Skip to main content

Documentation Index

Fetch the complete documentation index at: https://learninghub.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

To learn more, visit the CrowdStrike documentation.

Basic Parameters

ParameterDescription
FilterFilter the results based on FQL queries guidelines.Usage examples:- Return only Endpoint Protection alert IDs: product:'epp'
  • Return only Identity Protection alert IDs: product:'idp'
  • Return only Falcon for Mobile alert IDs: product:'mobile'
  • Return only Falcon XDR IDs: product:'xdr'
  • Return only OverWatch alert IDs: product:'overwatch'
  • Return only Cloud Workload Protection alert IDs: product:'cwpp' | | Include Hidden | Determines whether hidden alerts will be included in the results. | | Query | Search all alert metadata for the provided string. |

Advanced Parameters

ParameterDescription
LimitThe maximum number of records to return. [1-5000]. Default value: 100.
OffsetThe zero-based position of the first record to return. Default value: 0.
SortSort the results based on a field.The format of the sort criteria is: field|direction. Direction can be either asc (ascending) or desc (descending) order.For example: status|asc.

Example Output

{    "meta": {        "query_time": 0.044395707,        "pagination": {            "offset": 0,            "limit": 5,            "total": 10000        },        "writes": {            "resources_affected": 0        },        "powered_by": "detectsapi",        "trace_id": "f755297a-e287-4012-b5e3-ff88691e95e9"    },    "resources": [        "28a1xxxxxxxx3914:ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-3675xxxxxxxx5616",        "28a1xxxxxxxx3914:ind:8647xxxxxxxxbe64:1328xxxxxxxx9683-5702-7386xxxxxxxx6359",        "28a1xxxxxxxx3914:ind:8647xxxxxxxxbe64:1328xxxxxxxx2431-5702-6181xxxxxxxx8615",        "28a1xxxxxxxx3914:ind:8647xxxxxxxxbe64:1328xxxxxxxx0612-5702-3468xxxxxxxx7877",        "28a1xxxxxxxx3914:ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-1930xxxxxxxx9544"    ],    "errors": []}

Workflow Library Example

List Alerts with Crowdstrike and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop