Skip to main content

Documentation Index

Fetch the complete documentation index at: https://learninghub.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Basic Parameters

ParameterDescription
FilterFilter detections using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. Common filter options include:status, device.device_id, max_severity. The full list of valid filter options is extensive. Review it in CrowdStrike’s documentation inside the Falcon console.

Advanced Parameters

ParameterDescription
LimitThe maximum number of detections to return in this response (default: 9999, max: 9999).
OffsetThe first detection to return, where 0 is the latest detection.
QuerySearch for specific detections using the detection metadata.
SortSort detections using these options:- first_behavior: Timestamp of the first behavior associated with this detection
  • last_behavior: Timestamp of the last behavior associated with this detection
  • max_severity: Highest severity of the behaviors associated with this detection
  • max_confidence: Highest confidence of the behaviors associated with this detection
  • adversary_id: ID of the adversary associated with this detection, if any
  • devices.hostname: Hostname of the host where this detection was detectedSort either asc (ascending) or desc (descending). For example: last_behavior\|asc. |

Example Output

{    "meta": {        "query_time": 0.004152658,        "pagination": {            "offset": 0,            "limit": 100,            "total": 1        },        "powered_by": "legacy-detects",        "trace_id": "000000-0000000-000000-000000"    },    "resources": [        "ldt:123456789012345678901234567890:12345678"    ],    "errors": []}

Workflow Library Example

Run Crowdstrike Query
Workflow LibraryPreview this Workflow on desktop