",
		"trace_id": "<string>"
	},
	"resources": [
		{
			"id": "<string>",
			"cid": "<string>",
			"aid": "<string>",
			"vulnerability_id": "<string>",
			"data_providers": [
				{
					"provider": "<string>"
				}
			],
			"created_timestamp": "<string>",
			"updated_timestamp": "<string>",
			"status": "<string>",
			"apps": [
				{
					"vendor_normalized": "<string>",
					"product_name_version": "<string>",
					"product_name_normalized": "<string>",
					"sub_status": "<string>",
					"remediation": {
						"ids": [
							"<string>"
						]
					},
					"evaluation_logic": {
						"id": "<string>"
					},
					"remediation_info": {
						"recommended_id": "<string>"
					}
				}
			],
			"suppression_info": {
				"is_suppressed": false
			},
			"confidence": "<string>",
			"cve": {
				"id": "<string>"
			}
		},
		{
			"id": "<string>",
			"cid": "<string>",
			"aid": "<string>",
			"vulnerability_id": "<string>",
			"data_providers": [
				{
					"provider": "<string>"
				}
			],
			"created_timestamp": "<string>",
			"updated_timestamp": "<string>",
			"status": "<string>",
			"apps": [
				{
					"vendor_normalized": "<string>",
					"product_name_version": "<string>",
					"product_name_normalized": "<string>",
					"sub_status": "<string>",
					"remediation": {
						"ids": [
							"<string>"
						]
					},
					"evaluation_logic": {
						"id": "<string>"
					},
					"remediation_info": {
						"recommended_id": "<string>"
					}
				}
			],
			"suppression_info": {
				"is_suppressed": false
			},
			"confidence": "<string>",
			"cve": {
				"id": "<string>"
			}
		}
	]
}
```

## Workflow Library Example

[Search Vulnerabilities with Crowdstrike and Send Results Via Email](https://library.blinkops.com/workflows/search-vulnerabilities-with-crowdstrike-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/search-vulnerabilities-with-crowdstrike-and-send-results-via-email/canvas" />
</div>
