CrowdStrike OpenAPI (Beta)
CrowdStrike OpenAPI Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
beta
This is a beta Integration, which lets you implement and test pre-release software. Since the integration is beta, it might contain bugs. Updates to the integration during the beta phase might include non-backward compatible features. We appreciate your feedback on the quality and usability of the integration to help us identify issues, fix them, and continually improve.
Use the CrowdStrike OpenAPI integration to interact with CrowdStrike APIs that do not have dedicated integrations in Cortex XSOAR, for example, CrowdStrike FalconX, etc.
To use the CrowdStrike OpenAPI integration, you need the ID and secret of an API client that has right scopes granted to it.
For more details, refer to the CrowdStrike OAuth2-Based APIs documentation.
Note: The integration is in beta as it was auto generated from the CrowdStrike Falcon OpenAPI specification and is not fully tested.
#
Configure CrowdStrike OpenAPI in CortexParameter | Required |
---|---|
Cloud Base URL | True |
Client ID | True |
Client Secret | True |
Use system proxy settings | False |
Trust any certificate (not secure) | False |
#
cs-add-roleAssign new MSSP Role(s) between User Group and CID Group. It does not revoke existing role(s) between User Group and CID Group. User Group ID and CID Group ID have to be specified in request.
#
Base Commandcs-add-role
#
InputArgument Name | Description | Required |
---|---|---|
domain_mssprolerequestv1_resources | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainMSSPRoleResponseV1.errors.code | Number | |
CrowdStrike.domainMSSPRoleResponseV1.errors.id | String | |
CrowdStrike.domainMSSPRoleResponseV1.errors.message | String | |
CrowdStrike.domainMSSPRoleResponseV1.resources.cid_group_id | String | |
CrowdStrike.domainMSSPRoleResponseV1.resources.id | String | |
CrowdStrike.domainMSSPRoleResponseV1.resources.user_group_id | String |
#
cs-add-user-group-membersAdd new User Group member. Maximum 500 members allowed per User Group.
#
Base Commandcs-add-user-group-members
#
InputArgument Name | Description | Required |
---|---|---|
domain_usergroupmembersrequestv1_resources | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainUserGroupMembersResponseV1.errors.code | Number | |
CrowdStrike.domainUserGroupMembersResponseV1.errors.id | String | |
CrowdStrike.domainUserGroupMembersResponseV1.errors.message | String | |
CrowdStrike.domainUserGroupMembersResponseV1.resources.user_group_id | String |
#
cs-addcid-group-membersAdd new CID Group member.
#
Base Commandcs-addcid-group-members
#
InputArgument Name | Description | Required |
---|---|---|
domain_cidgroupmembersrequestv1_resources | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainCIDGroupMembersResponseV1.errors.code | Number | |
CrowdStrike.domainCIDGroupMembersResponseV1.errors.id | String | |
CrowdStrike.domainCIDGroupMembersResponseV1.errors.message | String | |
CrowdStrike.domainCIDGroupMembersResponseV1.resources.cid_group_id | String |
#
cs-aggregate-allow-listRetrieve aggregate allowlist ticket values based on the matched filter.
#
Base Commandcs-aggregate-allow-list
#
InputArgument Name | Description | Required |
---|---|---|
msa_aggregatequeryrequest_date_ranges | Required | |
msa_aggregatequeryrequest_field | Required | |
msa_aggregatequeryrequest_filter | Required | |
msa_aggregatequeryrequest_interval | Required | |
msa_aggregatequeryrequest_min_doc_count | Required | |
msa_aggregatequeryrequest_missing | Required | |
msa_aggregatequeryrequest_name | Required | |
msa_aggregatequeryrequest_q | Required | |
msa_aggregatequeryrequest_ranges | Required | |
msa_aggregatequeryrequest_size | Required | |
msa_aggregatequeryrequest_sort | Required | |
msa_aggregatequeryrequest_sub_aggregates | Required | |
msa_aggregatequeryrequest_time_zone | Required | |
msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaAggregatesResponse.errors.code | Number | |
CrowdStrike.msaAggregatesResponse.errors.id | String | |
CrowdStrike.msaAggregatesResponse.errors.message | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.msaAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.name | String | |
CrowdStrike.msaAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-aggregate-block-listRetrieve aggregate block list ticket values based on the matched filter.
#
Base Commandcs-aggregate-block-list
#
InputArgument Name | Description | Required |
---|---|---|
msa_aggregatequeryrequest_date_ranges | Required | |
msa_aggregatequeryrequest_field | Required | |
msa_aggregatequeryrequest_filter | Required | |
msa_aggregatequeryrequest_interval | Required | |
msa_aggregatequeryrequest_min_doc_count | Required | |
msa_aggregatequeryrequest_missing | Required | |
msa_aggregatequeryrequest_name | Required | |
msa_aggregatequeryrequest_q | Required | |
msa_aggregatequeryrequest_ranges | Required | |
msa_aggregatequeryrequest_size | Required | |
msa_aggregatequeryrequest_sort | Required | |
msa_aggregatequeryrequest_sub_aggregates | Required | |
msa_aggregatequeryrequest_time_zone | Required | |
msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaAggregatesResponse.errors.code | Number | |
CrowdStrike.msaAggregatesResponse.errors.id | String | |
CrowdStrike.msaAggregatesResponse.errors.message | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.msaAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.name | String | |
CrowdStrike.msaAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-aggregate-detectionsRetrieve aggregate detection values based on the matched filter.
#
Base Commandcs-aggregate-detections
#
InputArgument Name | Description | Required |
---|---|---|
msa_aggregatequeryrequest_date_ranges | Required | |
msa_aggregatequeryrequest_field | Required | |
msa_aggregatequeryrequest_filter | Required | |
msa_aggregatequeryrequest_interval | Required | |
msa_aggregatequeryrequest_min_doc_count | Required | |
msa_aggregatequeryrequest_missing | Required | |
msa_aggregatequeryrequest_name | Required | |
msa_aggregatequeryrequest_q | Required | |
msa_aggregatequeryrequest_ranges | Required | |
msa_aggregatequeryrequest_size | Required | |
msa_aggregatequeryrequest_sort | Required | |
msa_aggregatequeryrequest_sub_aggregates | Required | |
msa_aggregatequeryrequest_time_zone | Required | |
msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaAggregatesResponse.errors.code | Number | |
CrowdStrike.msaAggregatesResponse.errors.id | String | |
CrowdStrike.msaAggregatesResponse.errors.message | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.msaAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.name | String | |
CrowdStrike.msaAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-aggregate-device-count-collectionRetrieve aggregate host/devices count based on the matched filter.
#
Base Commandcs-aggregate-device-count-collection
#
InputArgument Name | Description | Required |
---|---|---|
msa_aggregatequeryrequest_date_ranges | Required | |
msa_aggregatequeryrequest_field | Required | |
msa_aggregatequeryrequest_filter | Required | |
msa_aggregatequeryrequest_interval | Required | |
msa_aggregatequeryrequest_min_doc_count | Required | |
msa_aggregatequeryrequest_missing | Required | |
msa_aggregatequeryrequest_name | Required | |
msa_aggregatequeryrequest_q | Required | |
msa_aggregatequeryrequest_ranges | Required | |
msa_aggregatequeryrequest_size | Required | |
msa_aggregatequeryrequest_sort | Required | |
msa_aggregatequeryrequest_sub_aggregates | Required | |
msa_aggregatequeryrequest_time_zone | Required | |
msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaAggregatesResponse.errors.code | Number | |
CrowdStrike.msaAggregatesResponse.errors.id | String | |
CrowdStrike.msaAggregatesResponse.errors.message | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.msaAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.name | String | |
CrowdStrike.msaAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-aggregate-escalationsRetrieve aggregate escalation ticket values based on the matched filter.
#
Base Commandcs-aggregate-escalations
#
InputArgument Name | Description | Required |
---|---|---|
msa_aggregatequeryrequest_date_ranges | Required | |
msa_aggregatequeryrequest_field | Required | |
msa_aggregatequeryrequest_filter | Required | |
msa_aggregatequeryrequest_interval | Required | |
msa_aggregatequeryrequest_min_doc_count | Required | |
msa_aggregatequeryrequest_missing | Required | |
msa_aggregatequeryrequest_name | Required | |
msa_aggregatequeryrequest_q | Required | |
msa_aggregatequeryrequest_ranges | Required | |
msa_aggregatequeryrequest_size | Required | |
msa_aggregatequeryrequest_sort | Required | |
msa_aggregatequeryrequest_sub_aggregates | Required | |
msa_aggregatequeryrequest_time_zone | Required | |
msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaAggregatesResponse.errors.code | Number | |
CrowdStrike.msaAggregatesResponse.errors.id | String | |
CrowdStrike.msaAggregatesResponse.errors.message | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.msaAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.name | String | |
CrowdStrike.msaAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-aggregate-notificationsv1Get notification aggregates as specified via JSON in request body.
#
Base Commandcs-aggregate-notificationsv1
#
InputArgument Name | Description | Required |
---|---|---|
msa_aggregatequeryrequest_date_ranges | Required | |
msa_aggregatequeryrequest_field | Required | |
msa_aggregatequeryrequest_filter | Required | |
msa_aggregatequeryrequest_interval | Required | |
msa_aggregatequeryrequest_min_doc_count | Required | |
msa_aggregatequeryrequest_missing | Required | |
msa_aggregatequeryrequest_name | Required | |
msa_aggregatequeryrequest_q | Required | |
msa_aggregatequeryrequest_ranges | Required | |
msa_aggregatequeryrequest_size | Required | |
msa_aggregatequeryrequest_sort | Required | |
msa_aggregatequeryrequest_sub_aggregates | Required | |
msa_aggregatequeryrequest_time_zone | Required | |
msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainAggregatesResponse.errors.code | Number | |
CrowdStrike.domainAggregatesResponse.errors.details.field | String | |
CrowdStrike.domainAggregatesResponse.errors.details.message | String | |
CrowdStrike.domainAggregatesResponse.errors.details.message_key | String | |
CrowdStrike.domainAggregatesResponse.errors.id | String | |
CrowdStrike.domainAggregatesResponse.errors.message | String | |
CrowdStrike.domainAggregatesResponse.errors.message_key | String | |
CrowdStrike.domainAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.domainAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.domainAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.domainAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.domainAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.domainAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.domainAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.domainAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.domainAggregatesResponse.resources.name | String | |
CrowdStrike.domainAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-aggregate-remediationsRetrieve aggregate remediation ticket values based on the matched filter.
#
Base Commandcs-aggregate-remediations
#
InputArgument Name | Description | Required |
---|---|---|
msa_aggregatequeryrequest_date_ranges | Required | |
msa_aggregatequeryrequest_field | Required | |
msa_aggregatequeryrequest_filter | Required | |
msa_aggregatequeryrequest_interval | Required | |
msa_aggregatequeryrequest_min_doc_count | Required | |
msa_aggregatequeryrequest_missing | Required | |
msa_aggregatequeryrequest_name | Required | |
msa_aggregatequeryrequest_q | Required | |
msa_aggregatequeryrequest_ranges | Required | |
msa_aggregatequeryrequest_size | Required | |
msa_aggregatequeryrequest_sort | Required | |
msa_aggregatequeryrequest_sub_aggregates | Required | |
msa_aggregatequeryrequest_time_zone | Required | |
msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaAggregatesResponse.errors.code | Number | |
CrowdStrike.msaAggregatesResponse.errors.id | String | |
CrowdStrike.msaAggregatesResponse.errors.message | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.msaAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.name | String | |
CrowdStrike.msaAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-aggregateeventsAggregate events for customer.
#
Base Commandcs-aggregateevents
#
InputArgument Name | Description | Required |
---|---|---|
fwmgr_msa_aggregatequeryrequest_date_ranges | Required | |
fwmgr_msa_aggregatequeryrequest_field | Required | |
fwmgr_msa_aggregatequeryrequest_filter | Required | |
fwmgr_msa_aggregatequeryrequest_interval | Required | |
fwmgr_msa_aggregatequeryrequest_min_doc_count | Required | |
fwmgr_msa_aggregatequeryrequest_missing | Required | |
fwmgr_msa_aggregatequeryrequest_name | Required | |
fwmgr_msa_aggregatequeryrequest_q | Required | |
fwmgr_msa_aggregatequeryrequest_ranges | Required | |
fwmgr_msa_aggregatequeryrequest_size | Required | |
fwmgr_msa_aggregatequeryrequest_sort | Required | |
fwmgr_msa_aggregatequeryrequest_sub_aggregates | Required | |
fwmgr_msa_aggregatequeryrequest_time_zone | Required | |
fwmgr_msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiAggregatesResponse.errors.code | Number | |
CrowdStrike.fwmgrapiAggregatesResponse.errors.id | String | |
CrowdStrike.fwmgrapiAggregatesResponse.errors.message | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.name | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-aggregatefc-incidentsRetrieve aggregate incident values based on the matched filter.
#
Base Commandcs-aggregatefc-incidents
#
InputArgument Name | Description | Required |
---|---|---|
msa_aggregatequeryrequest_date_ranges | Required | |
msa_aggregatequeryrequest_field | Required | |
msa_aggregatequeryrequest_filter | Required | |
msa_aggregatequeryrequest_interval | Required | |
msa_aggregatequeryrequest_min_doc_count | Required | |
msa_aggregatequeryrequest_missing | Required | |
msa_aggregatequeryrequest_name | Required | |
msa_aggregatequeryrequest_q | Required | |
msa_aggregatequeryrequest_ranges | Required | |
msa_aggregatequeryrequest_size | Required | |
msa_aggregatequeryrequest_sort | Required | |
msa_aggregatequeryrequest_sub_aggregates | Required | |
msa_aggregatequeryrequest_time_zone | Required | |
msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaAggregatesResponse.errors.code | Number | |
CrowdStrike.msaAggregatesResponse.errors.id | String | |
CrowdStrike.msaAggregatesResponse.errors.message | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.msaAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.name | String | |
CrowdStrike.msaAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-aggregatepolicyrulesAggregate rules within a policy for customer.
#
Base Commandcs-aggregatepolicyrules
#
InputArgument Name | Description | Required |
---|---|---|
fwmgr_msa_aggregatequeryrequest_date_ranges | Required | |
fwmgr_msa_aggregatequeryrequest_field | Required | |
fwmgr_msa_aggregatequeryrequest_filter | Required | |
fwmgr_msa_aggregatequeryrequest_interval | Required | |
fwmgr_msa_aggregatequeryrequest_min_doc_count | Required | |
fwmgr_msa_aggregatequeryrequest_missing | Required | |
fwmgr_msa_aggregatequeryrequest_name | Required | |
fwmgr_msa_aggregatequeryrequest_q | Required | |
fwmgr_msa_aggregatequeryrequest_ranges | Required | |
fwmgr_msa_aggregatequeryrequest_size | Required | |
fwmgr_msa_aggregatequeryrequest_sort | Required | |
fwmgr_msa_aggregatequeryrequest_sub_aggregates | Required | |
fwmgr_msa_aggregatequeryrequest_time_zone | Required | |
fwmgr_msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiAggregatesResponse.errors.code | Number | |
CrowdStrike.fwmgrapiAggregatesResponse.errors.id | String | |
CrowdStrike.fwmgrapiAggregatesResponse.errors.message | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.name | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-aggregaterulegroupsAggregate rule groups for customer.
#
Base Commandcs-aggregaterulegroups
#
InputArgument Name | Description | Required |
---|---|---|
fwmgr_msa_aggregatequeryrequest_date_ranges | Required | |
fwmgr_msa_aggregatequeryrequest_field | Required | |
fwmgr_msa_aggregatequeryrequest_filter | Required | |
fwmgr_msa_aggregatequeryrequest_interval | Required | |
fwmgr_msa_aggregatequeryrequest_min_doc_count | Required | |
fwmgr_msa_aggregatequeryrequest_missing | Required | |
fwmgr_msa_aggregatequeryrequest_name | Required | |
fwmgr_msa_aggregatequeryrequest_q | Required | |
fwmgr_msa_aggregatequeryrequest_ranges | Required | |
fwmgr_msa_aggregatequeryrequest_size | Required | |
fwmgr_msa_aggregatequeryrequest_sort | Required | |
fwmgr_msa_aggregatequeryrequest_sub_aggregates | Required | |
fwmgr_msa_aggregatequeryrequest_time_zone | Required | |
fwmgr_msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiAggregatesResponse.errors.code | Number | |
CrowdStrike.fwmgrapiAggregatesResponse.errors.id | String | |
CrowdStrike.fwmgrapiAggregatesResponse.errors.message | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.name | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-aggregaterulesAggregate rules for customer.
#
Base Commandcs-aggregaterules
#
InputArgument Name | Description | Required |
---|---|---|
fwmgr_msa_aggregatequeryrequest_date_ranges | Required | |
fwmgr_msa_aggregatequeryrequest_field | Required | |
fwmgr_msa_aggregatequeryrequest_filter | Required | |
fwmgr_msa_aggregatequeryrequest_interval | Required | |
fwmgr_msa_aggregatequeryrequest_min_doc_count | Required | |
fwmgr_msa_aggregatequeryrequest_missing | Required | |
fwmgr_msa_aggregatequeryrequest_name | Required | |
fwmgr_msa_aggregatequeryrequest_q | Required | |
fwmgr_msa_aggregatequeryrequest_ranges | Required | |
fwmgr_msa_aggregatequeryrequest_size | Required | |
fwmgr_msa_aggregatequeryrequest_sort | Required | |
fwmgr_msa_aggregatequeryrequest_sub_aggregates | Required | |
fwmgr_msa_aggregatequeryrequest_time_zone | Required | |
fwmgr_msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiAggregatesResponse.errors.code | Number | |
CrowdStrike.fwmgrapiAggregatesResponse.errors.id | String | |
CrowdStrike.fwmgrapiAggregatesResponse.errors.message | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.name | String | |
CrowdStrike.fwmgrapiAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-aggregates-detections-global-countsGet the total number of detections pushed across all customers.
#
Base Commandcs-aggregates-detections-global-counts
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | An FQL filter string. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaFacetsResponse.errors.code | Number | |
CrowdStrike.msaFacetsResponse.errors.id | String | |
CrowdStrike.msaFacetsResponse.errors.message | String | |
CrowdStrike.msaFacetsResponse.resources.count | Number | |
CrowdStrike.msaFacetsResponse.resources.facet | String | |
CrowdStrike.msaFacetsResponse.resources.label | String | |
CrowdStrike.msaFacetsResponse.resources.term | String |
#
cs-aggregates-eventsGet aggregate OverWatch detection event info by providing an aggregate query.
#
Base Commandcs-aggregates-events
#
InputArgument Name | Description | Required |
---|---|---|
msa_aggregatequeryrequest_date_ranges | Required | |
msa_aggregatequeryrequest_field | Required | |
msa_aggregatequeryrequest_filter | Required | |
msa_aggregatequeryrequest_interval | Required | |
msa_aggregatequeryrequest_min_doc_count | Required | |
msa_aggregatequeryrequest_missing | Required | |
msa_aggregatequeryrequest_name | Required | |
msa_aggregatequeryrequest_q | Required | |
msa_aggregatequeryrequest_ranges | Required | |
msa_aggregatequeryrequest_size | Required | |
msa_aggregatequeryrequest_sort | Required | |
msa_aggregatequeryrequest_sub_aggregates | Required | |
msa_aggregatequeryrequest_time_zone | Required | |
msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaAggregatesResponse.errors.code | Number | |
CrowdStrike.msaAggregatesResponse.errors.id | String | |
CrowdStrike.msaAggregatesResponse.errors.message | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.msaAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.name | String | |
CrowdStrike.msaAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-aggregates-events-collectionsGet OverWatch detection event collection info by providing an aggregate query.
#
Base Commandcs-aggregates-events-collections
#
InputArgument Name | Description | Required |
---|---|---|
msa_aggregatequeryrequest_date_ranges | Required | |
msa_aggregatequeryrequest_field | Required | |
msa_aggregatequeryrequest_filter | Required | |
msa_aggregatequeryrequest_interval | Required | |
msa_aggregatequeryrequest_min_doc_count | Required | |
msa_aggregatequeryrequest_missing | Required | |
msa_aggregatequeryrequest_name | Required | |
msa_aggregatequeryrequest_q | Required | |
msa_aggregatequeryrequest_ranges | Required | |
msa_aggregatequeryrequest_size | Required | |
msa_aggregatequeryrequest_sort | Required | |
msa_aggregatequeryrequest_sub_aggregates | Required | |
msa_aggregatequeryrequest_time_zone | Required | |
msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaAggregatesResponse.errors.code | Number | |
CrowdStrike.msaAggregatesResponse.errors.id | String | |
CrowdStrike.msaAggregatesResponse.errors.message | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.msaAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.name | String | |
CrowdStrike.msaAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-aggregates-incidents-global-countsGet the total number of incidents pushed across all customers.
#
Base Commandcs-aggregates-incidents-global-counts
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | An FQL filter string. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaFacetsResponse.errors.code | Number | |
CrowdStrike.msaFacetsResponse.errors.id | String | |
CrowdStrike.msaFacetsResponse.errors.message | String | |
CrowdStrike.msaFacetsResponse.resources.count | Number | |
CrowdStrike.msaFacetsResponse.resources.facet | String | |
CrowdStrike.msaFacetsResponse.resources.label | String | |
CrowdStrike.msaFacetsResponse.resources.term | String |
#
cs-aggregatesow-events-global-countsGet the total number of OverWatch events across all customers.
#
Base Commandcs-aggregatesow-events-global-counts
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | An FQL filter string. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaFacetsResponse.errors.code | Number | |
CrowdStrike.msaFacetsResponse.errors.id | String | |
CrowdStrike.msaFacetsResponse.errors.message | String | |
CrowdStrike.msaFacetsResponse.resources.count | Number | |
CrowdStrike.msaFacetsResponse.resources.facet | String | |
CrowdStrike.msaFacetsResponse.resources.label | String | |
CrowdStrike.msaFacetsResponse.resources.term | String |
#
cs-apipreemptproxypostgraphqlIdentity Protection GraphQL API. Allows to retrieve entities, timeline activities, identity-based incidents and security assessment. Allows to perform actions on entities and identity-based incidents.
#
Base Commandcs-apipreemptproxypostgraphql
#
InputArgument Name | Description | Required |
---|---|---|
Authorization | Authorization Header. | Required |
#
Context OutputThere is no context output for this command.
#
cs-auditeventsquerySearch for audit events by providing an FQL filter and paging details.
#
Base Commandcs-auditeventsquery
#
InputArgument Name | Description | Required |
---|---|---|
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-1000]. Defaults to 50. | Optional |
sort | The property to sort by (e.g. timestamp.desc). | Optional |
filter_ | The filter expression that should be used to limit the results (e.g., action:'token_create' ). | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-auditeventsreadGets the details of one or more audit events by id.
#
Base Commandcs-auditeventsread
#
InputArgument Name | Description | Required |
---|---|---|
ids | IDs of audit events to retrieve details for. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiauditEventDetailsResponseV1.errors.code | Number | |
CrowdStrike.apiauditEventDetailsResponseV1.errors.id | String | |
CrowdStrike.apiauditEventDetailsResponseV1.errors.message | String | |
CrowdStrike.apiauditEventDetailsResponseV1.resources.action | String | |
CrowdStrike.apiauditEventDetailsResponseV1.resources.actor | String | |
CrowdStrike.apiauditEventDetailsResponseV1.resources.description | String | |
CrowdStrike.apiauditEventDetailsResponseV1.resources.id | String | |
CrowdStrike.apiauditEventDetailsResponseV1.resources.timestamp | String | |
CrowdStrike.apiauditEventDetailsResponseV1.resources.token_id | String |
#
cs-batch-active-responder-cmdBatch executes a RTR active-responder command across the hosts mapped to the given batch ID.
#
Base Commandcs-batch-active-responder-cmd
#
InputArgument Name | Description | Required |
---|---|---|
timeout | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes. | Optional |
timeout_duration | Timeout duration for for how long to wait for the request in duration syntax. Example, 10s . Valid units: ns, us, ms, s, m, h . Maximum is 10 minutes. | Optional |
domain_batchexecutecommandrequest_base_command | Required | |
domain_batchexecutecommandrequest_batch_id | Required | |
domain_batchexecutecommandrequest_command_string | Required | |
domain_batchexecutecommandrequest_optional_hosts | Optional | |
domain_batchexecutecommandrequest_persist_all | Required |
#
Context OutputThere is no context output for this command.
#
cs-batch-admin-cmdBatch executes a RTR administrator command across the hosts mapped to the given batch ID.
#
Base Commandcs-batch-admin-cmd
#
InputArgument Name | Description | Required |
---|---|---|
timeout | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes. | Optional |
timeout_duration | Timeout duration for for how long to wait for the request in duration syntax. Example, 10s . Valid units: ns, us, ms, s, m, h . Maximum is 10 minutes. | Optional |
domain_batchexecutecommandrequest_base_command | Required | |
domain_batchexecutecommandrequest_batch_id | Required | |
domain_batchexecutecommandrequest_command_string | Required | |
domain_batchexecutecommandrequest_optional_hosts | Optional | |
domain_batchexecutecommandrequest_persist_all | Required |
#
Context OutputThere is no context output for this command.
#
cs-batch-cmdBatch executes a RTR read-only command across the hosts mapped to the given batch ID.
#
Base Commandcs-batch-cmd
#
InputArgument Name | Description | Required |
---|---|---|
timeout | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes. | Optional |
timeout_duration | Timeout duration for for how long to wait for the request in duration syntax. Example, 10s . Valid units: ns, us, ms, s, m, h . Maximum is 10 minutes. | Optional |
domain_batchexecutecommandrequest_base_command | Required | |
domain_batchexecutecommandrequest_batch_id | Required | |
domain_batchexecutecommandrequest_command_string | Required | |
domain_batchexecutecommandrequest_optional_hosts | Optional | |
domain_batchexecutecommandrequest_persist_all | Required |
#
Context OutputThere is no context output for this command.
#
cs-batch-get-cmdBatch executes get
command across hosts to retrieve files. After this call is made GET /real-time-response/combined/batch-get-command/v1
is used to query for the results.
#
Base Commandcs-batch-get-cmd
#
InputArgument Name | Description | Required |
---|---|---|
timeout | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes. | Optional |
timeout_duration | Timeout duration for for how long to wait for the request in duration syntax. Example, 10s . Valid units: ns, us, ms, s, m, h . Maximum is 10 minutes. | Optional |
domain_batchgetcommandrequest_batch_id | Required | |
domain_batchgetcommandrequest_file_path | Required | |
domain_batchgetcommandrequest_optional_hosts | Optional |
#
Context OutputThere is no context output for this command.
#
cs-batch-get-cmd-statusRetrieves the status of the specified batch get command. Will return successful files when they are finished processing.
#
Base Commandcs-batch-get-cmd-status
#
InputArgument Name | Description | Required |
---|---|---|
timeout | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes. | Optional |
timeout_duration | Timeout duration for for how long to wait for the request in duration syntax. Example, 10s . Valid units: ns, us, ms, s, m, h . Maximum is 10 minutes. | Optional |
batch_get_cmd_req_id | Batch Get Command Request ID received from /real-time-response/combined/get-command/v1 . | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainBatchGetCmdStatusResponse.errors.code | Number | |
CrowdStrike.domainBatchGetCmdStatusResponse.errors.id | String | |
CrowdStrike.domainBatchGetCmdStatusResponse.errors.message | String | |
CrowdStrike.domainBatchGetCmdStatusResponse.resources.cloud_request_id | String | |
CrowdStrike.domainBatchGetCmdStatusResponse.resources.created_at | String | |
CrowdStrike.domainBatchGetCmdStatusResponse.resources.deleted_at | String | |
CrowdStrike.domainBatchGetCmdStatusResponse.resources.id | Number | |
CrowdStrike.domainBatchGetCmdStatusResponse.resources.name | String | |
CrowdStrike.domainBatchGetCmdStatusResponse.resources.session_id | String | |
CrowdStrike.domainBatchGetCmdStatusResponse.resources.sha256 | String | |
CrowdStrike.domainBatchGetCmdStatusResponse.resources.size | Number | |
CrowdStrike.domainBatchGetCmdStatusResponse.resources.updated_at | String |
#
cs-batch-init-sessionsBatch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host.
#
Base Commandcs-batch-init-sessions
#
InputArgument Name | Description | Required |
---|---|---|
timeout | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes. | Optional |
timeout_duration | Timeout duration for for how long to wait for the request in duration syntax. Example, 10s . Valid units: ns, us, ms, s, m, h . Maximum is 10 minutes. | Optional |
domain_batchinitsessionrequest_existing_batch_id | Optional | |
domain_batchinitsessionrequest_host_ids | Required | |
domain_batchinitsessionrequest_queue_offline | Required |
#
Context OutputThere is no context output for this command.
#
cs-batch-refresh-sessionsBatch refresh a RTR session on multiple hosts. RTR sessions will expire after 10 minutes unless refreshed.
#
Base Commandcs-batch-refresh-sessions
#
InputArgument Name | Description | Required |
---|---|---|
timeout | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes. | Optional |
timeout_duration | Timeout duration for for how long to wait for the request in duration syntax. Example, 10s . Valid units: ns, us, ms, s, m, h . Maximum is 10 minutes. | Optional |
domain_batchrefreshsessionrequest_batch_id | Required | |
domain_batchrefreshsessionrequest_hosts_to_remove | Required |
#
Context OutputThere is no context output for this command.
#
cs-create-actionsv1Create actions for a monitoring rule. Accepts a list of actions that will be attached to the monitoring rule.
#
Base Commandcs-create-actionsv1
#
InputArgument Name | Description | Required |
---|---|---|
domain_registeractionsrequest_actions | Required | |
domain_registeractionsrequest_rule_id | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainActionEntitiesResponseV1.errors.code | Number | |
CrowdStrike.domainActionEntitiesResponseV1.errors.details.field | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.details.message | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.details.message_key | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.id | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.message | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.message_key | String | |
CrowdStrike.domainActionEntitiesResponseV1.resources.cid | String | The ID of the customer who created the action. |
CrowdStrike.domainActionEntitiesResponseV1.resources.created_timestamp | String | The date when the action was created. |
CrowdStrike.domainActionEntitiesResponseV1.resources.frequency | String | |
CrowdStrike.domainActionEntitiesResponseV1.resources.id | String | The ID of the action. |
CrowdStrike.domainActionEntitiesResponseV1.resources.rule_id | String | The ID of the rule on which this action is attached. |
CrowdStrike.domainActionEntitiesResponseV1.resources.status | String | The action status. It can be either 'enabled' or 'muted'. |
CrowdStrike.domainActionEntitiesResponseV1.resources.type | String | The action type. The only type currently supported is 'email'. |
CrowdStrike.domainActionEntitiesResponseV1.resources.updated_timestamp | String | The date when the action was updated. |
CrowdStrike.domainActionEntitiesResponseV1.resources.user_uuid | String | The UUID of the user who created the action. |
#
cs-create-device-control-policiesCreate Device Control Policies by specifying details about the policy to create.
#
Base Commandcs-create-device-control-policies
#
InputArgument Name | Description | Required |
---|---|---|
requests_createdevicecontrolpoliciesv1_resources | A collection of policies to create. | Required |
#
Context OutputThere is no context output for this command.
#
cs-create-firewall-policiesCreate Firewall Policies by specifying details about the policy to create.
#
Base Commandcs-create-firewall-policies
#
InputArgument Name | Description | Required |
---|---|---|
requests_createfirewallpoliciesv1_resources | A collection of policies to create. | Required |
clone_id | The policy ID to be cloned from. | Optional |
#
Context OutputThere is no context output for this command.
#
cs-create-host-groupsCreate Host Groups by specifying details about the group to create.
#
Base Commandcs-create-host-groups
#
InputArgument Name | Description | Required |
---|---|---|
requests_creategroupsv1_resources | A collection of device groups to create. | Required |
#
Context OutputThere is no context output for this command.
#
cs-create-or-updateaws-settingsCreate or update Global Settings which are applicable to all provisioned AWS accounts.
#
Base Commandcs-create-or-updateaws-settings
#
InputArgument Name | Description | Required |
---|---|---|
models_modifyawscustomersettingsv1_resources | Required |
#
Context OutputThere is no context output for this command.
#
cs-create-prevention-policiesCreate Prevention Policies by specifying details about the policy to create.
#
Base Commandcs-create-prevention-policies
#
InputArgument Name | Description | Required |
---|---|---|
requests_createpreventionpoliciesv1_resources | A collection of policies to create. | Required |
#
Context OutputThere is no context output for this command.
#
cs-create-rulesv1Create monitoring rules.
#
Base Commandcs-create-rulesv1
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERUUID | User UUID. | Optional |
sadomain_createrulerequestv1_filter | The filter to be used for searching. | Required |
sadomain_createrulerequestv1_name | The name of a particular rule. | Required |
sadomain_createrulerequestv1_permissions | The permissions for a particular rule which specifies the rule's access by other users. Possible values: [public private]. | Required |
sadomain_createrulerequestv1_priority | The priority for a particular rule. Possible values: [medium high low]. | Required |
sadomain_createrulerequestv1_topic | The topic of a given rule. Possible values: [SA_THIRD_PARTY SA_CVE SA_ALIAS SA_AUTHOR SA_BRAND_PRODUCT SA_VIP SA_IP SA_BIN SA_DOMAIN SA_EMAIL SA_CUSTOM]. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainRulesEntitiesResponseV1.errors.code | Number | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.details.field | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.details.message | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.details.message_key | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.id | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.message | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.message_key | String | |
CrowdStrike.domainRulesEntitiesResponseV1.resources.cid | String | |
CrowdStrike.domainRulesEntitiesResponseV1.resources.created_timestamp | String | The creation time for a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.filter | String | The FQL filter contained in a rule and used for searching. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.id | String | The ID of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.name | String | The name for a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.permissions | String | The permissions of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.priority | String | The priority of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.status | String | The status of a rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.status_message | String | The detailed status message. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.topic | String | The topic of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.updated_timestamp | String | The last updated time for a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.user_id | String | The user ID of the user that created a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.user_name | String | The user name of the user that created a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.user_uuid | String | The UUID of the user that created a given rule. |
#
cs-create-sensor-update-policiesCreate Sensor Update Policies by specifying details about the policy to create.
#
Base Commandcs-create-sensor-update-policies
#
InputArgument Name | Description | Required |
---|---|---|
requests_createsensorupdatepoliciesv1_resources | A collection of policies to create. | Required |
#
Context OutputThere is no context output for this command.
#
cs-create-sensor-update-policiesv2Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection.
#
Base Commandcs-create-sensor-update-policiesv2
#
InputArgument Name | Description | Required |
---|---|---|
requests_createsensorupdatepoliciesv2_resources | A collection of policies to create. | Required |
#
Context OutputThere is no context output for this command.
#
cs-create-userCreate a new user. After creating a user, assign one or more roles with POST /user-roles/entities/user-roles/v1.
#
Base Commandcs-create-user
#
InputArgument Name | Description | Required |
---|---|---|
domain_usercreaterequest_firstname | Optional | |
domain_usercreaterequest_lastname | Optional | |
domain_usercreaterequest_password | Optional | |
domain_usercreaterequest_uid | Optional |
#
Context OutputThere is no context output for this command.
#
cs-create-user-groupsCreate new User Group(s). Maximum 500 User Group(s) allowed per customer.
#
Base Commandcs-create-user-groups
#
InputArgument Name | Description | Required |
---|---|---|
domain_usergroupsrequestv1_resources | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainUserGroupsResponseV1.errors.code | Number | |
CrowdStrike.domainUserGroupsResponseV1.errors.id | String | |
CrowdStrike.domainUserGroupsResponseV1.errors.message | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.cid | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.description | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.name | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.user_group_id | String |
#
cs-createaws-accountCreates a new AWS account in our system for a customer and generates the installation script.
#
Base Commandcs-createaws-account
#
InputArgument Name | Description | Required |
---|---|---|
k8sreg_createawsaccreq_resources | Required |
#
Context OutputThere is no context output for this command.
#
cs-createcid-groupsCreate new CID Group(s). Maximum 500 CID Group(s) allowed.
#
Base Commandcs-createcid-groups
#
InputArgument Name | Description | Required |
---|---|---|
domain_cidgroupsrequestv1_resources | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainCIDGroupsResponseV1.errors.code | Number | |
CrowdStrike.domainCIDGroupsResponseV1.errors.id | String | |
CrowdStrike.domainCIDGroupsResponseV1.errors.message | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.cid | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.cid_group_id | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.description | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.name | String |
#
cs-createcspm-aws-accountCreates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.
#
Base Commandcs-createcspm-aws-account
#
InputArgument Name | Description | Required |
---|---|---|
registration_awsaccountcreaterequestextv2_resources | Required |
#
Context OutputThere is no context output for this command.
#
cs-createcspmgcp-accountCreates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.
#
Base Commandcs-createcspmgcp-account
#
InputArgument Name | Description | Required |
---|---|---|
registration_gcpaccountcreaterequestextv1_resources | Required |
#
Context OutputThere is no context output for this command.
#
cs-createml-exclusionsv1Create the ML exclusions.
#
Base Commandcs-createml-exclusionsv1
#
InputArgument Name | Description | Required |
---|---|---|
requests_mlexclusioncreatereqv1_comment | Optional | |
requests_mlexclusioncreatereqv1_excluded_from | Optional | |
requests_mlexclusioncreatereqv1_groups | Optional | |
requests_mlexclusioncreatereqv1_value | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesMlExclusionRespV1.errors.code | Number | |
CrowdStrike.responsesMlExclusionRespV1.errors.id | String | |
CrowdStrike.responsesMlExclusionRespV1.errors.message | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.applied_globally | Boolean | |
CrowdStrike.responsesMlExclusionRespV1.resources.created_by | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.created_on | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesMlExclusionRespV1.resources.id | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.last_modified | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.modified_by | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.regexp_value | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.value | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.value_hash | String |
#
cs-creatert-response-policiesCreate Response Policies by specifying details about the policy to create.
#
Base Commandcs-creatert-response-policies
#
InputArgument Name | Description | Required |
---|---|---|
requests_creatertresponsepoliciesv1_resources | A collection of policies to create. | Required |
#
Context OutputThere is no context output for this command.
#
cs-createruleCreate a rule within a rule group. Returns the rule.
#
Base Commandcs-createrule
#
InputArgument Name | Description | Required |
---|---|---|
api_rulecreatev1_comment | Required | |
api_rulecreatev1_description | Required | |
api_rulecreatev1_disposition_id | Required | |
api_rulecreatev1_field_values | Required | |
api_rulecreatev1_name | Required | |
api_rulecreatev1_pattern_severity | Required | |
api_rulecreatev1_rulegroup_id | Required | |
api_rulecreatev1_ruletype_id | Required |
#
Context OutputThere is no context output for this command.
#
cs-createrulegroupCreate new rule group on a platform for a customer with a name and description, and return the ID.
#
Base Commandcs-createrulegroup
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERNAME | The user id. | Required |
clone_id | A rule group ID from which to copy rules. If this is provided then the 'rules' property of the body is ignored. | Optional |
li_ary | If this flag is set to true then the rules will be cloned from the clone_id from the CrowdStrike Firewal Rule Groups Li ary. | Optional |
comment | Audit log comment for this action. | Optional |
fwmgr_api_rulegroupcreaterequestv1_description | Required | |
fwmgr_api_rulegroupcreaterequestv1_enabled | Required | |
fwmgr_api_rulegroupcreaterequestv1_name | Required | |
fwmgr_api_rulegroupcreaterequestv1_rules | Required |
#
Context OutputThere is no context output for this command.
#
cs-createrulegroup-mixin0Create a rule group for a platform with a name and an optional description. Returns the rule group.
#
Base Commandcs-createrulegroup-mixin0
#
InputArgument Name | Description | Required |
---|---|---|
api_rulegroupcreaterequestv1_comment | Required | |
api_rulegroupcreaterequestv1_description | Required | |
api_rulegroupcreaterequestv1_name | Required | |
api_rulegroupcreaterequestv1_platform | Required |
#
Context OutputThere is no context output for this command.
#
cs-createsv-exclusionsv1Create the sensor visibility exclusions.
#
Base Commandcs-createsv-exclusionsv1
#
InputArgument Name | Description | Required |
---|---|---|
requests_svexclusioncreatereqv1_comment | Optional | |
requests_svexclusioncreatereqv1_groups | Optional | |
requests_svexclusioncreatereqv1_value | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesMlExclusionRespV1.errors.code | Number | |
CrowdStrike.responsesMlExclusionRespV1.errors.id | String | |
CrowdStrike.responsesMlExclusionRespV1.errors.message | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.applied_globally | Boolean | |
CrowdStrike.responsesMlExclusionRespV1.resources.created_by | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.created_on | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesMlExclusionRespV1.resources.id | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.last_modified | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.modified_by | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.regexp_value | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.value | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.value_hash | String |
#
cs-crowd-scoreQuery environment wide CrowdScore and return the entity data.
#
Base Commandcs-crowd-score
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
limit | The maximum records to return. [1-2500]. | Optional |
sort | The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc". Possible values are: score.asc, score.desc, timestamp.asc, timestamp.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiMsaEnvironmentScoreResponse.errors.code | Number | |
CrowdStrike.apiMsaEnvironmentScoreResponse.errors.id | String | |
CrowdStrike.apiMsaEnvironmentScoreResponse.errors.message | String | |
CrowdStrike.apiMsaEnvironmentScoreResponse.resources.id | String | |
CrowdStrike.apiMsaEnvironmentScoreResponse.resources.score | Number | |
CrowdStrike.apiMsaEnvironmentScoreResponse.resources.timestamp | String |
#
cs-customersettingsreadCheck current installation token settings.
#
Base Commandcs-customersettingsread
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apicustomerSettingsResponseV1.errors.code | Number | |
CrowdStrike.apicustomerSettingsResponseV1.errors.id | String | |
CrowdStrike.apicustomerSettingsResponseV1.errors.message | String | |
CrowdStrike.apicustomerSettingsResponseV1.resources.max_active_tokens | Number | |
CrowdStrike.apicustomerSettingsResponseV1.resources.tokens_required | Boolean |
#
cs-delete-actionv1Delete an action from a monitoring rule based on the action ID.
#
Base Commandcs-delete-actionv1
#
InputArgument Name | Description | Required |
---|---|---|
id_ | ID of the action. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainQueryResponse.errors.code | Number | |
CrowdStrike.domainQueryResponse.errors.details.field | String | |
CrowdStrike.domainQueryResponse.errors.details.message | String | |
CrowdStrike.domainQueryResponse.errors.details.message_key | String | |
CrowdStrike.domainQueryResponse.errors.id | String | |
CrowdStrike.domainQueryResponse.errors.message | String | |
CrowdStrike.domainQueryResponse.errors.message_key | String |
#
cs-delete-device-control-policiesDelete a set of Device Control Policies by specifying their IDs.
#
Base Commandcs-delete-device-control-policies
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the Device Control Policies to delete. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-delete-firewall-policiesDelete a set of Firewall Policies by specifying their IDs.
#
Base Commandcs-delete-firewall-policies
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the Firewall Policies to delete. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-delete-host-groupsDelete a set of Host Groups by specifying their IDs.
#
Base Commandcs-delete-host-groups
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the Host Groups to delete. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-delete-notificationsv1Delete notifications based on IDs. Notifications cannot be recovered after they are deleted.
#
Base Commandcs-delete-notificationsv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | Notifications IDs. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainNotificationIDResponse.errors.code | Number | |
CrowdStrike.domainNotificationIDResponse.errors.details.field | String | |
CrowdStrike.domainNotificationIDResponse.errors.details.message | String | |
CrowdStrike.domainNotificationIDResponse.errors.details.message_key | String | |
CrowdStrike.domainNotificationIDResponse.errors.id | String | |
CrowdStrike.domainNotificationIDResponse.errors.message | String | |
CrowdStrike.domainNotificationIDResponse.errors.message_key | String |
#
cs-delete-prevention-policiesDelete a set of Prevention Policies by specifying their IDs.
#
Base Commandcs-delete-prevention-policies
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the Prevention Policies to delete. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-delete-reportDelete report based on the report ID. Operation can be checked for success by polling for the report ID on the report-summaries endpoint.
#
Base Commandcs-delete-report
#
InputArgument Name | Description | Required |
---|---|---|
ids | ID of a report. | Required |
#
Context OutputThere is no context output for this command.
#
cs-delete-rulesv1Delete monitoring rules.
#
Base Commandcs-delete-rulesv1
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERUUID | User UUID. | Optional |
ids | IDs of rules. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainRuleQueryResponseV1.errors.code | Number | |
CrowdStrike.domainRuleQueryResponseV1.errors.details.field | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.details.message | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.details.message_key | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.id | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.message | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.message_key | String |
#
cs-delete-samplev2Removes a sample, including file, meta and submissions from the collection.
#
Base Commandcs-delete-samplev2
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERUUID | User UUID. | Optional |
ids | The file SHA256. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-delete-samplev3Removes a sample, including file, meta and submissions from the collection.
#
Base Commandcs-delete-samplev3
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERUUID | User UUID. | Optional |
ids | The file SHA256. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-delete-sensor-update-policiesDelete a set of Sensor Update Policies by specifying their IDs.
#
Base Commandcs-delete-sensor-update-policies
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the Sensor Update Policies to delete. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-delete-sensor-visibility-exclusionsv1Delete the sensor visibility exclusions by id.
#
Base Commandcs-delete-sensor-visibility-exclusionsv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | The ids of the exclusions to delete. | Required |
comment | Explains why this exclusions was deleted. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-delete-userDelete a user permanently.
#
Base Commandcs-delete-user
#
InputArgument Name | Description | Required |
---|---|---|
user_uuid | ID of a user. Find a user's ID from /users/entities/user/v1 . | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String |
#
cs-delete-user-group-membersDelete User Group members entry.
#
Base Commandcs-delete-user-group-members
#
InputArgument Name | Description | Required |
---|---|---|
domain_usergroupmembersrequestv1_resources | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainUserGroupMembersResponseV1.errors.code | Number | |
CrowdStrike.domainUserGroupMembersResponseV1.errors.id | String | |
CrowdStrike.domainUserGroupMembersResponseV1.errors.message | String | |
CrowdStrike.domainUserGroupMembersResponseV1.resources.user_group_id | String |
#
cs-delete-user-groupsDelete User Group(s) by ID(s).
#
Base Commandcs-delete-user-groups
#
InputArgument Name | Description | Required |
---|---|---|
user_group_ids | User Group IDs. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaEntitiesResponse.errors.code | Number | |
CrowdStrike.msaEntitiesResponse.errors.id | String | |
CrowdStrike.msaEntitiesResponse.errors.message | String |
#
cs-deleteaws-accountsDelete a set of AWS Accounts by specifying their IDs.
#
Base Commandcs-deleteaws-accounts
#
InputArgument Name | Description | Required |
---|---|---|
ids | IDs of accounts to remove. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.modelsBaseResponseV1.errors.code | Number | |
CrowdStrike.modelsBaseResponseV1.errors.id | String | |
CrowdStrike.modelsBaseResponseV1.errors.message | String |
#
cs-deleteaws-accounts-mixin0Delete AWS accounts.
#
Base Commandcs-deleteaws-accounts-mixin0
#
InputArgument Name | Description | Required |
---|---|---|
ids | AWS Account IDs. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaMetaInfo.powered_by | String | |
CrowdStrike.msaMetaInfo.query_time | Unknown | |
CrowdStrike.msaMetaInfo.trace_id | String | |
CrowdStrike.msaMetaInfo.powered_by | String | |
CrowdStrike.msaMetaInfo.query_time | Unknown | |
CrowdStrike.msaMetaInfo.trace_id | String |
#
cs-deletecid-group-membersDelete CID Group members entry.
#
Base Commandcs-deletecid-group-members
#
InputArgument Name | Description | Required |
---|---|---|
domain_cidgroupmembersrequestv1_resources | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainCIDGroupMembersResponseV1.errors.code | Number | |
CrowdStrike.domainCIDGroupMembersResponseV1.errors.id | String | |
CrowdStrike.domainCIDGroupMembersResponseV1.errors.message | String | |
CrowdStrike.domainCIDGroupMembersResponseV1.resources.cid_group_id | String |
#
cs-deletecid-groupsDelete CID Group(s) by ID(s).
#
Base Commandcs-deletecid-groups
#
InputArgument Name | Description | Required |
---|---|---|
cid_group_ids | CID group ids to be deleted. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaEntitiesResponse.errors.code | Number | |
CrowdStrike.msaEntitiesResponse.errors.id | String | |
CrowdStrike.msaEntitiesResponse.errors.message | String |
#
cs-deletecspm-aws-accountDeletes an existing AWS account or organization in our system.
#
Base Commandcs-deletecspm-aws-account
#
InputArgument Name | Description | Required |
---|---|---|
ids | AWS account IDs to remove. | Optional |
organization_ids | AWS organization IDs to remove. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationBaseResponseV1.errors.code | Number | |
CrowdStrike.registrationBaseResponseV1.errors.id | String | |
CrowdStrike.registrationBaseResponseV1.errors.message | String |
#
cs-deletecspm-azure-accountDeletes an Azure subscription from the system.
#
Base Commandcs-deletecspm-azure-account
#
InputArgument Name | Description | Required |
---|---|---|
ids | Azure subscription IDs to remove. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationBaseResponseV1.errors.code | Number | |
CrowdStrike.registrationBaseResponseV1.errors.id | String | |
CrowdStrike.registrationBaseResponseV1.errors.message | String |
#
cs-deleted-rolesDelete MSSP Role assignment(s) between User Group and CID Group. User Group ID and CID Group ID have to be specified in request. Only specified roles are removed if specified in request payload, else association between User Group and CID Group is dissolved completely (if no roles specified).
#
Base Commandcs-deleted-roles
#
InputArgument Name | Description | Required |
---|---|---|
domain_mssprolerequestv1_resources | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainMSSPRoleResponseV1.errors.code | Number | |
CrowdStrike.domainMSSPRoleResponseV1.errors.id | String | |
CrowdStrike.domainMSSPRoleResponseV1.errors.message | String | |
CrowdStrike.domainMSSPRoleResponseV1.resources.cid_group_id | String | |
CrowdStrike.domainMSSPRoleResponseV1.resources.id | String | |
CrowdStrike.domainMSSPRoleResponseV1.resources.user_group_id | String |
#
cs-deleteioa-exclusionsv1Delete the IOA exclusions by id.
#
Base Commandcs-deleteioa-exclusionsv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | The ids of the exclusions to delete. | Required |
comment | Explains why this exclusions was deleted. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-deleteml-exclusionsv1Delete the ML exclusions by id.
#
Base Commandcs-deleteml-exclusionsv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | The ids of the exclusions to delete. | Required |
comment | Explains why this exclusions was deleted. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesMlExclusionRespV1.errors.code | Number | |
CrowdStrike.responsesMlExclusionRespV1.errors.id | String | |
CrowdStrike.responsesMlExclusionRespV1.errors.message | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.applied_globally | Boolean | |
CrowdStrike.responsesMlExclusionRespV1.resources.created_by | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.created_on | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesMlExclusionRespV1.resources.id | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.last_modified | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.modified_by | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.regexp_value | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.value | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.value_hash | String |
#
cs-deletert-response-policiesDelete a set of Response Policies by specifying their IDs.
#
Base Commandcs-deletert-response-policies
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the Response Policies to delete. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-deleterulegroupsDelete rule group entities by ID.
#
Base Commandcs-deleterulegroups
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERNAME | The user id. | Required |
ids | The IDs of the rule groups to be deleted. | Required |
comment | Audit log comment for this action. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiQueryResponse.errors.code | Number | |
CrowdStrike.fwmgrapiQueryResponse.errors.id | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.message | String |
#
cs-deleterulegroups-mixin0Delete rule groups by ID.
#
Base Commandcs-deleterulegroups-mixin0
#
InputArgument Name | Description | Required |
---|---|---|
comment | Explains why the entity is being deleted. | Optional |
ids | The IDs of the entities. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String |
#
cs-deleterulesDelete rules from a rule group by ID.
#
Base Commandcs-deleterules
#
InputArgument Name | Description | Required |
---|---|---|
rule_group_id | The parent rule group. | Required |
comment | Explains why the entity is being deleted. | Optional |
ids | The IDs of the entities. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String |
#
cs-devices-countNumber of hosts in your customer account that have observed a given custom IOC.
#
Base Commandcs-devices-count
#
InputArgument Name | Description | Required |
---|---|---|
type_ | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. . | Required |
value | The string representation of the indicator. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiMsaReplyIOCDevicesCount.errors.code | Number | |
CrowdStrike.apiMsaReplyIOCDevicesCount.errors.id | String | |
CrowdStrike.apiMsaReplyIOCDevicesCount.errors.message | String | |
CrowdStrike.apiMsaReplyIOCDevicesCount.resources.device_count | Number | |
CrowdStrike.apiMsaReplyIOCDevicesCount.resources.id | String | |
CrowdStrike.apiMsaReplyIOCDevicesCount.resources.limit_exceeded | Boolean | |
CrowdStrike.apiMsaReplyIOCDevicesCount.resources.type | String | |
CrowdStrike.apiMsaReplyIOCDevicesCount.resources.value | String |
#
cs-devices-ran-onFind hosts that have observed a given custom IOC. For details about those hosts, use GET /devices/entities/devices/v2.
#
Base Commandcs-devices-ran-on
#
InputArgument Name | Description | Required |
---|---|---|
type_ | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. . | Required |
value | The string representation of the indicator. | Required |
limit | The first process to return, where 0 is the latest offset. Use with the offset meter to manage pagination of results. | Optional |
offset | The first process to return, where 0 is the latest offset. Use with the limit meter to manage pagination of results. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiMsaReplyDevicesRanOn.errors.code | Number | |
CrowdStrike.apiMsaReplyDevicesRanOn.errors.id | String | |
CrowdStrike.apiMsaReplyDevicesRanOn.errors.message | String |
#
cs-download-sensor-installer-by-idDownload sensor installer by SHA256 ID.
#
Base Commandcs-download-sensor-installer-by-id
#
InputArgument Name | Description | Required |
---|---|---|
id_ | SHA256 of the installer to download. | Required |
#
Context OutputThere is no context output for this command.
#
cs-entitiesprocessesFor the provided ProcessID retrieve the process details.
#
Base Commandcs-entitiesprocesses
#
InputArgument Name | Description | Required |
---|---|---|
ids | ProcessID for the running process you want to lookup. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiMsaProcessDetailResponse.errors.code | Number | |
CrowdStrike.apiMsaProcessDetailResponse.errors.id | String | |
CrowdStrike.apiMsaProcessDetailResponse.errors.message | String | |
CrowdStrike.apiMsaProcessDetailResponse.resources.command_line | String | |
CrowdStrike.apiMsaProcessDetailResponse.resources.device_id | String | |
CrowdStrike.apiMsaProcessDetailResponse.resources.file_name | String | |
CrowdStrike.apiMsaProcessDetailResponse.resources.process_id | String | |
CrowdStrike.apiMsaProcessDetailResponse.resources.process_id_local | String | |
CrowdStrike.apiMsaProcessDetailResponse.resources.start_timestamp | String | |
CrowdStrike.apiMsaProcessDetailResponse.resources.start_timestamp_raw | String | |
CrowdStrike.apiMsaProcessDetailResponse.resources.stop_timestamp | String | |
CrowdStrike.apiMsaProcessDetailResponse.resources.stop_timestamp_raw | String |
#
cs-get-actionsv1Get actions based on their IDs. IDs can be retrieved using the GET /queries/actions/v1 endpoint.
#
Base Commandcs-get-actionsv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | Action IDs. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainActionEntitiesResponseV1.errors.code | Number | |
CrowdStrike.domainActionEntitiesResponseV1.errors.details.field | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.details.message | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.details.message_key | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.id | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.message | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.message_key | String | |
CrowdStrike.domainActionEntitiesResponseV1.resources.cid | String | The ID of the customer who created the action. |
CrowdStrike.domainActionEntitiesResponseV1.resources.created_timestamp | String | The date when the action was created. |
CrowdStrike.domainActionEntitiesResponseV1.resources.frequency | String | |
CrowdStrike.domainActionEntitiesResponseV1.resources.id | String | The ID of the action. |
CrowdStrike.domainActionEntitiesResponseV1.resources.rule_id | String | The ID of the rule on which this action is attached. |
CrowdStrike.domainActionEntitiesResponseV1.resources.status | String | The action status. It can be either 'enabled' or 'muted'. |
CrowdStrike.domainActionEntitiesResponseV1.resources.type | String | The action type. The only type currently supported is 'email'. |
CrowdStrike.domainActionEntitiesResponseV1.resources.updated_timestamp | String | The date when the action was updated. |
CrowdStrike.domainActionEntitiesResponseV1.resources.user_uuid | String | The UUID of the user who created the action. |
#
cs-get-aggregate-detectsGet detect aggregates as specified via json in request body.
#
Base Commandcs-get-aggregate-detects
#
InputArgument Name | Description | Required |
---|---|---|
msa_aggregatequeryrequest_date_ranges | Required | |
msa_aggregatequeryrequest_field | Required | |
msa_aggregatequeryrequest_filter | Required | |
msa_aggregatequeryrequest_interval | Required | |
msa_aggregatequeryrequest_min_doc_count | Required | |
msa_aggregatequeryrequest_missing | Required | |
msa_aggregatequeryrequest_name | Required | |
msa_aggregatequeryrequest_q | Required | |
msa_aggregatequeryrequest_ranges | Required | |
msa_aggregatequeryrequest_size | Required | |
msa_aggregatequeryrequest_sort | Required | |
msa_aggregatequeryrequest_sub_aggregates | Required | |
msa_aggregatequeryrequest_time_zone | Required | |
msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaAggregatesResponse.errors.code | Number | |
CrowdStrike.msaAggregatesResponse.errors.id | String | |
CrowdStrike.msaAggregatesResponse.errors.message | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.msaAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.name | String | |
CrowdStrike.msaAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-get-artifactsDownload IOC packs, PCAP files, and other analysis artifacts.
#
Base Commandcs-get-artifacts
#
InputArgument Name | Description | Required |
---|---|---|
id_ | ID of an artifact, such as an IOC pack, PCAP file, or actor image. Find an artifact ID in a report or summary. | Required |
name | The name given to your downloaded file. | Optional |
Accept_Encoding | Format used to compress your downloaded file. Currently, you must provide the value gzip , the only valid format. | Optional |
#
Context OutputThere is no context output for this command.
#
cs-get-assessmentv1Get Zero Trust Assessment data for one or more hosts by providing agent IDs (AID) and a customer ID (CID).
#
Base Commandcs-get-assessmentv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | One or more agent IDs, which you can find in the data.zta file, or the Falcon console. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainAssessmentsResponse.errors.code | Number | |
CrowdStrike.domainAssessmentsResponse.errors.id | String | |
CrowdStrike.domainAssessmentsResponse.errors.message | String | |
CrowdStrike.domainAssessmentsResponse.resources.aid | String | |
CrowdStrike.domainAssessmentsResponse.resources.cid | String | |
CrowdStrike.domainAssessmentsResponse.resources.event_platform | String | |
CrowdStrike.domainAssessmentsResponse.resources.modified_time | String | |
CrowdStrike.domainAssessmentsResponse.resources.product_type_desc | String | |
CrowdStrike.domainAssessmentsResponse.resources.sensor_file_status | String | |
CrowdStrike.domainAssessmentsResponse.resources.system_serial_number | String |
#
cs-get-available-role-idsShow role IDs for all roles available in your customer account. For more information on each role, provide the role ID to /customer/entities/roles/v1
.
#
Base Commandcs-get-available-role-ids
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-get-behaviorsGet details on behaviors by providing behavior IDs.
#
Base Commandcs-get-behaviors
#
InputArgument Name | Description | Required |
---|---|---|
msa_idsrequest_ids | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiMsaExternalBehaviorResponse.errors.code | Number | |
CrowdStrike.apiMsaExternalBehaviorResponse.errors.id | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.errors.message | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.aid | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.behavior_id | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.cid | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.cmdline | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.compound_tto | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.detection_id | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.domain | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.filepath | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.incident_id | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.ioc_source | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.ioc_type | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.ioc_value | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.objective | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.pattern_disposition | Number | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.pattern_id | Number | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.sha256 | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.tactic | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.technique | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.template_instance_id | Number | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.timestamp | String | |
CrowdStrike.apiMsaExternalBehaviorResponse.resources.user_name | String |
#
cs-get-childrenGet link to child customer by child CID(s).
#
Base Commandcs-get-children
#
InputArgument Name | Description | Required |
---|---|---|
ids | CID of a child customer. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainChildrenResponseV1.resources.checksum | String | |
CrowdStrike.domainChildrenResponseV1.resources.child_cid | String | |
CrowdStrike.domainChildrenResponseV1.resources.child_gcid | String | |
CrowdStrike.domainChildrenResponseV1.resources.child_of | String | |
CrowdStrike.domainChildrenResponseV1.resources.name | String | |
CrowdStrike.domainChildrenResponseV1.resources.status | String |
#
cs-get-cloudconnectazure-entities-account-v1Return information about Azure account registration.
#
Base Commandcs-get-cloudconnectazure-entities-account-v1
#
InputArgument Name | Description | Required |
---|---|---|
ids | SubscriptionIDs of accounts to select for this status operation. If this is empty then all accounts are returned. | Optional |
scan_type | Type of scan, dry or full, to perform on selected accounts. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationAzureAccountResponseV1.errors.code | Number | |
CrowdStrike.registrationAzureAccountResponseV1.errors.id | String | |
CrowdStrike.registrationAzureAccountResponseV1.errors.message | String | |
CrowdStrike.registrationAzureAccountResponseV1.resources.CreatedAt | String | |
CrowdStrike.registrationAzureAccountResponseV1.resources.DeletedAt | String | |
CrowdStrike.registrationAzureAccountResponseV1.resources.ID | Number | |
CrowdStrike.registrationAzureAccountResponseV1.resources.UpdatedAt | String | |
CrowdStrike.registrationAzureAccountResponseV1.resources.cid | String | |
CrowdStrike.registrationAzureAccountResponseV1.resources.status | String | Account registration status. |
CrowdStrike.registrationAzureAccountResponseV1.resources.subscription_id | String | Azure Subscription ID. |
CrowdStrike.registrationAzureAccountResponseV1.resources.tenant_id | String | Azure Tenant ID to use. |
#
cs-get-cloudconnectazure-entities-userscriptsdownload-v1Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment.
#
Base Commandcs-get-cloudconnectazure-entities-userscriptsdownload-v1
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.errors.code | Number | |
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.errors.id | String | |
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.errors.message | String | |
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.resources.bash | String |
#
cs-get-cloudconnectcspmazure-entities-account-v1Return information about Azure account registration.
#
Base Commandcs-get-cloudconnectcspmazure-entities-account-v1
#
InputArgument Name | Description | Required |
---|---|---|
ids | SubscriptionIDs of accounts to select for this status operation. If this is empty then all accounts are returned. | Optional |
scan_type | Type of scan, dry or full, to perform on selected accounts. | Optional |
status | Account status to filter results by. | Optional |
limit | The maximum records to return. Defaults to 100. | Optional |
offset | The offset to start retrieving records from. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationAzureAccountResponseV1.errors.code | Number | |
CrowdStrike.registrationAzureAccountResponseV1.errors.id | String | |
CrowdStrike.registrationAzureAccountResponseV1.errors.message | String | |
CrowdStrike.registrationAzureAccountResponseV1.resources.CreatedAt | String | |
CrowdStrike.registrationAzureAccountResponseV1.resources.DeletedAt | String | |
CrowdStrike.registrationAzureAccountResponseV1.resources.ID | Number | |
CrowdStrike.registrationAzureAccountResponseV1.resources.UpdatedAt | String | |
CrowdStrike.registrationAzureAccountResponseV1.resources.cid | String | |
CrowdStrike.registrationAzureAccountResponseV1.resources.status | String | Account registration status. |
CrowdStrike.registrationAzureAccountResponseV1.resources.subscription_id | String | Azure Subscription ID. |
CrowdStrike.registrationAzureAccountResponseV1.resources.tenant_id | String | Azure Tenant ID to use. |
#
cs-get-cloudconnectcspmazure-entities-userscriptsdownload-v1Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment.
#
Base Commandcs-get-cloudconnectcspmazure-entities-userscriptsdownload-v1
#
InputArgument Name | Description | Required |
---|---|---|
tenant_id | Tenant ID to generate script for. Defaults to most recently registered tenant. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.errors.code | Number | |
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.errors.id | String | |
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.errors.message | String | |
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.resources.bash | String |
#
cs-get-clustersProvides the clusters acknowledged by the Kubernetes Protection service.
#
Base Commandcs-get-clusters
#
InputArgument Name | Description | Required |
---|---|---|
cluster_names | Cluster name. For EKS it will be cluster ARN. | Optional |
account_ids | Cluster Account id. For EKS it will be AWS account ID. | Optional |
locations | Cloud location. | Optional |
cluster_service | Cluster Service. Possible values are: eks. | Optional |
limit | Limit returned accounts. | Optional |
offset | Offset returned accounts. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.k8sregGetClustersResp.errors.code | Number | |
CrowdStrike.k8sregGetClustersResp.errors.id | String | |
CrowdStrike.k8sregGetClustersResp.errors.message | String | |
CrowdStrike.k8sregGetClustersResp.resources.account_id | String | |
CrowdStrike.k8sregGetClustersResp.resources.cid | String | |
CrowdStrike.k8sregGetClustersResp.resources.cluster_id | String | |
CrowdStrike.k8sregGetClustersResp.resources.cluster_name | String | |
CrowdStrike.k8sregGetClustersResp.resources.cluster_service | String | |
CrowdStrike.k8sregGetClustersResp.resources.created_at | String | |
CrowdStrike.k8sregGetClustersResp.resources.last_heartbeat_at | String | |
CrowdStrike.k8sregGetClustersResp.resources.location | String | |
CrowdStrike.k8sregGetClustersResp.resources.status | String | |
CrowdStrike.k8sregGetClustersResp.resources.updated_at | String |
#
cs-get-combined-sensor-installers-by-queryGet sensor installer details by provided query.
#
Base Commandcs-get-combined-sensor-installers-by-query
#
InputArgument Name | Description | Required |
---|---|---|
offset | The first item to return, where 0 is the latest item. Use with the limit meter to manage pagination of results. | Optional |
limit | The number of items to return in this response (default: 100, max: 500). Use with the offset meter to manage pagination of results. | Optional |
sort | Sort items using their properties. Common sort options include: ul li version|asc /li li release_date|desc /li /ul. | Optional |
filter_ | Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard includes all results. Common filter options include: ul li platform:"windows" /li li version: "5.2" /li /ul. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainSensorInstallersV1.errors.code | Number | |
CrowdStrike.domainSensorInstallersV1.errors.id | String | |
CrowdStrike.domainSensorInstallersV1.errors.message | String | |
CrowdStrike.domainSensorInstallersV1.resources.description | String | installer description. |
CrowdStrike.domainSensorInstallersV1.resources.file_size | Number | file size. |
CrowdStrike.domainSensorInstallersV1.resources.file_type | String | file type. |
CrowdStrike.domainSensorInstallersV1.resources.name | String | installer file name. |
CrowdStrike.domainSensorInstallersV1.resources.os | String | |
CrowdStrike.domainSensorInstallersV1.resources.os_version | String | |
CrowdStrike.domainSensorInstallersV1.resources.platform | String | supported platform. |
CrowdStrike.domainSensorInstallersV1.resources.release_date | String | release date. |
CrowdStrike.domainSensorInstallersV1.resources.sha256 | String | sha256. |
CrowdStrike.domainSensorInstallersV1.resources.version | String | version of the installer. |
#
cs-get-detect-summariesView information about detections.
#
Base Commandcs-get-detect-summaries
#
InputArgument Name | Description | Required |
---|---|---|
msa_idsrequest_ids | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainMsaDetectSummariesResponse.errors.code | Number | |
CrowdStrike.domainMsaDetectSummariesResponse.errors.id | String | |
CrowdStrike.domainMsaDetectSummariesResponse.errors.message | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.assigned_to_name | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.assigned_to_uid | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.alleged_filetype | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.behavior_id | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.cmdline | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.confidence | Number | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.container_id | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.control_graph_id | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.description | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.device_id | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.display_name | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.filename | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.filepath | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.ioc_description | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.ioc_source | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.ioc_type | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.ioc_value | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.md5 | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.objective | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.pattern_disposition | Number | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.rule_instance_id | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.rule_instance_version | Number | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.scenario | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.severity | Number | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.sha256 | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.tactic | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.tactic_id | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.technique | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.technique_id | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.template_instance_id | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.timestamp | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.triggering_process_graph_id | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.user_id | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.behaviors.user_name | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.cid | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.created_timestamp | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.detection_id | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.email_sent | Boolean | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.first_behavior | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.last_behavior | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.max_confidence | Number | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.max_severity | Number | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.max_severity_displayname | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.overwatch_notes | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.quarantined_files.id | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.quarantined_files.paths | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.quarantined_files.sha256 | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.quarantined_files.state | String | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.seconds_to_resolved | Number | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.seconds_to_triaged | Number | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.show_in_ui | Boolean | |
CrowdStrike.domainMsaDetectSummariesResponse.resources.status | String |
#
cs-get-device-control-policiesRetrieve a set of Device Control Policies by specifying their IDs.
#
Base Commandcs-get-device-control-policies
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the Device Control Policies to return. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesDeviceControlPoliciesV1.errors.code | Number | |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.id | String | |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.message | String | |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.platform_name | String | The name of the platform. |
#
cs-get-device-count-collection-queries-by-filterRetrieve device count collection Ids that match the provided FQL filter, criteria with scrolling enabled.
#
Base Commandcs-get-device-count-collection-queries-by-filter
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum records to return. [1-500]. | Optional |
sort | The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc". | Optional |
filter_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-get-device-detailsGet details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the /devices/queries/devices/v1 endpoint, the Falcon console or the Streaming API.
#
Base Commandcs-get-device-details
#
InputArgument Name | Description | Required |
---|---|---|
ids | The host agentIDs used to get details on. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainDeviceDetailsResponseSwagger.errors.code | Number | |
CrowdStrike.domainDeviceDetailsResponseSwagger.errors.id | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.errors.message | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.agent_load_flags | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.agent_local_time | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.agent_version | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.bios_manufacturer | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.bios_version | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.build_number | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.cid | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.config_id_base | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.config_id_build | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.config_id_platform | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.cpu_signature | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.detection_suppression_status | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.device_id | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.email | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.external_ip | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.first_login_timestamp | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.first_seen | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.group_hash | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.host_hidden_status | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.hostname | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.instance_id | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.last_login_timestamp | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.last_seen | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.local_ip | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.mac_address | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.machine_domain | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.major_version | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.minor_version | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.modified_timestamp | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.os_version | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.platform_id | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.platform_name | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.pod_host_ip4 | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.pod_host_ip6 | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.pod_hostname | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.pod_id | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.pod_ip4 | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.pod_ip6 | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.pod_name | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.pod_namespace | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.pod_service_account_name | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.pointer_size | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.policies.applied | Boolean | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.policies.applied_date | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.policies.assigned_date | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.policies.policy_id | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.policies.policy_type | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.policies.rule_set_id | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.policies.settings_hash | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.policies.uninstall_protection | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.product_type | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.product_type_desc | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.provision_status | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.reduced_functionality_mode | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.release_group | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.serial_number | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.service_pack_major | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.service_pack_minor | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.service_provider | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.service_provider_account_id | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.site_name | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.slow_changing_modified_timestamp | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.status | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.system_manufacturer | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.system_product_name | String | |
CrowdStrike.domainDeviceDetailsResponseSwagger.resources.zone_group | String |
#
cs-get-firewall-policiesRetrieve a set of Firewall Policies by specifying their IDs.
#
Base Commandcs-get-firewall-policies
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the Firewall Policies to return. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesFirewallPoliciesV1.errors.code | Number | |
CrowdStrike.responsesFirewallPoliciesV1.errors.id | String | |
CrowdStrike.responsesFirewallPoliciesV1.errors.message | String | |
CrowdStrike.responsesFirewallPoliciesV1.resources.channel_version | Number | Channel file version for the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesFirewallPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesFirewallPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesFirewallPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesFirewallPoliciesV1.resources.rule_set_id | String | Firewall rule set id. This id combines several firewall rules and gets attached to the policy. |
#
cs-get-helm-values-yamlProvides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart.
#
Base Commandcs-get-helm-values-yaml
#
InputArgument Name | Description | Required |
---|---|---|
cluster_name | Cluster name. For EKS it will be cluster ARN. | Required |
#
Context OutputThere is no context output for this command.
#
cs-get-host-groupsRetrieve a set of Host Groups by specifying their IDs.
#
Base Commandcs-get-host-groups
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the Host Groups to return. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesHostGroupsV1.errors.code | Number | |
CrowdStrike.responsesHostGroupsV1.errors.id | String | |
CrowdStrike.responsesHostGroupsV1.errors.message | String | |
CrowdStrike.responsesHostGroupsV1.resources.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesHostGroupsV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesHostGroupsV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesHostGroupsV1.resources.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesHostGroupsV1.resources.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesHostGroupsV1.resources.id | String | The identifier of this host group. |
CrowdStrike.responsesHostGroupsV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesHostGroupsV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesHostGroupsV1.resources.name | String | The name of the group. |
#
cs-get-incidentsGet details on incidents by providing incident IDs.
#
Base Commandcs-get-incidents
#
InputArgument Name | Description | Required |
---|---|---|
msa_idsrequest_ids | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiMsaExternalIncidentResponse.errors.code | Number | |
CrowdStrike.apiMsaExternalIncidentResponse.errors.id | String | |
CrowdStrike.apiMsaExternalIncidentResponse.errors.message | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.assigned_to | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.assigned_to_name | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.cid | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.created | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.description | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.end | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.events_histogram.count | Number | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.events_histogram.has_detect | Boolean | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.events_histogram.has_overwatch | Boolean | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.events_histogram.has_prevented | Boolean | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.events_histogram.timestamp_max | Number | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.events_histogram.timestamp_min | Number | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.fine_score | Number | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.agent_load_flags | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.agent_local_time | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.agent_version | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.bios_manufacturer | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.bios_version | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.cid | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.config_id_base | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.config_id_build | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.config_id_platform | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.device_id | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.external_ip | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.first_login_timestamp | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.first_login_user | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.first_seen | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.hostname | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.instance_id | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.last_login_timestamp | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.last_login_user | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.last_seen | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.local_ip | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.mac_address | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.machine_domain | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.major_version | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.minor_version | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.modified_timestamp | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.os_version | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.platform_id | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.platform_name | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.pod_id | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.pod_name | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.pod_namespace | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.pod_service_account_name | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.product_type | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.product_type_desc | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.release_group | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.service_provider | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.service_provider_account_id | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.site_name | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.status | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.system_manufacturer | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.hosts.system_product_name | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.incident_id | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.incident_type | Number | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.lm_hosts_capped | Boolean | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.modified_timestamp | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.name | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.start | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.state | String | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.status | Number | |
CrowdStrike.apiMsaExternalIncidentResponse.resources.visibility | Number |
#
cs-get-intel-actor-entitiesRetrieve specific actors using their actor IDs.
#
Base Commandcs-get-intel-actor-entities
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the actors you want to retrieve. | Required |
fields | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: __\ collection\ __. Ex: slug __full__. Defaults to __basic__. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainActorsResponse.errors.id | String | |
CrowdStrike.domainActorsResponse.errors.message | String | |
CrowdStrike.domainActorsResponse.resources.active | Boolean | |
CrowdStrike.domainActorsResponse.resources.actor_type | String | |
CrowdStrike.domainActorsResponse.resources.created_date | Number | |
CrowdStrike.domainActorsResponse.resources.description | String | |
CrowdStrike.domainActorsResponse.resources.entitlements.id | Number | |
CrowdStrike.domainActorsResponse.resources.entitlements.name | String | |
CrowdStrike.domainActorsResponse.resources.entitlements.slug | String | |
CrowdStrike.domainActorsResponse.resources.entitlements.value | String | |
CrowdStrike.domainActorsResponse.resources.first_activity_date | Number | |
CrowdStrike.domainActorsResponse.resources.id | Number | |
CrowdStrike.domainActorsResponse.resources.known_as | String | |
CrowdStrike.domainActorsResponse.resources.last_activity_date | Number | |
CrowdStrike.domainActorsResponse.resources.last_modified_date | Number | |
CrowdStrike.domainActorsResponse.resources.motivations.id | Number | |
CrowdStrike.domainActorsResponse.resources.motivations.name | String | |
CrowdStrike.domainActorsResponse.resources.motivations.slug | String | |
CrowdStrike.domainActorsResponse.resources.motivations.value | String | |
CrowdStrike.domainActorsResponse.resources.name | String | |
CrowdStrike.domainActorsResponse.resources.notify_users | Boolean | |
CrowdStrike.domainActorsResponse.resources.origins.id | Number | |
CrowdStrike.domainActorsResponse.resources.origins.name | String | |
CrowdStrike.domainActorsResponse.resources.origins.slug | String | |
CrowdStrike.domainActorsResponse.resources.origins.value | String | |
CrowdStrike.domainActorsResponse.resources.rich_text_description | String | |
CrowdStrike.domainActorsResponse.resources.short_description | String | |
CrowdStrike.domainActorsResponse.resources.slug | String | |
CrowdStrike.domainActorsResponse.resources.target_countries.id | Number | |
CrowdStrike.domainActorsResponse.resources.target_countries.name | String | |
CrowdStrike.domainActorsResponse.resources.target_countries.slug | String | |
CrowdStrike.domainActorsResponse.resources.target_countries.value | String | |
CrowdStrike.domainActorsResponse.resources.target_industries.id | Number | |
CrowdStrike.domainActorsResponse.resources.target_industries.name | String | |
CrowdStrike.domainActorsResponse.resources.target_industries.slug | String | |
CrowdStrike.domainActorsResponse.resources.target_industries.value | String | |
CrowdStrike.domainActorsResponse.resources.url | String |
#
cs-get-intel-indicator-entitiesRetrieve specific indicators using their indicator IDs.
#
Base Commandcs-get-intel-indicator-entities
#
InputArgument Name | Description | Required |
---|---|---|
msa_idsrequest_ids | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainPublicIndicatorsV3Response.errors.code | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.errors.id | String | |
CrowdStrike.domainPublicIndicatorsV3Response.errors.message | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources._marker | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.deleted | Boolean | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.id | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.indicator | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.labels.created_on | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.labels.last_valid_on | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.labels.name | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.last_updated | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.malicious_confidence | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.published_date | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.relations.created_date | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.relations.id | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.relations.indicator | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.relations.last_valid_date | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.relations.type | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.type | String |
#
cs-get-intel-report-entitiesRetrieve specific reports using their report IDs.
#
Base Commandcs-get-intel-report-entities
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the reports you want to retrieve. | Required |
fields | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: __\ collection\ __. Ex: slug __full__. Defaults to __basic__. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainNewsResponse.errors.code | Number | |
CrowdStrike.domainNewsResponse.errors.id | String | |
CrowdStrike.domainNewsResponse.errors.message | String | |
CrowdStrike.domainNewsResponse.resources.active | Boolean | |
CrowdStrike.domainNewsResponse.resources.actors.id | Number | |
CrowdStrike.domainNewsResponse.resources.actors.name | String | |
CrowdStrike.domainNewsResponse.resources.actors.slug | String | |
CrowdStrike.domainNewsResponse.resources.actors.url | String | |
CrowdStrike.domainNewsResponse.resources.attachments.id | Number | |
CrowdStrike.domainNewsResponse.resources.attachments.url | String | |
CrowdStrike.domainNewsResponse.resources.created_date | Number | |
CrowdStrike.domainNewsResponse.resources.description | String | |
CrowdStrike.domainNewsResponse.resources.entitlements.id | Number | |
CrowdStrike.domainNewsResponse.resources.entitlements.name | String | |
CrowdStrike.domainNewsResponse.resources.entitlements.slug | String | |
CrowdStrike.domainNewsResponse.resources.entitlements.value | String | |
CrowdStrike.domainNewsResponse.resources.id | Number | |
CrowdStrike.domainNewsResponse.resources.last_modified_date | Number | |
CrowdStrike.domainNewsResponse.resources.motivations.id | Number | |
CrowdStrike.domainNewsResponse.resources.motivations.name | String | |
CrowdStrike.domainNewsResponse.resources.motivations.slug | String | |
CrowdStrike.domainNewsResponse.resources.motivations.value | String | |
CrowdStrike.domainNewsResponse.resources.name | String | |
CrowdStrike.domainNewsResponse.resources.notify_users | Boolean | |
CrowdStrike.domainNewsResponse.resources.rich_text_description | String | |
CrowdStrike.domainNewsResponse.resources.short_description | String | |
CrowdStrike.domainNewsResponse.resources.slug | String | |
CrowdStrike.domainNewsResponse.resources.tags.id | Number | |
CrowdStrike.domainNewsResponse.resources.tags.name | String | |
CrowdStrike.domainNewsResponse.resources.tags.slug | String | |
CrowdStrike.domainNewsResponse.resources.tags.value | String | |
CrowdStrike.domainNewsResponse.resources.target_countries.id | Number | |
CrowdStrike.domainNewsResponse.resources.target_countries.name | String | |
CrowdStrike.domainNewsResponse.resources.target_countries.slug | String | |
CrowdStrike.domainNewsResponse.resources.target_countries.value | String | |
CrowdStrike.domainNewsResponse.resources.target_industries.id | Number | |
CrowdStrike.domainNewsResponse.resources.target_industries.name | String | |
CrowdStrike.domainNewsResponse.resources.target_industries.slug | String | |
CrowdStrike.domainNewsResponse.resources.target_industries.value | String | |
CrowdStrike.domainNewsResponse.resources.url | String |
#
cs-get-intel-reportpdfReturn a Report PDF attachment.
#
Base Commandcs-get-intel-reportpdf
#
InputArgument Name | Description | Required |
---|---|---|
id_ | The ID of the report you want to download as a PDF. | Required |
#
Context OutputThere is no context output for this command.
#
cs-get-intel-rule-entitiesRetrieve details for rule sets for the specified ids.
#
Base Commandcs-get-intel-rule-entities
#
InputArgument Name | Description | Required |
---|---|---|
ids | The ids of rules to return. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainRulesResponse.errors.code | Number | |
CrowdStrike.domainRulesResponse.errors.id | String | |
CrowdStrike.domainRulesResponse.errors.message | String | |
CrowdStrike.domainRulesResponse.resources.created_date | Number | |
CrowdStrike.domainRulesResponse.resources.description | String | |
CrowdStrike.domainRulesResponse.resources.id | Number | |
CrowdStrike.domainRulesResponse.resources.last_modified_date | Number | |
CrowdStrike.domainRulesResponse.resources.name | String | |
CrowdStrike.domainRulesResponse.resources.rich_text_description | String | |
CrowdStrike.domainRulesResponse.resources.short_description | String | |
CrowdStrike.domainRulesResponse.resources.type | String |
#
cs-get-intel-rule-fileDownload earlier rule sets.
#
Base Commandcs-get-intel-rule-file
#
InputArgument Name | Description | Required |
---|---|---|
Accept | Choose the format you want the rule set in. | Optional |
id_ | The ID of the rule set. | Required |
format | Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip. | Optional |
#
Context OutputThere is no context output for this command.
#
cs-get-latest-intel-rule-fileDownload the latest rule set.
#
Base Commandcs-get-latest-intel-rule-file
#
InputArgument Name | Description | Required |
---|---|---|
Accept | Choose the format you want the rule set in. | Optional |
type_ | The rule news report type. Accepted values: snort-suricata-master snort-suricata-update snort-suricata-changelog yara-master yara-update yara-changelog common-event-format netwitness. | Required |
format | Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip. | Optional |
#
Context OutputThere is no context output for this command.
#
cs-get-locationsProvides the cloud locations acknowledged by the Kubernetes Protection service.
#
Base Commandcs-get-locations
#
InputArgument Name | Description | Required |
---|---|---|
clouds | Cloud Provider. Possible values are: aws, azure, gcp. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.k8sregGetLocationsResp.errors.code | Number | |
CrowdStrike.k8sregGetLocationsResp.errors.id | String | |
CrowdStrike.k8sregGetLocationsResp.errors.message | String | |
CrowdStrike.k8sregGetLocationsResp.resources.cloud | String | |
CrowdStrike.k8sregGetLocationsResp.resources.location | String |
#
cs-get-mal-query-downloadv1Download a file indexed by MalQuery. Specify the file using its SHA256. Only one file is supported at this time.
#
Base Commandcs-get-mal-query-downloadv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | The file SHA256. | Required |
#
Context OutputThere is no context output for this command.
#
cs-get-mal-query-entities-samples-fetchv1Fetch a zip archive with password 'infected' containing the samples. Call this once the /entities/samples-multidownload request has finished processing.
#
Base Commandcs-get-mal-query-entities-samples-fetchv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | Multidownload job id. | Required |
#
Context OutputThere is no context output for this command.
#
cs-get-mal-query-metadatav1Retrieve indexed files metadata by their hash.
#
Base Commandcs-get-mal-query-metadatav1
#
InputArgument Name | Description | Required |
---|---|---|
ids | The file SHA256. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.malquerySampleMetadataResponse.errors.code | Number | |
CrowdStrike.malquerySampleMetadataResponse.errors.id | String | |
CrowdStrike.malquerySampleMetadataResponse.errors.message | String | |
CrowdStrike.malquerySampleMetadataResponse.errors.type | String | |
CrowdStrike.malquerySampleMetadataResponse.resources.family | String | Sample family. |
CrowdStrike.malquerySampleMetadataResponse.resources.filesize | Number | Sample size. |
CrowdStrike.malquerySampleMetadataResponse.resources.filetype | String | Sample file type. |
CrowdStrike.malquerySampleMetadataResponse.resources.first_seen | String | Date when it was first seen. |
CrowdStrike.malquerySampleMetadataResponse.resources.label | String | Sample label. |
CrowdStrike.malquerySampleMetadataResponse.resources.md5 | String | Sample MD5. |
CrowdStrike.malquerySampleMetadataResponse.resources.sha1 | String | Sample SHA1. |
CrowdStrike.malquerySampleMetadataResponse.resources.sha256 | String | Sample SHA256. |
#
cs-get-mal-query-quotasv1Get information about search and download quotas in your environment.
#
Base Commandcs-get-mal-query-quotasv1
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.malqueryRateLimitsResponse.errors.code | Number | |
CrowdStrike.malqueryRateLimitsResponse.errors.id | String | |
CrowdStrike.malqueryRateLimitsResponse.errors.message | String |
#
cs-get-mal-query-requestv1Check the status and results of an asynchronous request, such as hunt or exact-search. Supports a single request id at this time.
#
Base Commandcs-get-mal-query-requestv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | Identifier of a MalQuery request. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.malqueryRequestResponse.errors.code | Number | |
CrowdStrike.malqueryRequestResponse.errors.id | String | |
CrowdStrike.malqueryRequestResponse.errors.message | String | |
CrowdStrike.malqueryRequestResponse.errors.type | String | |
CrowdStrike.malqueryRequestResponse.resources.family | String | Sample family. |
CrowdStrike.malqueryRequestResponse.resources.filesize | Number | Sample size. |
CrowdStrike.malqueryRequestResponse.resources.filetype | String | Sample file type. |
CrowdStrike.malqueryRequestResponse.resources.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryRequestResponse.resources.ignore_reason | String | Reason why the resource is ignored. |
CrowdStrike.malqueryRequestResponse.resources.label | String | Sample label. |
CrowdStrike.malqueryRequestResponse.resources.label_confidence | String | Resource label confidence. |
CrowdStrike.malqueryRequestResponse.resources.md5 | String | Sample MD5. |
CrowdStrike.malqueryRequestResponse.resources.pattern | String | Search pattern. |
CrowdStrike.malqueryRequestResponse.resources.pattern_type | String | Search pattern type. |
CrowdStrike.malqueryRequestResponse.resources.samples.family | String | Sample family. |
CrowdStrike.malqueryRequestResponse.resources.samples.filesize | Number | Sample size. |
CrowdStrike.malqueryRequestResponse.resources.samples.filetype | String | Sample file type. |
CrowdStrike.malqueryRequestResponse.resources.samples.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryRequestResponse.resources.samples.label | String | Sample label. |
CrowdStrike.malqueryRequestResponse.resources.samples.md5 | String | Sample MD5. |
CrowdStrike.malqueryRequestResponse.resources.samples.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryRequestResponse.resources.samples.sha256 | String | Sample SHA256. |
CrowdStrike.malqueryRequestResponse.resources.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryRequestResponse.resources.sha256 | String | Sample SHA256. |
CrowdStrike.malqueryRequestResponse.resources.yara_rule | String | Search YARA rule. |
#
cs-get-notifications-detailed-translatedv1Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match.This endpoint will return translated notification content. The only target language available is English. A single notification can be translated per request.
#
Base Commandcs-get-notifications-detailed-translatedv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | Notification IDs. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainNotificationDetailsResponseV1.errors.code | Number | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.details.field | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.details.message | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.details.message_key | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.id | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.message | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.message_key | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.code | Number | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.details.field | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.details.message | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.details.message_key | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.id | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.message | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.message_key | String |
#
cs-get-notifications-detailedv1Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match.
#
Base Commandcs-get-notifications-detailedv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | Notification IDs. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainNotificationDetailsResponseV1.errors.code | Number | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.details.field | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.details.message | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.details.message_key | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.id | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.message | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.message_key | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.code | Number | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.details.field | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.details.message | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.details.message_key | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.id | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.message | String | |
CrowdStrike.domainNotificationDetailsResponseV1.errors.message_key | String |
#
cs-get-notifications-translatedv1Get notifications based on their IDs. IDs can be retrieved using the GET /queries/notifications/v1 endpoint. This endpoint will return translated notification content. The only target language available is English.
#
Base Commandcs-get-notifications-translatedv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | Notification IDs. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainNotificationEntitiesResponseV1.errors.code | Number | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.field | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.message | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.message_key | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.id | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.message | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.message_key | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_uid | String | The email of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_username | String | The name of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_uuid | String | The unique ID of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.created_date | String | The date when the notification was generated. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.id | String | The ID of the notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_date | String | Timestamp when the intelligence item is considered to have been posted. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_id | String | ID of the intelligence item which generated the match. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_type | String | Type of intelligence item based on format, e.g. post, reply, botnet_config. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_id | String | The ID of the rule that generated this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_name | String | The name of the rule that generated this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_priority | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_topic | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.status | String | The notification status. This can be one of: new, in-progress, closed-false-positive, closed-true-positive. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.updated_date | String | The date when the notification was updated. |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.code | Number | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.field | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.message | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.message_key | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.id | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.message | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.message_key | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_uid | String | The email of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_username | String | The name of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_uuid | String | The unique ID of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.created_date | String | The date when the notification was generated. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.id | String | The ID of the notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_date | String | Timestamp when the intelligence item is considered to have been posted. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_id | String | ID of the intelligence item which generated the match. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_type | String | Type of intelligence item based on format, e.g. post, reply, botnet_config. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_id | String | The ID of the rule that generated this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_name | String | The name of the rule that generated this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_priority | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_topic | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.status | String | The notification status. This can be one of: new, in-progress, closed-false-positive, closed-true-positive. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.updated_date | String | The date when the notification was updated. |
#
cs-get-notificationsv1Get notifications based on their IDs. IDs can be retrieved using the GET /queries/notifications/v1 endpoint.
#
Base Commandcs-get-notificationsv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | Notification IDs. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainNotificationEntitiesResponseV1.errors.code | Number | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.field | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.message | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.message_key | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.id | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.message | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.message_key | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_uid | String | The email of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_username | String | The name of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_uuid | String | The unique ID of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.created_date | String | The date when the notification was generated. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.id | String | The ID of the notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_date | String | Timestamp when the intelligence item is considered to have been posted. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_id | String | ID of the intelligence item which generated the match. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_type | String | Type of intelligence item based on format, e.g. post, reply, botnet_config. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_id | String | The ID of the rule that generated this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_name | String | The name of the rule that generated this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_priority | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_topic | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.status | String | The notification status. This can be one of: new, in-progress, closed-false-positive, closed-true-positive. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.updated_date | String | The date when the notification was updated. |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.code | Number | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.field | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.message | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.message_key | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.id | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.message | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.message_key | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_uid | String | The email of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_username | String | The name of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_uuid | String | The unique ID of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.created_date | String | The date when the notification was generated. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.id | String | The ID of the notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_date | String | Timestamp when the intelligence item is considered to have been posted. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_id | String | ID of the intelligence item which generated the match. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_type | String | Type of intelligence item based on format, e.g. post, reply, botnet_config. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_id | String | The ID of the rule that generated this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_name | String | The name of the rule that generated this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_priority | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_topic | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.status | String | The notification status. This can be one of: new, in-progress, closed-false-positive, closed-true-positive. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.updated_date | String | The date when the notification was updated. |
#
cs-get-prevention-policiesRetrieve a set of Prevention Policies by specifying their IDs.
#
Base Commandcs-get-prevention-policies
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the Prevention Policies to return. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesPreventionPoliciesV1.errors.code | Number | |
CrowdStrike.responsesPreventionPoliciesV1.errors.id | String | |
CrowdStrike.responsesPreventionPoliciesV1.errors.message | String | |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesPreventionPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.name | String | The name of the category. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
CrowdStrike.responsesPreventionPoliciesV1.errors.code | Number | |
CrowdStrike.responsesPreventionPoliciesV1.errors.id | String | |
CrowdStrike.responsesPreventionPoliciesV1.errors.message | String | |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesPreventionPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.name | String | The name of the category. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
#
cs-get-reportsGet a full sandbox report.
#
Base Commandcs-get-reports
#
InputArgument Name | Description | Required |
---|---|---|
ids | ID of a report. Find a report ID from the response when submitting a malware sample or search with /falconx/queries/reports/v1 . | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.falconxReportV1Response.errors.code | Number | |
CrowdStrike.falconxReportV1Response.errors.id | String | |
CrowdStrike.falconxReportV1Response.errors.message | String | |
CrowdStrike.falconxReportV1Response.resources.cid | String | |
CrowdStrike.falconxReportV1Response.resources.created_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.id | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.created_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.description | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.first_activity_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.id | Number | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.image_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.known_as | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.last_activity_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.name | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.origins.id | Number | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.origins.name | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.origins.slug | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.origins.value | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.short_description | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.slug | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_countries.id | Number | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_countries.name | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_countries.slug | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_countries.value | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_industries.id | Number | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_industries.name | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_industries.slug | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_industries.value | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.thumbnail_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.intel.related_indicators.created_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.intel.related_indicators.id | String | |
CrowdStrike.falconxReportV1Response.resources.intel.related_indicators.type | String | |
CrowdStrike.falconxReportV1Response.resources.intel.related_indicators.updated_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.intel.related_indicators.value | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_broad_csv_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_broad_json_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_broad_maec_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_broad_stix_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_strict_csv_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_strict_json_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_strict_maec_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_strict_stix_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.errors.code | Number | |
CrowdStrike.falconxReportV1Response.resources.malquery.errors.message | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.input | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.family | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.file_size | Number | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.file_type | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.first_seen_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.label | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.md5 | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.sha1 | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.sha256 | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.type | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.verdict | String | |
CrowdStrike.falconxReportV1Response.resources.origin | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.architecture | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.contacted_hosts.address | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.contacted_hosts.associated_runtime.name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.contacted_hosts.associated_runtime.pid | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.contacted_hosts.compromised | Boolean | |
CrowdStrike.falconxReportV1Response.resources.sandbox.contacted_hosts.country | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.contacted_hosts.port | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.contacted_hosts.protocol | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.address | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.compromised | Boolean | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.country | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.domain | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.registrar_creation_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.registrar_name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.registrar_name_servers | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.registrar_organization | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.environment_description | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.environment_id | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.error_message | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.error_origin | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.error_type | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.description | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.file_available_to_download | Boolean | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.file_path | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.file_size | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.md5 | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.runtime_process | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.sha1 | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.sha256 | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.threat_level | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.threat_level_readable | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_interesting_strings.filename | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_interesting_strings.process | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_interesting_strings.source | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_interesting_strings.type | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_interesting_strings.value | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.file_imports.module | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.file_size | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.file_type | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.header | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.host | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.host_ip | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.host_port | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.method | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.response_code | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.response_phrase | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.url | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.incidents.name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.ioc_report_broad_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.ioc_report_strict_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.memory_forensics.stream_uid | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.memory_forensics.value | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.memory_strings_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.mitre_attacks.attack_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.mitre_attacks.tactic | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.mitre_attacks.technique | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.packer | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.pcap_report_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.command_line | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.file_accesses.mask | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.file_accesses.path | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.file_accesses.type | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.handles.id | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.handles.path | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.handles.type | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.icon_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.normalized_path | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.parent_uid | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.pid | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.process_flags.data | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.process_flags.name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.registry.key | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.registry.operation | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.registry.path | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.registry.status | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.registry.status_human_readable | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.registry.value | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.cls_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.dispatch_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.parameters.argument_number | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.parameters.comment | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.parameters.meaning | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.parameters.name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.parameters.value | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.result | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.status | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.sha256 | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.streams.executed | Boolean | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.streams.file_name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.streams.human_keywords | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.streams.instructions_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.streams.matched_signatures.id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.streams.matched_signatures.value | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.streams.uid | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.uid | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.sha256 | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.attack_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.category | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.description | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.identifier | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.origin | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.relevance | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.threat_level | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.threat_level_human | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.type | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.submission_type | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.submit_name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.submit_url | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.suricata_alerts.category | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.suricata_alerts.description | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.suricata_alerts.destination_ip | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.suricata_alerts.destination_port | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.suricata_alerts.protocol | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.suricata_alerts.sid | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.target_url | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.threat_score | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.verdict | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.version_info.id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.version_info.value | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.windows_version_bitness | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.windows_version_edition | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.windows_version_name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.windows_version_service_pack | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.windows_version_version | String | |
CrowdStrike.falconxReportV1Response.resources.user_id | String | |
CrowdStrike.falconxReportV1Response.resources.user_name | String | |
CrowdStrike.falconxReportV1Response.resources.user_uuid | String | |
CrowdStrike.falconxReportV1Response.resources.verdict | String | |
CrowdStrike.falconxReportV1Response.errors.code | Number | |
CrowdStrike.falconxReportV1Response.errors.id | String | |
CrowdStrike.falconxReportV1Response.errors.message | String | |
CrowdStrike.falconxReportV1Response.resources.cid | String | |
CrowdStrike.falconxReportV1Response.resources.created_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.id | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.created_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.description | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.first_activity_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.id | Number | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.image_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.known_as | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.last_activity_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.name | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.origins.id | Number | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.origins.name | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.origins.slug | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.origins.value | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.short_description | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.slug | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_countries.id | Number | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_countries.name | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_countries.slug | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_countries.value | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_industries.id | Number | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_industries.name | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_industries.slug | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.target_industries.value | String | |
CrowdStrike.falconxReportV1Response.resources.intel.actors.thumbnail_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.intel.related_indicators.created_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.intel.related_indicators.id | String | |
CrowdStrike.falconxReportV1Response.resources.intel.related_indicators.type | String | |
CrowdStrike.falconxReportV1Response.resources.intel.related_indicators.updated_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.intel.related_indicators.value | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_broad_csv_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_broad_json_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_broad_maec_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_broad_stix_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_strict_csv_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_strict_json_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_strict_maec_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.ioc_report_strict_stix_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.errors.code | Number | |
CrowdStrike.falconxReportV1Response.resources.malquery.errors.message | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.input | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.family | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.file_size | Number | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.file_type | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.first_seen_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.label | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.md5 | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.sha1 | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.resources.sha256 | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.type | String | |
CrowdStrike.falconxReportV1Response.resources.malquery.verdict | String | |
CrowdStrike.falconxReportV1Response.resources.origin | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.architecture | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.contacted_hosts.address | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.contacted_hosts.associated_runtime.name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.contacted_hosts.associated_runtime.pid | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.contacted_hosts.compromised | Boolean | |
CrowdStrike.falconxReportV1Response.resources.sandbox.contacted_hosts.country | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.contacted_hosts.port | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.contacted_hosts.protocol | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.address | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.compromised | Boolean | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.country | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.domain | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.registrar_creation_timestamp | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.registrar_name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.registrar_name_servers | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.dns_requests.registrar_organization | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.environment_description | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.environment_id | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.error_message | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.error_origin | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.error_type | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.description | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.file_available_to_download | Boolean | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.file_path | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.file_size | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.md5 | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.runtime_process | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.sha1 | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.sha256 | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.threat_level | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_files.threat_level_readable | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_interesting_strings.filename | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_interesting_strings.process | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_interesting_strings.source | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_interesting_strings.type | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.extracted_interesting_strings.value | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.file_imports.module | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.file_size | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.file_type | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.header | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.host | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.host_ip | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.host_port | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.method | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.response_code | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.response_phrase | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.http_requests.url | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.incidents.name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.ioc_report_broad_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.ioc_report_strict_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.memory_forensics.stream_uid | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.memory_forensics.value | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.memory_strings_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.mitre_attacks.attack_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.mitre_attacks.tactic | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.mitre_attacks.technique | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.packer | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.pcap_report_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.command_line | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.file_accesses.mask | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.file_accesses.path | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.file_accesses.type | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.handles.id | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.handles.path | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.handles.type | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.icon_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.normalized_path | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.parent_uid | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.pid | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.process_flags.data | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.process_flags.name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.registry.key | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.registry.operation | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.registry.path | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.registry.status | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.registry.status_human_readable | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.registry.value | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.cls_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.dispatch_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.parameters.argument_number | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.parameters.comment | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.parameters.meaning | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.parameters.name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.parameters.value | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.result | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.script_calls.status | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.sha256 | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.streams.executed | Boolean | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.streams.file_name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.streams.human_keywords | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.streams.instructions_artifact_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.streams.matched_signatures.id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.streams.matched_signatures.value | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.streams.uid | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.processes.uid | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.sha256 | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.attack_id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.category | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.description | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.identifier | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.origin | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.relevance | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.threat_level | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.threat_level_human | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.signatures.type | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.submission_type | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.submit_name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.submit_url | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.suricata_alerts.category | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.suricata_alerts.description | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.suricata_alerts.destination_ip | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.suricata_alerts.destination_port | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.suricata_alerts.protocol | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.suricata_alerts.sid | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.target_url | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.threat_score | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.verdict | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.version_info.id | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.version_info.value | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.windows_version_bitness | Number | |
CrowdStrike.falconxReportV1Response.resources.sandbox.windows_version_edition | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.windows_version_name | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.windows_version_service_pack | String | |
CrowdStrike.falconxReportV1Response.resources.sandbox.windows_version_version | String | |
CrowdStrike.falconxReportV1Response.resources.user_id | String | |
CrowdStrike.falconxReportV1Response.resources.user_name | String | |
CrowdStrike.falconxReportV1Response.resources.user_uuid | String | |
CrowdStrike.falconxReportV1Response.resources.verdict | String |
#
cs-get-rolesGet info about a role.
#
Base Commandcs-get-roles
#
InputArgument Name | Description | Required |
---|---|---|
ids | ID of a role. Find a role ID from /customer/queries/roles/v1 or /users/queries/roles/v1 . | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainUserRoleResponse.errors.code | Number | |
CrowdStrike.domainUserRoleResponse.errors.id | String | |
CrowdStrike.domainUserRoleResponse.errors.message | String | |
CrowdStrike.domainUserRoleResponse.resources.cid | String | |
CrowdStrike.domainUserRoleResponse.resources.description | String | |
CrowdStrike.domainUserRoleResponse.resources.display_name | String | |
CrowdStrike.domainUserRoleResponse.resources.id | String | |
CrowdStrike.domainUserRoleResponse.errors.code | Number | |
CrowdStrike.domainUserRoleResponse.errors.id | String | |
CrowdStrike.domainUserRoleResponse.errors.message | String | |
CrowdStrike.domainUserRoleResponse.resources.cid | String | |
CrowdStrike.domainUserRoleResponse.resources.description | String | |
CrowdStrike.domainUserRoleResponse.resources.display_name | String | |
CrowdStrike.domainUserRoleResponse.resources.id | String |
#
cs-get-roles-byidGet MSSP Role assignment(s). MSSP Role assignment is of the format :.
#
Base Commandcs-get-roles-byid
#
InputArgument Name | Description | Required |
---|---|---|
ids | MSSP Role assignment is of the format user_group_id : cid_group_id. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainMSSPRoleResponseV1.errors.code | Number | |
CrowdStrike.domainMSSPRoleResponseV1.errors.id | String | |
CrowdStrike.domainMSSPRoleResponseV1.errors.message | String | |
CrowdStrike.domainMSSPRoleResponseV1.resources.cid_group_id | String | |
CrowdStrike.domainMSSPRoleResponseV1.resources.id | String | |
CrowdStrike.domainMSSPRoleResponseV1.resources.user_group_id | String | |
CrowdStrike.domainMSSPRoleResponseV1.errors.code | Number | |
CrowdStrike.domainMSSPRoleResponseV1.errors.id | String | |
CrowdStrike.domainMSSPRoleResponseV1.errors.message | String | |
CrowdStrike.domainMSSPRoleResponseV1.resources.cid_group_id | String | |
CrowdStrike.domainMSSPRoleResponseV1.resources.id | String | |
CrowdStrike.domainMSSPRoleResponseV1.resources.user_group_id | String |
#
cs-get-rulesv1Get monitoring rules rules by provided IDs.
#
Base Commandcs-get-rulesv1
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERUUID | User UUID. | Optional |
ids | IDs of rules. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainRulesEntitiesResponseV1.errors.code | Number | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.details.field | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.details.message | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.details.message_key | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.id | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.message | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.message_key | String | |
CrowdStrike.domainRulesEntitiesResponseV1.resources.cid | String | |
CrowdStrike.domainRulesEntitiesResponseV1.resources.created_timestamp | String | The creation time for a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.filter | String | The FQL filter contained in a rule and used for searching. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.id | String | The ID of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.name | String | The name for a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.permissions | String | The permissions of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.priority | String | The priority of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.status | String | The status of a rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.status_message | String | The detailed status message. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.topic | String | The topic of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.updated_timestamp | String | The last updated time for a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.user_id | String | The user ID of the user that created a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.user_name | String | The user name of the user that created a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.user_uuid | String | The UUID of the user that created a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.errors.code | Number | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.details.field | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.details.message | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.details.message_key | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.id | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.message | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.message_key | String | |
CrowdStrike.domainRulesEntitiesResponseV1.resources.cid | String | |
CrowdStrike.domainRulesEntitiesResponseV1.resources.created_timestamp | String | The creation time for a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.filter | String | The FQL filter contained in a rule and used for searching. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.id | String | The ID of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.name | String | The name for a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.permissions | String | The permissions of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.priority | String | The priority of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.status | String | The status of a rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.status_message | String | The detailed status message. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.topic | String | The topic of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.updated_timestamp | String | The last updated time for a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.user_id | String | The user ID of the user that created a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.user_name | String | The user name of the user that created a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.user_uuid | String | The UUID of the user that created a given rule. |
#
cs-get-samplev2Retrieves the file associated with the given ID (SHA256).
#
Base Commandcs-get-samplev2
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERUUID | User UUID. | Optional |
ids | The file SHA256. | Required |
password_protected | Flag whether the sample should be zipped and password protected with pass='infected'. | Optional |
#
Context OutputThere is no context output for this command.
#
cs-get-samplev3Retrieves the file associated with the given ID (SHA256).
#
Base Commandcs-get-samplev3
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERUUID | User UUID. | Optional |
ids | The file SHA256. | Required |
password_protected | Flag whether the sample should be zipped and password protected with pass='infected'. | Optional |
#
Context OutputThere is no context output for this command.
#
cs-get-scansCheck the status of a volume scan. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute.
#
Base Commandcs-get-scans
#
InputArgument Name | Description | Required |
---|---|---|
ids | ID of a submitted scan. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.mlscannerScanV1Response.errors.code | Number | |
CrowdStrike.mlscannerScanV1Response.errors.id | String | |
CrowdStrike.mlscannerScanV1Response.errors.message | String | |
CrowdStrike.mlscannerScanV1Response.resources.cid | String | |
CrowdStrike.mlscannerScanV1Response.resources.created_timestamp | String | |
CrowdStrike.mlscannerScanV1Response.resources.id | String | |
CrowdStrike.mlscannerScanV1Response.resources.samples.error | String | |
CrowdStrike.mlscannerScanV1Response.resources.samples.sha256 | String | |
CrowdStrike.mlscannerScanV1Response.resources.samples.verdict | String | |
CrowdStrike.mlscannerScanV1Response.resources.status | String | |
CrowdStrike.mlscannerScanV1Response.errors.code | Number | |
CrowdStrike.mlscannerScanV1Response.errors.id | String | |
CrowdStrike.mlscannerScanV1Response.errors.message | String | |
CrowdStrike.mlscannerScanV1Response.resources.cid | String | |
CrowdStrike.mlscannerScanV1Response.resources.created_timestamp | String | |
CrowdStrike.mlscannerScanV1Response.resources.id | String | |
CrowdStrike.mlscannerScanV1Response.resources.samples.error | String | |
CrowdStrike.mlscannerScanV1Response.resources.samples.sha256 | String | |
CrowdStrike.mlscannerScanV1Response.resources.samples.verdict | String | |
CrowdStrike.mlscannerScanV1Response.resources.status | String |
#
cs-get-scans-aggregatesGet scans aggregations as specified via json in request body.
#
Base Commandcs-get-scans-aggregates
#
InputArgument Name | Description | Required |
---|---|---|
msa_aggregatequeryrequest_date_ranges | Required | |
msa_aggregatequeryrequest_field | Required | |
msa_aggregatequeryrequest_filter | Required | |
msa_aggregatequeryrequest_interval | Required | |
msa_aggregatequeryrequest_min_doc_count | Required | |
msa_aggregatequeryrequest_missing | Required | |
msa_aggregatequeryrequest_name | Required | |
msa_aggregatequeryrequest_q | Required | |
msa_aggregatequeryrequest_ranges | Required | |
msa_aggregatequeryrequest_size | Required | |
msa_aggregatequeryrequest_sort | Required | |
msa_aggregatequeryrequest_sub_aggregates | Required | |
msa_aggregatequeryrequest_time_zone | Required | |
msa_aggregatequeryrequest_type | Required |
#
Context OutputThere is no context output for this command.
#
cs-get-sensor-installers-by-queryGet sensor installer IDs by provided query.
#
Base Commandcs-get-sensor-installers-by-query
#
InputArgument Name | Description | Required |
---|---|---|
offset | The first item to return, where 0 is the latest item. Use with the limit meter to manage pagination of results. | Optional |
limit | The number of items to return in this response (default: 100, max: 500). Use with the offset meter to manage pagination of results. | Optional |
sort | Sort items using their properties. Common sort options include: ul li version|asc /li li release_date|desc /li /ul. | Optional |
filter_ | Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard includes all results. Common filter options include: ul li platform:"windows" /li li version: "5.2" /li /ul. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-get-sensor-installers-entitiesGet sensor installer details by provided SHA256 IDs.
#
Base Commandcs-get-sensor-installers-entities
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the installers. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainSensorInstallersV1.errors.code | Number | |
CrowdStrike.domainSensorInstallersV1.errors.id | String | |
CrowdStrike.domainSensorInstallersV1.errors.message | String | |
CrowdStrike.domainSensorInstallersV1.resources.description | String | installer description. |
CrowdStrike.domainSensorInstallersV1.resources.file_size | Number | file size. |
CrowdStrike.domainSensorInstallersV1.resources.file_type | String | file type. |
CrowdStrike.domainSensorInstallersV1.resources.name | String | installer file name. |
CrowdStrike.domainSensorInstallersV1.resources.os | String | |
CrowdStrike.domainSensorInstallersV1.resources.os_version | String | |
CrowdStrike.domainSensorInstallersV1.resources.platform | String | supported platform. |
CrowdStrike.domainSensorInstallersV1.resources.release_date | String | release date. |
CrowdStrike.domainSensorInstallersV1.resources.sha256 | String | sha256. |
CrowdStrike.domainSensorInstallersV1.resources.version | String | version of the installer. |
CrowdStrike.domainSensorInstallersV1.errors.code | Number | |
CrowdStrike.domainSensorInstallersV1.errors.id | String | |
CrowdStrike.domainSensorInstallersV1.errors.message | String | |
CrowdStrike.domainSensorInstallersV1.resources.description | String | installer description. |
CrowdStrike.domainSensorInstallersV1.resources.file_size | Number | file size. |
CrowdStrike.domainSensorInstallersV1.resources.file_type | String | file type. |
CrowdStrike.domainSensorInstallersV1.resources.name | String | installer file name. |
CrowdStrike.domainSensorInstallersV1.resources.os | String | |
CrowdStrike.domainSensorInstallersV1.resources.os_version | String | |
CrowdStrike.domainSensorInstallersV1.resources.platform | String | supported platform. |
CrowdStrike.domainSensorInstallersV1.resources.release_date | String | release date. |
CrowdStrike.domainSensorInstallersV1.resources.sha256 | String | sha256. |
CrowdStrike.domainSensorInstallersV1.resources.version | String | version of the installer. |
#
cs-get-sensor-installersccid-by-queryGet CCID to use with sensor installers.
#
Base Commandcs-get-sensor-installersccid-by-query
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-get-sensor-update-policiesRetrieve a set of Sensor Update Policies by specifying their IDs.
#
Base Commandcs-get-sensor-update-policies
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the Sensor Update Policies to return. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.code | Number | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.id | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.message | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.code | Number | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.id | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.message | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.platform_name | String | The name of the platform. |
#
cs-get-sensor-update-policiesv2Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs.
#
Base Commandcs-get-sensor-update-policiesv2
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the Sensor Update Policies to return. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.code | Number | |
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.id | String | |
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.message | String | |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.code | Number | |
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.id | String | |
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.message | String | |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.platform_name | String | The name of the platform. |
#
cs-get-sensor-visibility-exclusionsv1Get a set of Sensor Visibility Exclusions by specifying their IDs.
#
Base Commandcs-get-sensor-visibility-exclusionsv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | The ids of the exclusions to retrieve. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesSvExclusionRespV1.errors.code | Number | |
CrowdStrike.responsesSvExclusionRespV1.errors.id | String | |
CrowdStrike.responsesSvExclusionRespV1.errors.message | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.applied_globally | Boolean | |
CrowdStrike.responsesSvExclusionRespV1.resources.created_by | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.created_on | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSvExclusionRespV1.resources.id | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.last_modified | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.modified_by | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.regexp_value | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.value | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.value_hash | String | |
CrowdStrike.responsesSvExclusionRespV1.errors.code | Number | |
CrowdStrike.responsesSvExclusionRespV1.errors.id | String | |
CrowdStrike.responsesSvExclusionRespV1.errors.message | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.applied_globally | Boolean | |
CrowdStrike.responsesSvExclusionRespV1.resources.created_by | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.created_on | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSvExclusionRespV1.resources.id | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.last_modified | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.modified_by | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.regexp_value | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.value | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.value_hash | String |
#
cs-get-submissionsCheck the status of a sandbox analysis. Time required for analysis varies but is usually less than 15 minutes.
#
Base Commandcs-get-submissions
#
InputArgument Name | Description | Required |
---|---|---|
ids | ID of a submitted malware sample. Find a submission ID from the response when submitting a malware sample or search with /falconx/queries/submissions/v1 . | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.falconxSubmissionV1Response.errors.code | Number | |
CrowdStrike.falconxSubmissionV1Response.errors.id | String | |
CrowdStrike.falconxSubmissionV1Response.errors.message | String | |
CrowdStrike.falconxSubmissionV1Response.resources.cid | String | |
CrowdStrike.falconxSubmissionV1Response.resources.created_timestamp | String | |
CrowdStrike.falconxSubmissionV1Response.resources.id | String | |
CrowdStrike.falconxSubmissionV1Response.resources.origin | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.action_script | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.command_line | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.document_password | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.enable_tor | Boolean | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.environment_id | Number | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.sha256 | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.submit_name | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.system_date | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.system_time | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.url | String | |
CrowdStrike.falconxSubmissionV1Response.resources.state | String | |
CrowdStrike.falconxSubmissionV1Response.resources.user_id | String | |
CrowdStrike.falconxSubmissionV1Response.resources.user_name | String | |
CrowdStrike.falconxSubmissionV1Response.resources.user_uuid | String | |
CrowdStrike.falconxSubmissionV1Response.errors.code | Number | |
CrowdStrike.falconxSubmissionV1Response.errors.id | String | |
CrowdStrike.falconxSubmissionV1Response.errors.message | String | |
CrowdStrike.falconxSubmissionV1Response.resources.cid | String | |
CrowdStrike.falconxSubmissionV1Response.resources.created_timestamp | String | |
CrowdStrike.falconxSubmissionV1Response.resources.id | String | |
CrowdStrike.falconxSubmissionV1Response.resources.origin | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.action_script | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.command_line | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.document_password | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.enable_tor | Boolean | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.environment_id | Number | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.sha256 | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.submit_name | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.system_date | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.system_time | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.url | String | |
CrowdStrike.falconxSubmissionV1Response.resources.state | String | |
CrowdStrike.falconxSubmissionV1Response.resources.user_id | String | |
CrowdStrike.falconxSubmissionV1Response.resources.user_name | String | |
CrowdStrike.falconxSubmissionV1Response.resources.user_uuid | String |
#
cs-get-summary-reportsGet a short summary version of a sandbox report.
#
Base Commandcs-get-summary-reports
#
InputArgument Name | Description | Required |
---|---|---|
ids | ID of a summary. Find a summary ID from the response when submitting a malware sample or search with /falconx/queries/reports/v1 . | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.falconxSummaryReportV1Response.errors.code | Number | |
CrowdStrike.falconxSummaryReportV1Response.errors.id | String | |
CrowdStrike.falconxSummaryReportV1Response.errors.message | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.cid | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.created_timestamp | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.intel.actors.id | Number | |
CrowdStrike.falconxSummaryReportV1Response.resources.intel.actors.name | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.intel.actors.slug | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_broad_csv_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_broad_json_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_broad_maec_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_broad_stix_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_strict_csv_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_strict_json_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_strict_maec_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_strict_stix_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.origin | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.environment_description | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.environment_id | Number | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.error_message | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.error_origin | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.error_type | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.file_type | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.incidents.name | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.sha256 | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.submission_type | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.submit_name | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.submit_url | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.threat_score | Number | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.verdict | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.user_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.user_name | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.verdict | String | |
CrowdStrike.falconxSummaryReportV1Response.errors.code | Number | |
CrowdStrike.falconxSummaryReportV1Response.errors.id | String | |
CrowdStrike.falconxSummaryReportV1Response.errors.message | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.cid | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.created_timestamp | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.intel.actors.id | Number | |
CrowdStrike.falconxSummaryReportV1Response.resources.intel.actors.name | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.intel.actors.slug | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_broad_csv_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_broad_json_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_broad_maec_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_broad_stix_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_strict_csv_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_strict_json_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_strict_maec_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.ioc_report_strict_stix_artifact_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.origin | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.environment_description | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.environment_id | Number | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.error_message | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.error_origin | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.error_type | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.file_type | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.incidents.name | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.sha256 | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.submission_type | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.submit_name | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.submit_url | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.threat_score | Number | |
CrowdStrike.falconxSummaryReportV1Response.resources.sandbox.verdict | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.user_id | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.user_name | String | |
CrowdStrike.falconxSummaryReportV1Response.resources.verdict | String |
#
cs-get-user-group-members-byidGet User Group members by User Group ID(s).
#
Base Commandcs-get-user-group-members-byid
#
InputArgument Name | Description | Required |
---|---|---|
user_group_ids | User Group IDs to search for. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainUserGroupMembersResponseV1.errors.code | Number | |
CrowdStrike.domainUserGroupMembersResponseV1.errors.id | String | |
CrowdStrike.domainUserGroupMembersResponseV1.errors.message | String | |
CrowdStrike.domainUserGroupMembersResponseV1.resources.user_group_id | String | |
CrowdStrike.domainUserGroupMembersResponseV1.errors.code | Number | |
CrowdStrike.domainUserGroupMembersResponseV1.errors.id | String | |
CrowdStrike.domainUserGroupMembersResponseV1.errors.message | String | |
CrowdStrike.domainUserGroupMembersResponseV1.resources.user_group_id | String |
#
cs-get-user-groups-byidGet User Group by ID(s).
#
Base Commandcs-get-user-groups-byid
#
InputArgument Name | Description | Required |
---|---|---|
user_group_ids | User Group IDs to search for. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainUserGroupsResponseV1.errors.code | Number | |
CrowdStrike.domainUserGroupsResponseV1.errors.id | String | |
CrowdStrike.domainUserGroupsResponseV1.errors.message | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.cid | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.description | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.name | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.user_group_id | String | |
CrowdStrike.domainUserGroupsResponseV1.errors.code | Number | |
CrowdStrike.domainUserGroupsResponseV1.errors.id | String | |
CrowdStrike.domainUserGroupsResponseV1.errors.message | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.cid | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.description | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.name | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.user_group_id | String |
#
cs-get-user-role-idsShow role IDs of roles assigned to a user. For more information on each role, provide the role ID to /customer/entities/roles/v1
.
#
Base Commandcs-get-user-role-ids
#
InputArgument Name | Description | Required |
---|---|---|
user_uuid | ID of a user. Find a user's ID from /users/entities/user/v1 . | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-get-vulnerabilitiesGet details on vulnerabilities by providing one or more IDs.
#
Base Commandcs-get-vulnerabilities
#
InputArgument Name | Description | Required |
---|---|---|
ids | One or more vulnerability IDs (max: 400). Find vulnerability IDs with GET /spotlight/queries/vulnerabilities/v1. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.errors.code | Number | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.errors.id | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.errors.message | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.resources.aid | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.resources.cid | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.resources.closed_timestamp | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.resources.created_timestamp | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.resources.id | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.resources.status | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.resources.updated_timestamp | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.errors.code | Number | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.errors.id | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.errors.message | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.resources.aid | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.resources.cid | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.resources.closed_timestamp | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.resources.created_timestamp | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.resources.id | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.resources.status | String | |
CrowdStrike.domainSPAPIVulnerabilitiesEntitiesResponseV2.resources.updated_timestamp | String |
#
cs-getaws-accountsRetrieve a set of AWS Accounts by specifying their IDs.
#
Base Commandcs-getaws-accounts
#
InputArgument Name | Description | Required |
---|---|---|
ids | IDs of accounts to retrieve details. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.modelsAWSAccountsV1.errors.code | Number | |
CrowdStrike.modelsAWSAccountsV1.errors.id | String | |
CrowdStrike.modelsAWSAccountsV1.errors.message | String | |
CrowdStrike.modelsAWSAccountsV1.resources.alias | String | Alias/Name associated with the account. This is only updated once the account is in a registered state. |
CrowdStrike.modelsAWSAccountsV1.resources.cid | String | |
CrowdStrike.modelsAWSAccountsV1.resources.cloudformation_stack_id | String | Unique identifier for the cloudformation stack id used for provisioning. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudformation_url | String | URL of the CloudFormation template to execute. This is returned when mode is to set 'cloudformation' when provisioning. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudtrail_bucket_owner_id | String | The 12 digit AWS account which is hosting the S3 bucket containing cloudtrail logs for this account. If this field is set, it takes precedence of the settings level field. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudtrail_bucket_region | String | Region where the S3 bucket containing cloudtrail logs resides. This is only set if using cloudformation to provision and create the trail. |
CrowdStrike.modelsAWSAccountsV1.resources.created_timestamp | String | Timestamp of when the account was first provisioned within CrowdStrike's system.' |
CrowdStrike.modelsAWSAccountsV1.resources.external_id | String | ID assigned for use with cross account IAM role access. |
CrowdStrike.modelsAWSAccountsV1.resources.iam_role_arn | String | The full arn of the IAM role created in this account to control access. |
CrowdStrike.modelsAWSAccountsV1.resources.id | String | 12 digit AWS provided unique identifier for the account. |
CrowdStrike.modelsAWSAccountsV1.resources.last_modified_timestamp | String | Timestamp of when the account was last modified. |
CrowdStrike.modelsAWSAccountsV1.resources.last_scanned_timestamp | String | Timestamp of when the account was scanned. |
CrowdStrike.modelsAWSAccountsV1.resources.policy_version | String | Current version of permissions associated with IAM role and granted access. |
CrowdStrike.modelsAWSAccountsV1.resources.provisioning_state | String | Provisioning state of the account. Values can be; initiated, registered, unregistered. |
CrowdStrike.modelsAWSAccountsV1.resources.rate_limit_reqs | Number | Rate limiting setting to control the maximum number of requests that can be made within the rate_limit_time duration. |
CrowdStrike.modelsAWSAccountsV1.resources.rate_limit_time | Number | Rate limiting setting to control the number of seconds for which rate_limit_reqs applies. |
CrowdStrike.modelsAWSAccountsV1.resources.template_version | String | Current version of cloudformation template used to manage access. |
CrowdStrike.modelsAWSAccountsV1.errors.code | Number | |
CrowdStrike.modelsAWSAccountsV1.errors.id | String | |
CrowdStrike.modelsAWSAccountsV1.errors.message | String | |
CrowdStrike.modelsAWSAccountsV1.resources.alias | String | Alias/Name associated with the account. This is only updated once the account is in a registered state. |
CrowdStrike.modelsAWSAccountsV1.resources.cid | String | |
CrowdStrike.modelsAWSAccountsV1.resources.cloudformation_stack_id | String | Unique identifier for the cloudformation stack id used for provisioning. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudformation_url | String | URL of the CloudFormation template to execute. This is returned when mode is to set 'cloudformation' when provisioning. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudtrail_bucket_owner_id | String | The 12 digit AWS account which is hosting the S3 bucket containing cloudtrail logs for this account. If this field is set, it takes precedence of the settings level field. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudtrail_bucket_region | String | Region where the S3 bucket containing cloudtrail logs resides. This is only set if using cloudformation to provision and create the trail. |
CrowdStrike.modelsAWSAccountsV1.resources.created_timestamp | String | Timestamp of when the account was first provisioned within CrowdStrike's system.' |
CrowdStrike.modelsAWSAccountsV1.resources.external_id | String | ID assigned for use with cross account IAM role access. |
CrowdStrike.modelsAWSAccountsV1.resources.iam_role_arn | String | The full arn of the IAM role created in this account to control access. |
CrowdStrike.modelsAWSAccountsV1.resources.id | String | 12 digit AWS provided unique identifier for the account. |
CrowdStrike.modelsAWSAccountsV1.resources.last_modified_timestamp | String | Timestamp of when the account was last modified. |
CrowdStrike.modelsAWSAccountsV1.resources.last_scanned_timestamp | String | Timestamp of when the account was scanned. |
CrowdStrike.modelsAWSAccountsV1.resources.policy_version | String | Current version of permissions associated with IAM role and granted access. |
CrowdStrike.modelsAWSAccountsV1.resources.provisioning_state | String | Provisioning state of the account. Values can be; initiated, registered, unregistered. |
CrowdStrike.modelsAWSAccountsV1.resources.rate_limit_reqs | Number | Rate limiting setting to control the maximum number of requests that can be made within the rate_limit_time duration. |
CrowdStrike.modelsAWSAccountsV1.resources.rate_limit_time | Number | Rate limiting setting to control the number of seconds for which rate_limit_reqs applies. |
CrowdStrike.modelsAWSAccountsV1.resources.template_version | String | Current version of cloudformation template used to manage access. |
#
cs-getaws-accounts-mixin0Provides a list of AWS accounts.
#
Base Commandcs-getaws-accounts-mixin0
#
InputArgument Name | Description | Required |
---|---|---|
ids | AWS Account IDs. | Optional |
status | Filter by account status. | Optional |
limit | Limit returned accounts. | Optional |
offset | Offset returned accounts. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.k8sregGetAWSAccountsResp.errors.code | Number | |
CrowdStrike.k8sregGetAWSAccountsResp.errors.id | String | |
CrowdStrike.k8sregGetAWSAccountsResp.errors.message | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.account_id | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.aws_permissions_status.name | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.aws_permissions_status.status | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.cid | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.cloudformation_url | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.created_at | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.from_cspm | Boolean | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.iam_role_arn | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.is_master | Boolean | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.organization_id | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.region | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.status | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.updated_at | String | |
CrowdStrike.k8sregGetAWSAccountsResp.errors.code | Number | |
CrowdStrike.k8sregGetAWSAccountsResp.errors.id | String | |
CrowdStrike.k8sregGetAWSAccountsResp.errors.message | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.account_id | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.aws_permissions_status.name | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.aws_permissions_status.status | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.cid | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.cloudformation_url | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.created_at | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.from_cspm | Boolean | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.iam_role_arn | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.is_master | Boolean | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.organization_id | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.region | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.status | String | |
CrowdStrike.k8sregGetAWSAccountsResp.resources.updated_at | String |
#
cs-getaws-settingsRetrieve a set of Global Settings which are applicable to all provisioned AWS accounts.
#
Base Commandcs-getaws-settings
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.modelsCustomerConfigurationsV1.errors.code | Number | |
CrowdStrike.modelsCustomerConfigurationsV1.errors.id | String | |
CrowdStrike.modelsCustomerConfigurationsV1.errors.message | String | |
CrowdStrike.modelsCustomerConfigurationsV1.resources.cloudtrail_bucket_owner_id | String | The 12 digit AWS account which is hosting the centralized S3 bucket containing cloudtrail logs for all accounts. |
CrowdStrike.modelsCustomerConfigurationsV1.resources.created_timestamp | String | Timestamp of when the settings were first provisioned within CrowdStrike's system.' |
CrowdStrike.modelsCustomerConfigurationsV1.resources.last_modified_timestamp | String | Timestamp of when the settings were last modified. |
CrowdStrike.modelsCustomerConfigurationsV1.resources.static_external_id | String | By setting this value, all subsequent accounts that are provisioned will default to using this value as the external ID. |
CrowdStrike.modelsCustomerConfigurationsV1.errors.code | Number | |
CrowdStrike.modelsCustomerConfigurationsV1.errors.id | String | |
CrowdStrike.modelsCustomerConfigurationsV1.errors.message | String | |
CrowdStrike.modelsCustomerConfigurationsV1.resources.cloudtrail_bucket_owner_id | String | The 12 digit AWS account which is hosting the centralized S3 bucket containing cloudtrail logs for all accounts. |
CrowdStrike.modelsCustomerConfigurationsV1.resources.created_timestamp | String | Timestamp of when the settings were first provisioned within CrowdStrike's system.' |
CrowdStrike.modelsCustomerConfigurationsV1.resources.last_modified_timestamp | String | Timestamp of when the settings were last modified. |
CrowdStrike.modelsCustomerConfigurationsV1.resources.static_external_id | String | By setting this value, all subsequent accounts that are provisioned will default to using this value as the external ID. |
#
cs-getcid-group-by-idGet CID Group(s) by ID(s).
#
Base Commandcs-getcid-group-by-id
#
InputArgument Name | Description | Required |
---|---|---|
cid_group_ids | CID Group IDs to be searched on. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainCIDGroupsResponseV1.errors.code | Number | |
CrowdStrike.domainCIDGroupsResponseV1.errors.id | String | |
CrowdStrike.domainCIDGroupsResponseV1.errors.message | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.cid | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.cid_group_id | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.description | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.name | String | |
CrowdStrike.domainCIDGroupsResponseV1.errors.code | Number | |
CrowdStrike.domainCIDGroupsResponseV1.errors.id | String | |
CrowdStrike.domainCIDGroupsResponseV1.errors.message | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.cid | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.cid_group_id | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.description | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.name | String |
#
cs-getcid-group-members-byGet CID Group members by CID Group IDs.
#
Base Commandcs-getcid-group-members-by
#
InputArgument Name | Description | Required |
---|---|---|
cid_group_ids | CID Group IDs to be searched on. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainCIDGroupMembersResponseV1.errors.code | Number | |
CrowdStrike.domainCIDGroupMembersResponseV1.errors.id | String | |
CrowdStrike.domainCIDGroupMembersResponseV1.errors.message | String | |
CrowdStrike.domainCIDGroupMembersResponseV1.resources.cid_group_id | String | |
CrowdStrike.domainCIDGroupMembersResponseV1.errors.code | Number | |
CrowdStrike.domainCIDGroupMembersResponseV1.errors.id | String | |
CrowdStrike.domainCIDGroupMembersResponseV1.errors.message | String | |
CrowdStrike.domainCIDGroupMembersResponseV1.resources.cid_group_id | String |
#
cs-getcspm-aws-accountReturns information about the current status of an AWS account.
#
Base Commandcs-getcspm-aws-account
#
InputArgument Name | Description | Required |
---|---|---|
scan_type | Type of scan, dry or full, to perform on selected accounts. | Optional |
ids | AWS account IDs. | Optional |
organization_ids | AWS organization IDs. | Optional |
status | Account status to filter results by. | Optional |
limit | The maximum records to return. Defaults to 100. | Optional |
offset | The offset to start retrieving records from. | Optional |
group_by | Field to group by. Possible values are: organization. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationAWSAccountResponseV2.errors.code | Number | |
CrowdStrike.registrationAWSAccountResponseV2.errors.id | String | |
CrowdStrike.registrationAWSAccountResponseV2.errors.message | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.CreatedAt | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.DeletedAt | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.ID | Number | |
CrowdStrike.registrationAWSAccountResponseV2.resources.UpdatedAt | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.account_id | String | 12 digit AWS provided unique identifier for the account. |
CrowdStrike.registrationAWSAccountResponseV2.resources.aws_cloudtrail_bucket_name | String | AWS CloudTrail bucket name to store logs. |
CrowdStrike.registrationAWSAccountResponseV2.resources.aws_cloudtrail_region | String | AWS CloudTrail region. |
CrowdStrike.registrationAWSAccountResponseV2.resources.aws_permissions_status.name | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.aws_permissions_status.status | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.cid | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.cloudformation_url | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.eventbus_name | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.external_id | String | ID assigned for use with cross account IAM role access. |
CrowdStrike.registrationAWSAccountResponseV2.resources.iam_role_arn | String | The full arn of the IAM role created in this account to control access. |
CrowdStrike.registrationAWSAccountResponseV2.resources.intermediate_role_arn | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.is_master | Boolean | |
CrowdStrike.registrationAWSAccountResponseV2.resources.organization_id | String | Up to 34 character AWS provided unique identifier for the organization. |
CrowdStrike.registrationAWSAccountResponseV2.resources.status | String | Account registration status. |
CrowdStrike.registrationAWSAccountResponseV2.errors.code | Number | |
CrowdStrike.registrationAWSAccountResponseV2.errors.id | String | |
CrowdStrike.registrationAWSAccountResponseV2.errors.message | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.CreatedAt | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.DeletedAt | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.ID | Number | |
CrowdStrike.registrationAWSAccountResponseV2.resources.UpdatedAt | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.account_id | String | 12 digit AWS provided unique identifier for the account. |
CrowdStrike.registrationAWSAccountResponseV2.resources.aws_cloudtrail_bucket_name | String | AWS CloudTrail bucket name to store logs. |
CrowdStrike.registrationAWSAccountResponseV2.resources.aws_cloudtrail_region | String | AWS CloudTrail region. |
CrowdStrike.registrationAWSAccountResponseV2.resources.aws_permissions_status.name | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.aws_permissions_status.status | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.cid | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.cloudformation_url | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.eventbus_name | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.external_id | String | ID assigned for use with cross account IAM role access. |
CrowdStrike.registrationAWSAccountResponseV2.resources.iam_role_arn | String | The full arn of the IAM role created in this account to control access. |
CrowdStrike.registrationAWSAccountResponseV2.resources.intermediate_role_arn | String | |
CrowdStrike.registrationAWSAccountResponseV2.resources.is_master | Boolean | |
CrowdStrike.registrationAWSAccountResponseV2.resources.organization_id | String | Up to 34 character AWS provided unique identifier for the organization. |
CrowdStrike.registrationAWSAccountResponseV2.resources.status | String | Account registration status. |
#
cs-getcspm-aws-account-scripts-attachmentReturn a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.
#
Base Commandcs-getcspm-aws-account-scripts-attachment
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationAWSProvisionGetAccountScriptResponseV2.errors.code | Number | |
CrowdStrike.registrationAWSProvisionGetAccountScriptResponseV2.errors.id | String | |
CrowdStrike.registrationAWSProvisionGetAccountScriptResponseV2.errors.message | String | |
CrowdStrike.registrationAWSProvisionGetAccountScriptResponseV2.resources.bash | String | |
CrowdStrike.registrationAWSProvisionGetAccountScriptResponseV2.errors.code | Number | |
CrowdStrike.registrationAWSProvisionGetAccountScriptResponseV2.errors.id | String | |
CrowdStrike.registrationAWSProvisionGetAccountScriptResponseV2.errors.message | String | |
CrowdStrike.registrationAWSProvisionGetAccountScriptResponseV2.resources.bash | String |
#
cs-getcspm-aws-console-setupur-lsReturn a URL for customer to visit in their cloud environment to grant us access to their AWS environment.
#
Base Commandcs-getcspm-aws-console-setupur-ls
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationAWSAccountConsoleURL.account_id | String | |
CrowdStrike.registrationAWSAccountConsoleURL.url | String | |
CrowdStrike.registrationAWSAccountConsoleURL.account_id | String | |
CrowdStrike.registrationAWSAccountConsoleURL.url | String |
#
cs-getcspm-azure-user-scriptsReturn a script for customer to run in their cloud environment to grant us access to their Azure environment.
#
Base Commandcs-getcspm-azure-user-scripts
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.errors.code | Number | |
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.errors.id | String | |
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.errors.message | String | |
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.resources.bash | String | |
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.errors.code | Number | |
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.errors.id | String | |
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.errors.message | String | |
CrowdStrike.registrationAzureProvisionGetUserScriptResponseV1.resources.bash | String |
#
cs-getcspm-policyGiven a policy ID, returns detailed policy information.
#
Base Commandcs-getcspm-policy
#
InputArgument Name | Description | Required |
---|---|---|
ids | Policy ID. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationPolicyResponseV1.errors.code | Number | |
CrowdStrike.registrationPolicyResponseV1.errors.id | String | |
CrowdStrike.registrationPolicyResponseV1.errors.message | String | |
CrowdStrike.registrationPolicyResponseV1.resources.CreatedAt | String | |
CrowdStrike.registrationPolicyResponseV1.resources.DeletedAt | String | |
CrowdStrike.registrationPolicyResponseV1.resources.ID | Number | |
CrowdStrike.registrationPolicyResponseV1.resources.UpdatedAt | String | |
CrowdStrike.registrationPolicyResponseV1.resources.alert_logic | String | |
CrowdStrike.registrationPolicyResponseV1.resources.api_command | String | |
CrowdStrike.registrationPolicyResponseV1.resources.cli_command | String | |
CrowdStrike.registrationPolicyResponseV1.resources.cloud_document | String | |
CrowdStrike.registrationPolicyResponseV1.resources.cloud_platform | Number | |
CrowdStrike.registrationPolicyResponseV1.resources.cloud_platform_type | String | |
CrowdStrike.registrationPolicyResponseV1.resources.cloud_service | Number | |
CrowdStrike.registrationPolicyResponseV1.resources.cloud_service_friendly | String | |
CrowdStrike.registrationPolicyResponseV1.resources.cloud_service_subtype | String | |
CrowdStrike.registrationPolicyResponseV1.resources.cloud_service_type | String | |
CrowdStrike.registrationPolicyResponseV1.resources.default_severity | String | |
CrowdStrike.registrationPolicyResponseV1.resources.description | String | |
CrowdStrike.registrationPolicyResponseV1.resources.event_type | String | |
CrowdStrike.registrationPolicyResponseV1.resources.mitre_attack_cloud_matrix | String | |
CrowdStrike.registrationPolicyResponseV1.resources.mitre_attack_cloud_subtype | String | |
CrowdStrike.registrationPolicyResponseV1.resources.policy_fail_query | String | |
CrowdStrike.registrationPolicyResponseV1.resources.policy_pass_query | String | |
CrowdStrike.registrationPolicyResponseV1.resources.policy_remediation | String | |
CrowdStrike.registrationPolicyResponseV1.resources.policy_severity | Number | |
CrowdStrike.registrationPolicyResponseV1.resources.policy_statement | String | |
CrowdStrike.registrationPolicyResponseV1.errors.code | Number | |
CrowdStrike.registrationPolicyResponseV1.errors.id | String | |
CrowdStrike.registrationPolicyResponseV1.errors.message | String | |
CrowdStrike.registrationPolicyResponseV1.resources.CreatedAt | String | |
CrowdStrike.registrationPolicyResponseV1.resources.DeletedAt | String | |
CrowdStrike.registrationPolicyResponseV1.resources.ID | Number | |
CrowdStrike.registrationPolicyResponseV1.resources.UpdatedAt | String | |
CrowdStrike.registrationPolicyResponseV1.resources.alert_logic | String | |
CrowdStrike.registrationPolicyResponseV1.resources.api_command | String | |
CrowdStrike.registrationPolicyResponseV1.resources.cli_command | String | |
CrowdStrike.registrationPolicyResponseV1.resources.cloud_document | String | |
CrowdStrike.registrationPolicyResponseV1.resources.cloud_platform | Number | |
CrowdStrike.registrationPolicyResponseV1.resources.cloud_platform_type | String | |
CrowdStrike.registrationPolicyResponseV1.resources.cloud_service | Number | |
CrowdStrike.registrationPolicyResponseV1.resources.cloud_service_friendly | String | |
CrowdStrike.registrationPolicyResponseV1.resources.cloud_service_subtype | String | |
CrowdStrike.registrationPolicyResponseV1.resources.cloud_service_type | String | |
CrowdStrike.registrationPolicyResponseV1.resources.default_severity | String | |
CrowdStrike.registrationPolicyResponseV1.resources.description | String | |
CrowdStrike.registrationPolicyResponseV1.resources.event_type | String | |
CrowdStrike.registrationPolicyResponseV1.resources.mitre_attack_cloud_matrix | String | |
CrowdStrike.registrationPolicyResponseV1.resources.mitre_attack_cloud_subtype | String | |
CrowdStrike.registrationPolicyResponseV1.resources.policy_fail_query | String | |
CrowdStrike.registrationPolicyResponseV1.resources.policy_pass_query | String | |
CrowdStrike.registrationPolicyResponseV1.resources.policy_remediation | String | |
CrowdStrike.registrationPolicyResponseV1.resources.policy_severity | Number | |
CrowdStrike.registrationPolicyResponseV1.resources.policy_statement | String |
#
cs-getcspm-policy-settingsReturns information about current policy settings.
#
Base Commandcs-getcspm-policy-settings
#
InputArgument Name | Description | Required |
---|---|---|
service | Service type to filter policy settings by. | Optional |
policy_id | Policy ID. | Optional |
cloud_platform | Cloud Platform (e.g.: aws|azure|gcp). Possible values are: aws, azure, gcp. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationPolicySettingsResponseV1.errors.code | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.errors.id | String | |
CrowdStrike.registrationPolicySettingsResponseV1.errors.message | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cid | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cis_benchmark.benchmark_short | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cis_benchmark.id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cis_benchmark.recommendation_number | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cloud_service | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cloud_service_subtype | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.default_severity | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.name | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.nist_benchmark.benchmark_short | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.nist_benchmark.id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.nist_benchmark.recommendation_number | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.pci_benchmark.benchmark_short | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.pci_benchmark.id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.pci_benchmark.recommendation_number | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.account_id | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.enabled | Boolean | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.severity | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.tag_excluded | Boolean | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.tenant_id | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_timestamp | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_type | String | |
CrowdStrike.registrationPolicySettingsResponseV1.errors.code | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.errors.id | String | |
CrowdStrike.registrationPolicySettingsResponseV1.errors.message | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cid | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cis_benchmark.benchmark_short | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cis_benchmark.id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cis_benchmark.recommendation_number | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cloud_service | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cloud_service_subtype | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.default_severity | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.name | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.nist_benchmark.benchmark_short | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.nist_benchmark.id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.nist_benchmark.recommendation_number | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.pci_benchmark.benchmark_short | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.pci_benchmark.id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.pci_benchmark.recommendation_number | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.account_id | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.enabled | Boolean | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.severity | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.tag_excluded | Boolean | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.tenant_id | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_timestamp | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_type | String |
#
cs-getcspm-scan-scheduleReturns scan schedule configuration for one or more cloud platforms.
#
Base Commandcs-getcspm-scan-schedule
#
InputArgument Name | Description | Required |
---|---|---|
cloud_platform | Cloud Platform. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationScanScheduleResponseV1.errors.code | Number | |
CrowdStrike.registrationScanScheduleResponseV1.errors.id | String | |
CrowdStrike.registrationScanScheduleResponseV1.errors.message | String | |
CrowdStrike.registrationScanScheduleResponseV1.resources.cloud_platform | String | |
CrowdStrike.registrationScanScheduleResponseV1.resources.next_scan_timestamp | String | |
CrowdStrike.registrationScanScheduleResponseV1.resources.scan_schedule | String | |
CrowdStrike.registrationScanScheduleResponseV1.errors.code | Number | |
CrowdStrike.registrationScanScheduleResponseV1.errors.id | String | |
CrowdStrike.registrationScanScheduleResponseV1.errors.message | String | |
CrowdStrike.registrationScanScheduleResponseV1.resources.cloud_platform | String | |
CrowdStrike.registrationScanScheduleResponseV1.resources.next_scan_timestamp | String | |
CrowdStrike.registrationScanScheduleResponseV1.resources.scan_schedule | String |
#
cs-getcspmcgp-accountReturns information about the current status of an GCP account.
#
Base Commandcs-getcspmcgp-account
#
InputArgument Name | Description | Required |
---|---|---|
scan_type | Type of scan, dry or full, to perform on selected accounts. | Optional |
ids | Parent IDs of accounts. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationGCPAccountResponseV1.errors.code | Number | |
CrowdStrike.registrationGCPAccountResponseV1.errors.id | String | |
CrowdStrike.registrationGCPAccountResponseV1.errors.message | String | |
CrowdStrike.registrationGCPAccountResponseV1.resources.cid | String | |
CrowdStrike.registrationGCPAccountResponseV1.resources.parent_id | String | GCP ParentID. |
CrowdStrike.registrationGCPAccountResponseV1.resources.status | String | Account registration status. |
CrowdStrike.registrationGCPAccountResponseV1.errors.code | Number | |
CrowdStrike.registrationGCPAccountResponseV1.errors.id | String | |
CrowdStrike.registrationGCPAccountResponseV1.errors.message | String | |
CrowdStrike.registrationGCPAccountResponseV1.resources.cid | String | |
CrowdStrike.registrationGCPAccountResponseV1.resources.parent_id | String | GCP ParentID. |
CrowdStrike.registrationGCPAccountResponseV1.resources.status | String | Account registration status. |
#
cs-getcspmgcp-user-scriptsReturn a script for customer to run in their cloud environment to grant us access to their GCP environment.
#
Base Commandcs-getcspmgcp-user-scripts
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.errors.code | Number | |
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.errors.id | String | |
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.errors.message | String | |
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.resources.bash | String | |
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.errors.code | Number | |
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.errors.id | String | |
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.errors.message | String | |
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.resources.bash | String |
#
cs-getcspmgcp-user-scripts-attachmentReturn a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment.
#
Base Commandcs-getcspmgcp-user-scripts-attachment
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.errors.code | Number | |
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.errors.id | String | |
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.errors.message | String | |
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.resources.bash | String | |
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.errors.code | Number | |
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.errors.id | String | |
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.errors.message | String | |
CrowdStrike.registrationGCPProvisionGetUserScriptResponseV1.resources.bash | String |
#
cs-geteventsGet events entities by ID and optionally version.
#
Base Commandcs-getevents
#
InputArgument Name | Description | Required |
---|---|---|
ids | The events to retrieve, identified by ID. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiEventsResponse.errors.code | Number | |
CrowdStrike.fwmgrapiEventsResponse.errors.id | String | |
CrowdStrike.fwmgrapiEventsResponse.errors.message | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.aid | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.cid | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.command_line | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.connection_direction | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.event_type | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.hidden | Boolean | |
CrowdStrike.fwmgrapiEventsResponse.resources.host_name | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.icmp_code | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.icmp_type | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.id | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.image_file_name | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.ipv | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.local_address | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.local_port | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.match_count | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.match_count_since_last_event | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.network_profile | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.pid | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.policy_id | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.policy_name | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.protocol | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.remote_address | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.remote_port | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.rule_action | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.rule_description | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.rule_family_id | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.rule_group_name | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.rule_id | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.rule_name | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.status | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.timestamp | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.tree_id | String | |
CrowdStrike.fwmgrapiEventsResponse.errors.code | Number | |
CrowdStrike.fwmgrapiEventsResponse.errors.id | String | |
CrowdStrike.fwmgrapiEventsResponse.errors.message | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.aid | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.cid | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.command_line | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.connection_direction | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.event_type | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.hidden | Boolean | |
CrowdStrike.fwmgrapiEventsResponse.resources.host_name | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.icmp_code | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.icmp_type | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.id | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.image_file_name | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.ipv | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.local_address | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.local_port | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.match_count | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.match_count_since_last_event | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.network_profile | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.pid | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.policy_id | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.policy_name | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.protocol | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.remote_address | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.remote_port | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.rule_action | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.rule_description | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.rule_family_id | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.rule_group_name | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.rule_id | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.rule_name | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.status | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.timestamp | String | |
CrowdStrike.fwmgrapiEventsResponse.resources.tree_id | String |
#
cs-getfirewallfieldsGet the firewall field specifications by ID.
#
Base Commandcs-getfirewallfields
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the rule types to retrieve. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiFirewallFieldsResponse.errors.code | Number | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.errors.id | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.errors.message | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.resources.id | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.resources.platform | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.resources.platform_fields.label | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.resources.platform_fields.name | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.resources.platform_fields.options.label | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.resources.platform_fields.options.value | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.resources.platform_fields.type | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.errors.code | Number | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.errors.id | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.errors.message | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.resources.id | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.resources.platform | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.resources.platform_fields.label | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.resources.platform_fields.name | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.resources.platform_fields.options.label | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.resources.platform_fields.options.value | String | |
CrowdStrike.fwmgrapiFirewallFieldsResponse.resources.platform_fields.type | String |
#
cs-getioa-eventsFor CSPM IOA events, gets list of IOA events.
#
Base Commandcs-getioa-events
#
InputArgument Name | Description | Required |
---|---|---|
policy_id | Policy ID. | Required |
cloud_provider | Cloud Provider (e.g.: aws|azure|gcp). | Required |
account_id | Cloud account ID (e.g.: AWS accountID, Azure subscriptionID). | Optional |
azure_tenant_id | Azure tenantID. | Optional |
user_ids | user IDs. | Optional |
offset | Starting index of overall result set from which to return events. | Optional |
limit | The maximum records to return. [1-500]. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationExternalIOAEventResponse.errors.code | Number | |
CrowdStrike.registrationExternalIOAEventResponse.errors.id | String | |
CrowdStrike.registrationExternalIOAEventResponse.errors.message | String | |
CrowdStrike.registrationExternalIOAEventResponse.errors.code | Number | |
CrowdStrike.registrationExternalIOAEventResponse.errors.id | String | |
CrowdStrike.registrationExternalIOAEventResponse.errors.message | String |
#
cs-getioa-exclusionsv1Get a set of IOA Exclusions by specifying their IDs.
#
Base Commandcs-getioa-exclusionsv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | The ids of the exclusions to retrieve. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesIoaExclusionRespV1.errors.code | Number | |
CrowdStrike.responsesIoaExclusionRespV1.errors.id | String | |
CrowdStrike.responsesIoaExclusionRespV1.errors.message | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.applied_globally | Boolean | |
CrowdStrike.responsesIoaExclusionRespV1.resources.cl_regex | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.created_by | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.created_on | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.description | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.detection_json | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesIoaExclusionRespV1.resources.id | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.ifn_regex | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.last_modified | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.modified_by | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.name | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.pattern_id | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.pattern_name | String | |
CrowdStrike.responsesIoaExclusionRespV1.errors.code | Number | |
CrowdStrike.responsesIoaExclusionRespV1.errors.id | String | |
CrowdStrike.responsesIoaExclusionRespV1.errors.message | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.applied_globally | Boolean | |
CrowdStrike.responsesIoaExclusionRespV1.resources.cl_regex | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.created_by | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.created_on | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.description | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.detection_json | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesIoaExclusionRespV1.resources.id | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.ifn_regex | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.last_modified | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.modified_by | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.name | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.pattern_id | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.pattern_name | String |
#
cs-getioa-usersFor CSPM IOA users, gets list of IOA users.
#
Base Commandcs-getioa-users
#
InputArgument Name | Description | Required |
---|---|---|
policy_id | Policy ID. | Required |
cloud_provider | Cloud Provider (e.g.: aws|azure|gcp). | Required |
account_id | Cloud account ID (e.g.: AWS accountID, Azure subscriptionID). | Optional |
azure_tenant_id | Azure tenantID. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationIOAUserResponse.errors.code | Number | |
CrowdStrike.registrationIOAUserResponse.errors.id | String | |
CrowdStrike.registrationIOAUserResponse.errors.message | String | |
CrowdStrike.registrationIOAUserResponse.resources.user_id | String | |
CrowdStrike.registrationIOAUserResponse.resources.user_name | String | |
CrowdStrike.registrationIOAUserResponse.errors.code | Number | |
CrowdStrike.registrationIOAUserResponse.errors.id | String | |
CrowdStrike.registrationIOAUserResponse.errors.message | String | |
CrowdStrike.registrationIOAUserResponse.resources.user_id | String | |
CrowdStrike.registrationIOAUserResponse.resources.user_name | String |
#
cs-getioc#
Base Commandcs-getioc
#
InputArgument Name | Description | Required |
---|---|---|
type_ | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. . | Required |
value | The string representation of the indicator. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiMsaReplyIOC.errors.code | Number | |
CrowdStrike.apiMsaReplyIOC.errors.id | String | |
CrowdStrike.apiMsaReplyIOC.errors.message | String | |
CrowdStrike.apiMsaReplyIOC.resources.batch_id | String | |
CrowdStrike.apiMsaReplyIOC.resources.created_by | String | |
CrowdStrike.apiMsaReplyIOC.resources.created_timestamp | String | |
CrowdStrike.apiMsaReplyIOC.resources.description | String | |
CrowdStrike.apiMsaReplyIOC.resources.expiration_days | Number | |
CrowdStrike.apiMsaReplyIOC.resources.expiration_timestamp | String | |
CrowdStrike.apiMsaReplyIOC.resources.modified_by | String | |
CrowdStrike.apiMsaReplyIOC.resources.modified_timestamp | String | |
CrowdStrike.apiMsaReplyIOC.resources.policy | String | |
CrowdStrike.apiMsaReplyIOC.resources.share_level | String | |
CrowdStrike.apiMsaReplyIOC.resources.source | String | |
CrowdStrike.apiMsaReplyIOC.resources.type | String | |
CrowdStrike.apiMsaReplyIOC.resources.value | String | |
CrowdStrike.apiMsaReplyIOC.errors.code | Number | |
CrowdStrike.apiMsaReplyIOC.errors.id | String | |
CrowdStrike.apiMsaReplyIOC.errors.message | String | |
CrowdStrike.apiMsaReplyIOC.resources.batch_id | String | |
CrowdStrike.apiMsaReplyIOC.resources.created_by | String | |
CrowdStrike.apiMsaReplyIOC.resources.created_timestamp | String | |
CrowdStrike.apiMsaReplyIOC.resources.description | String | |
CrowdStrike.apiMsaReplyIOC.resources.expiration_days | Number | |
CrowdStrike.apiMsaReplyIOC.resources.expiration_timestamp | String | |
CrowdStrike.apiMsaReplyIOC.resources.modified_by | String | |
CrowdStrike.apiMsaReplyIOC.resources.modified_timestamp | String | |
CrowdStrike.apiMsaReplyIOC.resources.policy | String | |
CrowdStrike.apiMsaReplyIOC.resources.share_level | String | |
CrowdStrike.apiMsaReplyIOC.resources.source | String | |
CrowdStrike.apiMsaReplyIOC.resources.type | String | |
CrowdStrike.apiMsaReplyIOC.resources.value | String |
#
cs-getml-exclusionsv1Get a set of ML Exclusions by specifying their IDs.
#
Base Commandcs-getml-exclusionsv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | The ids of the exclusions to retrieve. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesMlExclusionRespV1.errors.code | Number | |
CrowdStrike.responsesMlExclusionRespV1.errors.id | String | |
CrowdStrike.responsesMlExclusionRespV1.errors.message | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.applied_globally | Boolean | |
CrowdStrike.responsesMlExclusionRespV1.resources.created_by | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.created_on | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesMlExclusionRespV1.resources.id | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.last_modified | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.modified_by | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.regexp_value | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.value | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.value_hash | String | |
CrowdStrike.responsesMlExclusionRespV1.errors.code | Number | |
CrowdStrike.responsesMlExclusionRespV1.errors.id | String | |
CrowdStrike.responsesMlExclusionRespV1.errors.message | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.applied_globally | Boolean | |
CrowdStrike.responsesMlExclusionRespV1.resources.created_by | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.created_on | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesMlExclusionRespV1.resources.id | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.last_modified | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.modified_by | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.regexp_value | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.value | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.value_hash | String |
#
cs-getpatternsGet pattern severities by ID.
#
Base Commandcs-getpatterns
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the entities. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiPatternsResponse.errors.code | Number | |
CrowdStrike.apiPatternsResponse.errors.id | String | |
CrowdStrike.apiPatternsResponse.errors.message | String | |
CrowdStrike.apiPatternsResponse.resources.name | String | |
CrowdStrike.apiPatternsResponse.resources.severity | String | |
CrowdStrike.apiPatternsResponse.errors.code | Number | |
CrowdStrike.apiPatternsResponse.errors.id | String | |
CrowdStrike.apiPatternsResponse.errors.message | String | |
CrowdStrike.apiPatternsResponse.resources.name | String | |
CrowdStrike.apiPatternsResponse.resources.severity | String |
#
cs-getplatformsGet platforms by ID, e.g., windows or mac or droid.
#
Base Commandcs-getplatforms
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the platforms to retrieve. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiPlatformsResponse.errors.code | Number | |
CrowdStrike.fwmgrapiPlatformsResponse.errors.id | String | |
CrowdStrike.fwmgrapiPlatformsResponse.errors.message | String | |
CrowdStrike.fwmgrapiPlatformsResponse.resources.id | String | |
CrowdStrike.fwmgrapiPlatformsResponse.resources.label | String | |
CrowdStrike.fwmgrapiPlatformsResponse.errors.code | Number | |
CrowdStrike.fwmgrapiPlatformsResponse.errors.id | String | |
CrowdStrike.fwmgrapiPlatformsResponse.errors.message | String | |
CrowdStrike.fwmgrapiPlatformsResponse.resources.id | String | |
CrowdStrike.fwmgrapiPlatformsResponse.resources.label | String |
#
cs-getplatforms-mixin0Get platforms by ID.
#
Base Commandcs-getplatforms-mixin0
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the entities. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiPlatformsResponse.errors.code | Number | |
CrowdStrike.apiPlatformsResponse.errors.id | String | |
CrowdStrike.apiPlatformsResponse.errors.message | String | |
CrowdStrike.apiPlatformsResponse.resources.id | String | |
CrowdStrike.apiPlatformsResponse.resources.label | String | |
CrowdStrike.apiPlatformsResponse.errors.code | Number | |
CrowdStrike.apiPlatformsResponse.errors.id | String | |
CrowdStrike.apiPlatformsResponse.errors.message | String | |
CrowdStrike.apiPlatformsResponse.resources.id | String | |
CrowdStrike.apiPlatformsResponse.resources.label | String |
#
cs-getpolicycontainersGet policy container entities by policy ID.
#
Base Commandcs-getpolicycontainers
#
InputArgument Name | Description | Required |
---|---|---|
ids | The policy container(s) to retrieve, identified by policy ID. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiPolicyContainersResponse.errors.code | Number | |
CrowdStrike.fwmgrapiPolicyContainersResponse.errors.id | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.errors.message | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.created_by | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.created_on | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.default_inbound | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.default_outbound | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.deleted | Boolean | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.enforce | Boolean | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.is_default_policy | Boolean | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.modified_by | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.modified_on | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.platform_id | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.policy_id | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.test_mode | Boolean | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.tracking | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.errors.code | Number | |
CrowdStrike.fwmgrapiPolicyContainersResponse.errors.id | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.errors.message | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.created_by | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.created_on | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.default_inbound | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.default_outbound | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.deleted | Boolean | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.enforce | Boolean | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.is_default_policy | Boolean | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.modified_by | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.modified_on | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.platform_id | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.policy_id | String | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.test_mode | Boolean | |
CrowdStrike.fwmgrapiPolicyContainersResponse.resources.tracking | String |
#
cs-getrt-response-policiesRetrieve a set of Response Policies by specifying their IDs.
#
Base Commandcs-getrt-response-policies
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the RTR Policies to return. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesRTResponsePoliciesV1.errors.code | Number | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.id | String | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.message | String | |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.name | String | The name of the category. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
CrowdStrike.responsesRTResponsePoliciesV1.errors.code | Number | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.id | String | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.message | String | |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.name | String | The name of the category. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
#
cs-getrulegroupsGet rule group entities by ID. These groups do not contain their rule entites, just the rule IDs in precedence order.
#
Base Commandcs-getrulegroups
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the rule groups to retrieve. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiRuleGroupsResponse.errors.code | Number | |
CrowdStrike.fwmgrapiRuleGroupsResponse.errors.id | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.errors.message | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.created_by | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.created_on | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.customer_id | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.deleted | Boolean | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.description | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.enabled | Boolean | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.id | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.modified_by | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.modified_on | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.name | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.tracking | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.errors.code | Number | |
CrowdStrike.fwmgrapiRuleGroupsResponse.errors.id | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.errors.message | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.created_by | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.created_on | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.customer_id | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.deleted | Boolean | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.description | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.enabled | Boolean | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.id | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.modified_by | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.modified_on | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.name | String | |
CrowdStrike.fwmgrapiRuleGroupsResponse.resources.tracking | String |
#
cs-getrulegroups-mixin0Get rule groups by ID.
#
Base Commandcs-getrulegroups-mixin0
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the entities. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiRuleGroupsResponse.errors.code | Number | |
CrowdStrike.apiRuleGroupsResponse.errors.id | String | |
CrowdStrike.apiRuleGroupsResponse.errors.message | String | |
CrowdStrike.apiRuleGroupsResponse.resources.comment | String | |
CrowdStrike.apiRuleGroupsResponse.resources.committed_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.created_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.created_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.customer_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.deleted | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.description | String | |
CrowdStrike.apiRuleGroupsResponse.resources.enabled | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.modified_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.modified_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.platform | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.action_label | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.comment | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.committed_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.created_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.created_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.customer_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.deleted | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.description | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.disposition_id | Number | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.enabled | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.final_value | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.label | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.type | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.value | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.values.label | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.values.value | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.instance_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.instance_version | Number | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.magic_cookie | Number | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.modified_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.modified_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.pattern_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.pattern_severity | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.rulegroup_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.ruletype_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.ruletype_name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.version | Number | |
CrowdStrike.apiRuleGroupsResponse.errors.code | Number | |
CrowdStrike.apiRuleGroupsResponse.errors.id | String | |
CrowdStrike.apiRuleGroupsResponse.errors.message | String | |
CrowdStrike.apiRuleGroupsResponse.resources.comment | String | |
CrowdStrike.apiRuleGroupsResponse.resources.committed_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.created_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.created_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.customer_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.deleted | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.description | String | |
CrowdStrike.apiRuleGroupsResponse.resources.enabled | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.modified_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.modified_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.platform | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.action_label | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.comment | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.committed_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.created_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.created_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.customer_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.deleted | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.description | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.disposition_id | Number | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.enabled | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.final_value | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.label | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.type | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.value | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.values.label | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.values.value | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.instance_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.instance_version | Number | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.magic_cookie | Number | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.modified_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.modified_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.pattern_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.pattern_severity | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.rulegroup_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.ruletype_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.ruletype_name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.version | Number |
#
cs-getrulesGet rule entities by ID (64-bit unsigned int as decimal string) or Family ID (32-character hexadecimal string).
#
Base Commandcs-getrules
#
InputArgument Name | Description | Required |
---|---|---|
ids | The rules to retrieve, identified by ID. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiRulesResponse.errors.code | Number | |
CrowdStrike.fwmgrapiRulesResponse.errors.id | String | |
CrowdStrike.fwmgrapiRulesResponse.errors.message | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.action | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.address_family | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.created_by | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.created_on | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.customer_id | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.deleted | Boolean | |
CrowdStrike.fwmgrapiRulesResponse.resources.description | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.direction | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.enabled | Boolean | |
CrowdStrike.fwmgrapiRulesResponse.resources.family | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.fields.final_value | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.fields.label | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.fields.name | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.fields.type | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.fields.value | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.id | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.local_address.address | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.local_address.netmask | Number | |
CrowdStrike.fwmgrapiRulesResponse.resources.local_port.end | Number | |
CrowdStrike.fwmgrapiRulesResponse.resources.local_port.start | Number | |
CrowdStrike.fwmgrapiRulesResponse.resources.modified_by | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.modified_on | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.name | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.protocol | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.remote_address.address | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.remote_address.netmask | Number | |
CrowdStrike.fwmgrapiRulesResponse.resources.remote_port.end | Number | |
CrowdStrike.fwmgrapiRulesResponse.resources.remote_port.start | Number | |
CrowdStrike.fwmgrapiRulesResponse.resources.version | Number | |
CrowdStrike.fwmgrapiRulesResponse.errors.code | Number | |
CrowdStrike.fwmgrapiRulesResponse.errors.id | String | |
CrowdStrike.fwmgrapiRulesResponse.errors.message | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.action | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.address_family | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.created_by | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.created_on | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.customer_id | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.deleted | Boolean | |
CrowdStrike.fwmgrapiRulesResponse.resources.description | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.direction | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.enabled | Boolean | |
CrowdStrike.fwmgrapiRulesResponse.resources.family | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.fields.final_value | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.fields.label | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.fields.name | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.fields.type | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.fields.value | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.id | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.local_address.address | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.local_address.netmask | Number | |
CrowdStrike.fwmgrapiRulesResponse.resources.local_port.end | Number | |
CrowdStrike.fwmgrapiRulesResponse.resources.local_port.start | Number | |
CrowdStrike.fwmgrapiRulesResponse.resources.modified_by | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.modified_on | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.name | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.protocol | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.remote_address.address | String | |
CrowdStrike.fwmgrapiRulesResponse.resources.remote_address.netmask | Number | |
CrowdStrike.fwmgrapiRulesResponse.resources.remote_port.end | Number | |
CrowdStrike.fwmgrapiRulesResponse.resources.remote_port.start | Number | |
CrowdStrike.fwmgrapiRulesResponse.resources.version | Number |
#
cs-getrules-mixin0Get rules by ID and optionally version in the following format: ID[:version]
. The max number of IDs is constrained by URL size.
#
Base Commandcs-getrules-mixin0
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the entities. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiRulesResponse.errors.code | Number | |
CrowdStrike.apiRulesResponse.errors.id | String | |
CrowdStrike.apiRulesResponse.errors.message | String | |
CrowdStrike.apiRulesResponse.resources.action_label | String | |
CrowdStrike.apiRulesResponse.resources.comment | String | |
CrowdStrike.apiRulesResponse.resources.committed_on | String | |
CrowdStrike.apiRulesResponse.resources.created_by | String | |
CrowdStrike.apiRulesResponse.resources.created_on | String | |
CrowdStrike.apiRulesResponse.resources.customer_id | String | |
CrowdStrike.apiRulesResponse.resources.deleted | Boolean | |
CrowdStrike.apiRulesResponse.resources.description | String | |
CrowdStrike.apiRulesResponse.resources.disposition_id | Number | |
CrowdStrike.apiRulesResponse.resources.enabled | Boolean | |
CrowdStrike.apiRulesResponse.resources.field_values.final_value | String | |
CrowdStrike.apiRulesResponse.resources.field_values.label | String | |
CrowdStrike.apiRulesResponse.resources.field_values.name | String | |
CrowdStrike.apiRulesResponse.resources.field_values.type | String | |
CrowdStrike.apiRulesResponse.resources.field_values.value | String | |
CrowdStrike.apiRulesResponse.resources.field_values.values.label | String | |
CrowdStrike.apiRulesResponse.resources.field_values.values.value | String | |
CrowdStrike.apiRulesResponse.resources.instance_id | String | |
CrowdStrike.apiRulesResponse.resources.instance_version | Number | |
CrowdStrike.apiRulesResponse.resources.magic_cookie | Number | |
CrowdStrike.apiRulesResponse.resources.modified_by | String | |
CrowdStrike.apiRulesResponse.resources.modified_on | String | |
CrowdStrike.apiRulesResponse.resources.name | String | |
CrowdStrike.apiRulesResponse.resources.pattern_id | String | |
CrowdStrike.apiRulesResponse.resources.pattern_severity | String | |
CrowdStrike.apiRulesResponse.resources.rulegroup_id | String | |
CrowdStrike.apiRulesResponse.resources.ruletype_id | String | |
CrowdStrike.apiRulesResponse.resources.ruletype_name | String | |
CrowdStrike.apiRulesResponse.errors.code | Number | |
CrowdStrike.apiRulesResponse.errors.id | String | |
CrowdStrike.apiRulesResponse.errors.message | String | |
CrowdStrike.apiRulesResponse.resources.action_label | String | |
CrowdStrike.apiRulesResponse.resources.comment | String | |
CrowdStrike.apiRulesResponse.resources.committed_on | String | |
CrowdStrike.apiRulesResponse.resources.created_by | String | |
CrowdStrike.apiRulesResponse.resources.created_on | String | |
CrowdStrike.apiRulesResponse.resources.customer_id | String | |
CrowdStrike.apiRulesResponse.resources.deleted | Boolean | |
CrowdStrike.apiRulesResponse.resources.description | String | |
CrowdStrike.apiRulesResponse.resources.disposition_id | Number | |
CrowdStrike.apiRulesResponse.resources.enabled | Boolean | |
CrowdStrike.apiRulesResponse.resources.field_values.final_value | String | |
CrowdStrike.apiRulesResponse.resources.field_values.label | String | |
CrowdStrike.apiRulesResponse.resources.field_values.name | String | |
CrowdStrike.apiRulesResponse.resources.field_values.type | String | |
CrowdStrike.apiRulesResponse.resources.field_values.value | String | |
CrowdStrike.apiRulesResponse.resources.field_values.values.label | String | |
CrowdStrike.apiRulesResponse.resources.field_values.values.value | String | |
CrowdStrike.apiRulesResponse.resources.instance_id | String | |
CrowdStrike.apiRulesResponse.resources.instance_version | Number | |
CrowdStrike.apiRulesResponse.resources.magic_cookie | Number | |
CrowdStrike.apiRulesResponse.resources.modified_by | String | |
CrowdStrike.apiRulesResponse.resources.modified_on | String | |
CrowdStrike.apiRulesResponse.resources.name | String | |
CrowdStrike.apiRulesResponse.resources.pattern_id | String | |
CrowdStrike.apiRulesResponse.resources.pattern_severity | String | |
CrowdStrike.apiRulesResponse.resources.rulegroup_id | String | |
CrowdStrike.apiRulesResponse.resources.ruletype_id | String | |
CrowdStrike.apiRulesResponse.resources.ruletype_name | String |
#
cs-getrulesgetGet rules by ID and optionally version in the following format: ID[:version]
.
#
Base Commandcs-getrulesget
#
InputArgument Name | Description | Required |
---|---|---|
api_rulesgetrequestv1_ids | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiRulesResponse.errors.code | Number | |
CrowdStrike.apiRulesResponse.errors.id | String | |
CrowdStrike.apiRulesResponse.errors.message | String | |
CrowdStrike.apiRulesResponse.resources.action_label | String | |
CrowdStrike.apiRulesResponse.resources.comment | String | |
CrowdStrike.apiRulesResponse.resources.committed_on | String | |
CrowdStrike.apiRulesResponse.resources.created_by | String | |
CrowdStrike.apiRulesResponse.resources.created_on | String | |
CrowdStrike.apiRulesResponse.resources.customer_id | String | |
CrowdStrike.apiRulesResponse.resources.deleted | Boolean | |
CrowdStrike.apiRulesResponse.resources.description | String | |
CrowdStrike.apiRulesResponse.resources.disposition_id | Number | |
CrowdStrike.apiRulesResponse.resources.enabled | Boolean | |
CrowdStrike.apiRulesResponse.resources.field_values.final_value | String | |
CrowdStrike.apiRulesResponse.resources.field_values.label | String | |
CrowdStrike.apiRulesResponse.resources.field_values.name | String | |
CrowdStrike.apiRulesResponse.resources.field_values.type | String | |
CrowdStrike.apiRulesResponse.resources.field_values.value | String | |
CrowdStrike.apiRulesResponse.resources.field_values.values.label | String | |
CrowdStrike.apiRulesResponse.resources.field_values.values.value | String | |
CrowdStrike.apiRulesResponse.resources.instance_id | String | |
CrowdStrike.apiRulesResponse.resources.instance_version | Number | |
CrowdStrike.apiRulesResponse.resources.magic_cookie | Number | |
CrowdStrike.apiRulesResponse.resources.modified_by | String | |
CrowdStrike.apiRulesResponse.resources.modified_on | String | |
CrowdStrike.apiRulesResponse.resources.name | String | |
CrowdStrike.apiRulesResponse.resources.pattern_id | String | |
CrowdStrike.apiRulesResponse.resources.pattern_severity | String | |
CrowdStrike.apiRulesResponse.resources.rulegroup_id | String | |
CrowdStrike.apiRulesResponse.resources.ruletype_id | String | |
CrowdStrike.apiRulesResponse.resources.ruletype_name | String | |
CrowdStrike.apiRulesResponse.errors.code | Number | |
CrowdStrike.apiRulesResponse.errors.id | String | |
CrowdStrike.apiRulesResponse.errors.message | String | |
CrowdStrike.apiRulesResponse.resources.action_label | String | |
CrowdStrike.apiRulesResponse.resources.comment | String | |
CrowdStrike.apiRulesResponse.resources.committed_on | String | |
CrowdStrike.apiRulesResponse.resources.created_by | String | |
CrowdStrike.apiRulesResponse.resources.created_on | String | |
CrowdStrike.apiRulesResponse.resources.customer_id | String | |
CrowdStrike.apiRulesResponse.resources.deleted | Boolean | |
CrowdStrike.apiRulesResponse.resources.description | String | |
CrowdStrike.apiRulesResponse.resources.disposition_id | Number | |
CrowdStrike.apiRulesResponse.resources.enabled | Boolean | |
CrowdStrike.apiRulesResponse.resources.field_values.final_value | String | |
CrowdStrike.apiRulesResponse.resources.field_values.label | String | |
CrowdStrike.apiRulesResponse.resources.field_values.name | String | |
CrowdStrike.apiRulesResponse.resources.field_values.type | String | |
CrowdStrike.apiRulesResponse.resources.field_values.value | String | |
CrowdStrike.apiRulesResponse.resources.field_values.values.label | String | |
CrowdStrike.apiRulesResponse.resources.field_values.values.value | String | |
CrowdStrike.apiRulesResponse.resources.instance_id | String | |
CrowdStrike.apiRulesResponse.resources.instance_version | Number | |
CrowdStrike.apiRulesResponse.resources.magic_cookie | Number | |
CrowdStrike.apiRulesResponse.resources.modified_by | String | |
CrowdStrike.apiRulesResponse.resources.modified_on | String | |
CrowdStrike.apiRulesResponse.resources.name | String | |
CrowdStrike.apiRulesResponse.resources.pattern_id | String | |
CrowdStrike.apiRulesResponse.resources.pattern_severity | String | |
CrowdStrike.apiRulesResponse.resources.rulegroup_id | String | |
CrowdStrike.apiRulesResponse.resources.ruletype_id | String | |
CrowdStrike.apiRulesResponse.resources.ruletype_name | String |
#
cs-getruletypesGet rule types by ID.
#
Base Commandcs-getruletypes
#
InputArgument Name | Description | Required |
---|---|---|
ids | The IDs of the entities. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiRuleTypesResponse.errors.code | Number | |
CrowdStrike.apiRuleTypesResponse.errors.id | String | |
CrowdStrike.apiRuleTypesResponse.errors.message | String | |
CrowdStrike.apiRuleTypesResponse.resources.channel | Number | |
CrowdStrike.apiRuleTypesResponse.resources.disposition_map.id | Number | |
CrowdStrike.apiRuleTypesResponse.resources.disposition_map.label | String | |
CrowdStrike.apiRuleTypesResponse.resources.fields.name | String | |
CrowdStrike.apiRuleTypesResponse.resources.fields.value | String | |
CrowdStrike.apiRuleTypesResponse.resources.id | String | |
CrowdStrike.apiRuleTypesResponse.resources.long_desc | String | |
CrowdStrike.apiRuleTypesResponse.resources.name | String | |
CrowdStrike.apiRuleTypesResponse.resources.platform | String | |
CrowdStrike.apiRuleTypesResponse.resources.released | Boolean | |
CrowdStrike.apiRuleTypesResponse.errors.code | Number | |
CrowdStrike.apiRuleTypesResponse.errors.id | String | |
CrowdStrike.apiRuleTypesResponse.errors.message | String | |
CrowdStrike.apiRuleTypesResponse.resources.channel | Number | |
CrowdStrike.apiRuleTypesResponse.resources.disposition_map.id | Number | |
CrowdStrike.apiRuleTypesResponse.resources.disposition_map.label | String | |
CrowdStrike.apiRuleTypesResponse.resources.fields.name | String | |
CrowdStrike.apiRuleTypesResponse.resources.fields.value | String | |
CrowdStrike.apiRuleTypesResponse.resources.id | String | |
CrowdStrike.apiRuleTypesResponse.resources.long_desc | String | |
CrowdStrike.apiRuleTypesResponse.resources.name | String | |
CrowdStrike.apiRuleTypesResponse.resources.platform | String | |
CrowdStrike.apiRuleTypesResponse.resources.released | Boolean |
#
cs-grant-user-role-idsAssign one or more roles to a user.
#
Base Commandcs-grant-user-role-ids
#
InputArgument Name | Description | Required |
---|---|---|
user_uuid | ID of a user. Find a user's ID from /users/entities/user/v1 . | Required |
domain_roleids_roleids | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainUserRoleIDsResponse.errors.code | Number | |
CrowdStrike.domainUserRoleIDsResponse.errors.id | String | |
CrowdStrike.domainUserRoleIDsResponse.errors.message | String | |
CrowdStrike.domainUserRoleIDsResponse.errors.code | Number | |
CrowdStrike.domainUserRoleIDsResponse.errors.id | String | |
CrowdStrike.domainUserRoleIDsResponse.errors.message | String |
#
cs-indicatorcombinedv1Get Combined for Indicators.
#
Base Commandcs-indicatorcombinedv1
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. Offset and After ms are mutually exclusive. If none provided then scrolling will be used by default. | Optional |
limit | The maximum records to return. | Optional |
sort | The sort expression that should be used to sort the results. Possible values are: action, applied_globally, metadata.av_hits, metadata.company_name.raw, created_by, created_on, expiration, expired, metadata.filename.raw, modified_by, modified_on, metadata.original_filename.raw, metadata.product_name.raw, metadata.product_version, severity_number, source, type, value. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiIndicatorRespV1.errors.code | Number | |
CrowdStrike.apiIndicatorRespV1.errors.id | String | |
CrowdStrike.apiIndicatorRespV1.errors.message | String | |
CrowdStrike.apiIndicatorRespV1.resources.action | String | |
CrowdStrike.apiIndicatorRespV1.resources.applied_globally | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.created_by | String | |
CrowdStrike.apiIndicatorRespV1.resources.created_on | String | |
CrowdStrike.apiIndicatorRespV1.resources.deleted | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.description | String | |
CrowdStrike.apiIndicatorRespV1.resources.expiration | String | |
CrowdStrike.apiIndicatorRespV1.resources.expired | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.id | String | |
CrowdStrike.apiIndicatorRespV1.resources.mobile_action | String | |
CrowdStrike.apiIndicatorRespV1.resources.modified_by | String | |
CrowdStrike.apiIndicatorRespV1.resources.modified_on | String | |
CrowdStrike.apiIndicatorRespV1.resources.severity | String | |
CrowdStrike.apiIndicatorRespV1.resources.source | String | |
CrowdStrike.apiIndicatorRespV1.resources.type | String | |
CrowdStrike.apiIndicatorRespV1.resources.value | String | |
CrowdStrike.apiIndicatorRespV1.errors.code | Number | |
CrowdStrike.apiIndicatorRespV1.errors.id | String | |
CrowdStrike.apiIndicatorRespV1.errors.message | String | |
CrowdStrike.apiIndicatorRespV1.resources.action | String | |
CrowdStrike.apiIndicatorRespV1.resources.applied_globally | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.created_by | String | |
CrowdStrike.apiIndicatorRespV1.resources.created_on | String | |
CrowdStrike.apiIndicatorRespV1.resources.deleted | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.description | String | |
CrowdStrike.apiIndicatorRespV1.resources.expiration | String | |
CrowdStrike.apiIndicatorRespV1.resources.expired | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.id | String | |
CrowdStrike.apiIndicatorRespV1.resources.mobile_action | String | |
CrowdStrike.apiIndicatorRespV1.resources.modified_by | String | |
CrowdStrike.apiIndicatorRespV1.resources.modified_on | String | |
CrowdStrike.apiIndicatorRespV1.resources.severity | String | |
CrowdStrike.apiIndicatorRespV1.resources.source | String | |
CrowdStrike.apiIndicatorRespV1.resources.type | String | |
CrowdStrike.apiIndicatorRespV1.resources.value | String |
#
cs-indicatorcreatev1Create Indicators.
#
Base Commandcs-indicatorcreatev1
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERNAME | The username. | Optional |
retrodetects | Whether to submit to retrodetects. | Optional |
ignore_warnings | Set to true to ignore warnings and add all IOCs. | Optional |
api_indicatorcreatereqsv1_comment | Optional | |
api_indicatorcreatereqsv1_indicators | Required |
#
Context OutputThere is no context output for this command.
#
cs-indicatordeletev1Delete Indicators by ids.
#
Base Commandcs-indicatordeletev1
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The FQL expression to delete Indicators in bulk. If both 'filter' and 'ids' are provided, then filter takes precedence and ignores ids. | Optional |
ids | The ids of the Indicators to delete. If both 'filter' and 'ids' are provided, then filter takes precedence and ignores ids. | Optional |
comment | The comment why these indicators were deleted. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiIndicatorQueryResponse.errors.code | Number | |
CrowdStrike.apiIndicatorQueryResponse.errors.id | String | |
CrowdStrike.apiIndicatorQueryResponse.errors.message | String | |
CrowdStrike.apiIndicatorQueryResponse.errors.code | Number | |
CrowdStrike.apiIndicatorQueryResponse.errors.id | String | |
CrowdStrike.apiIndicatorQueryResponse.errors.message | String |
#
cs-indicatorgetv1Get Indicators by ids.
#
Base Commandcs-indicatorgetv1
#
InputArgument Name | Description | Required |
---|---|---|
ids | The ids of the Indicators to retrieve. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiIndicatorRespV1.errors.code | Number | |
CrowdStrike.apiIndicatorRespV1.errors.id | String | |
CrowdStrike.apiIndicatorRespV1.errors.message | String | |
CrowdStrike.apiIndicatorRespV1.resources.action | String | |
CrowdStrike.apiIndicatorRespV1.resources.applied_globally | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.created_by | String | |
CrowdStrike.apiIndicatorRespV1.resources.created_on | String | |
CrowdStrike.apiIndicatorRespV1.resources.deleted | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.description | String | |
CrowdStrike.apiIndicatorRespV1.resources.expiration | String | |
CrowdStrike.apiIndicatorRespV1.resources.expired | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.id | String | |
CrowdStrike.apiIndicatorRespV1.resources.mobile_action | String | |
CrowdStrike.apiIndicatorRespV1.resources.modified_by | String | |
CrowdStrike.apiIndicatorRespV1.resources.modified_on | String | |
CrowdStrike.apiIndicatorRespV1.resources.severity | String | |
CrowdStrike.apiIndicatorRespV1.resources.source | String | |
CrowdStrike.apiIndicatorRespV1.resources.type | String | |
CrowdStrike.apiIndicatorRespV1.resources.value | String | |
CrowdStrike.apiIndicatorRespV1.errors.code | Number | |
CrowdStrike.apiIndicatorRespV1.errors.id | String | |
CrowdStrike.apiIndicatorRespV1.errors.message | String | |
CrowdStrike.apiIndicatorRespV1.resources.action | String | |
CrowdStrike.apiIndicatorRespV1.resources.applied_globally | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.created_by | String | |
CrowdStrike.apiIndicatorRespV1.resources.created_on | String | |
CrowdStrike.apiIndicatorRespV1.resources.deleted | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.description | String | |
CrowdStrike.apiIndicatorRespV1.resources.expiration | String | |
CrowdStrike.apiIndicatorRespV1.resources.expired | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.id | String | |
CrowdStrike.apiIndicatorRespV1.resources.mobile_action | String | |
CrowdStrike.apiIndicatorRespV1.resources.modified_by | String | |
CrowdStrike.apiIndicatorRespV1.resources.modified_on | String | |
CrowdStrike.apiIndicatorRespV1.resources.severity | String | |
CrowdStrike.apiIndicatorRespV1.resources.source | String | |
CrowdStrike.apiIndicatorRespV1.resources.type | String | |
CrowdStrike.apiIndicatorRespV1.resources.value | String |
#
cs-indicatorsearchv1Search for Indicators.
#
Base Commandcs-indicatorsearchv1
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. Offset and After ms are mutually exclusive. If none provided then scrolling will be used by default. | Optional |
limit | The maximum records to return. | Optional |
sort | The sort expression that should be used to sort the results. Possible values are: action, applied_globally, metadata.av_hits, metadata.company_name.raw, created_by, created_on, expiration, expired, metadata.filename.raw, modified_by, modified_on, metadata.original_filename.raw, metadata.product_name.raw, metadata.product_version, severity_number, source, type, value. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiIndicatorQueryRespV1.errors.code | Number | |
CrowdStrike.apiIndicatorQueryRespV1.errors.id | String | |
CrowdStrike.apiIndicatorQueryRespV1.errors.message | String | |
CrowdStrike.apiIndicatorQueryRespV1.errors.code | Number | |
CrowdStrike.apiIndicatorQueryRespV1.errors.id | String | |
CrowdStrike.apiIndicatorQueryRespV1.errors.message | String |
#
cs-indicatorupdatev1Update Indicators.
#
Base Commandcs-indicatorupdatev1
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERNAME | The username. | Optional |
retrodetects | Whether to submit to retrodetects. | Optional |
ignore_warnings | Set to true to ignore warnings and add all IOCs. | Optional |
api_indicatorupdatereqsv1_bulk_update_action | api_indicatorupdatereqsv1_bulk_update action. | Optional |
api_indicatorupdatereqsv1_bulk_update_applied_globally | api_indicatorupdatereqsv1_bulk_update applied_globally. | Optional |
api_indicatorupdatereqsv1_bulk_update_description | api_indicatorupdatereqsv1_bulk_update description. | Optional |
api_indicatorupdatereqsv1_bulk_update_expiration | api_indicatorupdatereqsv1_bulk_update expiration. | Optional |
api_indicatorupdatereqsv1_bulk_update_filter | api_indicatorupdatereqsv1_bulk_update filter. | Optional |
api_indicatorupdatereqsv1_bulk_update_host_groups | api_indicatorupdatereqsv1_bulk_update host_groups. | Optional |
api_indicatorupdatereqsv1_bulk_update_mobile_action | api_indicatorupdatereqsv1_bulk_update mobile_action. | Optional |
api_indicatorupdatereqsv1_bulk_update_platforms | api_indicatorupdatereqsv1_bulk_update platforms. | Optional |
api_indicatorupdatereqsv1_bulk_update_severity | api_indicatorupdatereqsv1_bulk_update severity. | Optional |
api_indicatorupdatereqsv1_bulk_update_source | api_indicatorupdatereqsv1_bulk_update source. | Optional |
api_indicatorupdatereqsv1_bulk_update_tags | api_indicatorupdatereqsv1_bulk_update tags. | Optional |
api_indicatorupdatereqsv1_comment | Optional | |
api_indicatorupdatereqsv1_indicators | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiIndicatorRespV1.errors.code | Number | |
CrowdStrike.apiIndicatorRespV1.errors.id | String | |
CrowdStrike.apiIndicatorRespV1.errors.message | String | |
CrowdStrike.apiIndicatorRespV1.resources.action | String | |
CrowdStrike.apiIndicatorRespV1.resources.applied_globally | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.created_by | String | |
CrowdStrike.apiIndicatorRespV1.resources.created_on | String | |
CrowdStrike.apiIndicatorRespV1.resources.deleted | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.description | String | |
CrowdStrike.apiIndicatorRespV1.resources.expiration | String | |
CrowdStrike.apiIndicatorRespV1.resources.expired | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.id | String | |
CrowdStrike.apiIndicatorRespV1.resources.mobile_action | String | |
CrowdStrike.apiIndicatorRespV1.resources.modified_by | String | |
CrowdStrike.apiIndicatorRespV1.resources.modified_on | String | |
CrowdStrike.apiIndicatorRespV1.resources.severity | String | |
CrowdStrike.apiIndicatorRespV1.resources.source | String | |
CrowdStrike.apiIndicatorRespV1.resources.type | String | |
CrowdStrike.apiIndicatorRespV1.resources.value | String | |
CrowdStrike.apiIndicatorRespV1.errors.code | Number | |
CrowdStrike.apiIndicatorRespV1.errors.id | String | |
CrowdStrike.apiIndicatorRespV1.errors.message | String | |
CrowdStrike.apiIndicatorRespV1.resources.action | String | |
CrowdStrike.apiIndicatorRespV1.resources.applied_globally | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.created_by | String | |
CrowdStrike.apiIndicatorRespV1.resources.created_on | String | |
CrowdStrike.apiIndicatorRespV1.resources.deleted | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.description | String | |
CrowdStrike.apiIndicatorRespV1.resources.expiration | String | |
CrowdStrike.apiIndicatorRespV1.resources.expired | Boolean | |
CrowdStrike.apiIndicatorRespV1.resources.id | String | |
CrowdStrike.apiIndicatorRespV1.resources.mobile_action | String | |
CrowdStrike.apiIndicatorRespV1.resources.modified_by | String | |
CrowdStrike.apiIndicatorRespV1.resources.modified_on | String | |
CrowdStrike.apiIndicatorRespV1.resources.severity | String | |
CrowdStrike.apiIndicatorRespV1.resources.source | String | |
CrowdStrike.apiIndicatorRespV1.resources.type | String | |
CrowdStrike.apiIndicatorRespV1.resources.value | String |
#
cs-list-available-streamso-auth2Discover all event streams in your environment.
#
Base Commandcs-list-available-streamso-auth2
#
InputArgument Name | Description | Required |
---|---|---|
appId | Label that identifies your connection. Max: 32 alphanumeric characters (a-z, A-Z, 0-9). | Required |
format | Format for streaming events. Valid values: json, flatjson. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.maindiscoveryResponseV2.errors.code | Number | |
CrowdStrike.maindiscoveryResponseV2.errors.id | String | |
CrowdStrike.maindiscoveryResponseV2.errors.message | String | |
CrowdStrike.maindiscoveryResponseV2.resources.dataFeedURL | String | |
CrowdStrike.maindiscoveryResponseV2.resources.refreshActiveSessionInterval | Number | |
CrowdStrike.maindiscoveryResponseV2.resources.refreshActiveSessionURL | String | |
CrowdStrike.maindiscoveryResponseV2.errors.code | Number | |
CrowdStrike.maindiscoveryResponseV2.errors.id | String | |
CrowdStrike.maindiscoveryResponseV2.errors.message | String | |
CrowdStrike.maindiscoveryResponseV2.resources.dataFeedURL | String | |
CrowdStrike.maindiscoveryResponseV2.resources.refreshActiveSessionInterval | Number | |
CrowdStrike.maindiscoveryResponseV2.resources.refreshActiveSessionURL | String |
#
cs-oauth2-access-tokenGenerate an OAuth2 access token.
#
Base Commandcs-oauth2-access-token
#
InputArgument Name | Description | Required |
---|---|---|
client_id | The API client ID to authenticate your API requests. For information on generating API clients, see API documentation inside Falcon. | Required |
client_secret | The API client secret to authenticate your API requests. For information on generating API clients, see API documentation inside Falcon. | Required |
member_cid | For MSSP Master CIDs, optionally lock the token to act on behalf of this member CID. | Optional |
#
Context OutputThere is no context output for this command.
#
cs-oauth2-revoke-tokenRevoke a previously issued OAuth2 access token before the end of its standard 30-minute life .
#
Base Commandcs-oauth2-revoke-token
#
InputArgument Name | Description | Required |
---|---|---|
token | The OAuth2 access token you want to revoke. Include your API client ID and secret in basic auth format (Authorization: basic encoded API client ID and secret ) in your request header. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String | |
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String |
#
cs-patch-cloudconnectazure-entities-clientid-v1Update an Azure service account in our system by with the user-created client_id created with the public key we've provided.
#
Base Commandcs-patch-cloudconnectazure-entities-clientid-v1
#
InputArgument Name | Description | Required |
---|---|---|
id_ | ClientID to use for the Service Principal associated with the customer's Azure account. | Required |
#
Context OutputThere is no context output for this command.
#
cs-patch-cloudconnectcspmazure-entities-clientid-v1Update an Azure service account in our system by with the user-created client_id created with the public key we've provided.
#
Base Commandcs-patch-cloudconnectcspmazure-entities-clientid-v1
#
InputArgument Name | Description | Required |
---|---|---|
id_ | ClientID to use for the Service Principal associated with the customer's Azure account. | Required |
tenant_id | Tenant ID to update client ID for. Required if multiple tenants are registered. | Optional |
#
Context OutputThere is no context output for this command.
#
cs-patchcspm-aws-accountPatches a existing account in our system for a customer.
#
Base Commandcs-patchcspm-aws-account
#
InputArgument Name | Description | Required |
---|---|---|
registration_awsaccountpatchrequest_resources | Required |
#
Context OutputThere is no context output for this command.
#
cs-perform-actionv2Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host.
#
Base Commandcs-perform-actionv2
#
InputArgument Name | Description | Required |
---|---|---|
action_name | Specify one of these actions: - contain - This action contains the host, which stops any network communications to locations other than the CrowdStrike cloud and IPs specified in your containment policy - lift_containment : This action lifts containment on the host, which returns its network communications to normal - hide_host : This action will delete a host. After the host is deleted, no new detections for that host will be reported via UI or APIs - unhide_host : This action will restore a host. Detection reporting will resume after the host is restored. | Required |
msa_entityactionrequestv2_action__meters | Optional | |
msa_entityactionrequestv2_ids | Required |
#
Context OutputThere is no context output for this command.
#
cs-perform-device-control-policies-actionPerform the specified action on the Device Control Policies specified in the request.
#
Base Commandcs-perform-device-control-policies-action
#
InputArgument Name | Description | Required |
---|---|---|
action_name | The action to perform. Possible values are: add-host-group, disable, enable, remove-host-group. | Required |
msa_entityactionrequestv2_action__meters | Optional | |
msa_entityactionrequestv2_ids | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesDeviceControlPoliciesV1.errors.code | Number | |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.id | String | |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.message | String | |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.code | Number | |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.id | String | |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.message | String | |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.platform_name | String | The name of the platform. |
#
cs-perform-firewall-policies-actionPerform the specified action on the Firewall Policies specified in the request.
#
Base Commandcs-perform-firewall-policies-action
#
InputArgument Name | Description | Required |
---|---|---|
action_name | The action to perform. Possible values are: add-host-group, disable, enable, remove-host-group. | Required |
msa_entityactionrequestv2_action__meters | Optional | |
msa_entityactionrequestv2_ids | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesFirewallPoliciesV1.errors.code | Number | |
CrowdStrike.responsesFirewallPoliciesV1.errors.id | String | |
CrowdStrike.responsesFirewallPoliciesV1.errors.message | String | |
CrowdStrike.responsesFirewallPoliciesV1.resources.channel_version | Number | Channel file version for the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesFirewallPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesFirewallPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesFirewallPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesFirewallPoliciesV1.resources.rule_set_id | String | Firewall rule set id. This id combines several firewall rules and gets attached to the policy. |
CrowdStrike.responsesFirewallPoliciesV1.errors.code | Number | |
CrowdStrike.responsesFirewallPoliciesV1.errors.id | String | |
CrowdStrike.responsesFirewallPoliciesV1.errors.message | String | |
CrowdStrike.responsesFirewallPoliciesV1.resources.channel_version | Number | Channel file version for the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesFirewallPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesFirewallPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesFirewallPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesFirewallPoliciesV1.resources.rule_set_id | String | Firewall rule set id. This id combines several firewall rules and gets attached to the policy. |
#
cs-perform-group-actionPerform the specified action on the Host Groups specified in the request.
#
Base Commandcs-perform-group-action
#
InputArgument Name | Description | Required |
---|---|---|
action_name | The action to perform. Possible values are: add-hosts, remove-hosts. | Required |
msa_entityactionrequestv2_action__meters | Optional | |
msa_entityactionrequestv2_ids | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesHostGroupsV1.errors.code | Number | |
CrowdStrike.responsesHostGroupsV1.errors.id | String | |
CrowdStrike.responsesHostGroupsV1.errors.message | String | |
CrowdStrike.responsesHostGroupsV1.resources.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesHostGroupsV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesHostGroupsV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesHostGroupsV1.resources.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesHostGroupsV1.resources.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesHostGroupsV1.resources.id | String | The identifier of this host group. |
CrowdStrike.responsesHostGroupsV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesHostGroupsV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesHostGroupsV1.resources.name | String | The name of the group. |
CrowdStrike.responsesHostGroupsV1.errors.code | Number | |
CrowdStrike.responsesHostGroupsV1.errors.id | String | |
CrowdStrike.responsesHostGroupsV1.errors.message | String | |
CrowdStrike.responsesHostGroupsV1.resources.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesHostGroupsV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesHostGroupsV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesHostGroupsV1.resources.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesHostGroupsV1.resources.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesHostGroupsV1.resources.id | String | The identifier of this host group. |
CrowdStrike.responsesHostGroupsV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesHostGroupsV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesHostGroupsV1.resources.name | String | The name of the group. |
#
cs-perform-incident-actionPerform a set of actions on one or more incidents, such as adding tags or comments or updating the incident name or description.
#
Base Commandcs-perform-incident-action
#
InputArgument Name | Description | Required |
---|---|---|
msa_entityactionrequestv2_action__meters | Optional | |
msa_entityactionrequestv2_ids | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String | |
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String |
#
cs-perform-prevention-policies-actionPerform the specified action on the Prevention Policies specified in the request.
#
Base Commandcs-perform-prevention-policies-action
#
InputArgument Name | Description | Required |
---|---|---|
action_name | The action to perform. Possible values are: add-host-group, add-rule-group, disable, enable, remove-host-group, remove-rule-group. | Required |
msa_entityactionrequestv2_action__meters | Optional | |
msa_entityactionrequestv2_ids | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesPreventionPoliciesV1.errors.code | Number | |
CrowdStrike.responsesPreventionPoliciesV1.errors.id | String | |
CrowdStrike.responsesPreventionPoliciesV1.errors.message | String | |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesPreventionPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.name | String | The name of the category. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
CrowdStrike.responsesPreventionPoliciesV1.errors.code | Number | |
CrowdStrike.responsesPreventionPoliciesV1.errors.id | String | |
CrowdStrike.responsesPreventionPoliciesV1.errors.message | String | |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesPreventionPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.name | String | The name of the category. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
#
cs-perform-sensor-update-policies-actionPerform the specified action on the Sensor Update Policies specified in the request.
#
Base Commandcs-perform-sensor-update-policies-action
#
InputArgument Name | Description | Required |
---|---|---|
action_name | The action to perform. Possible values are: add-host-group, disable, enable, remove-host-group. | Required |
msa_entityactionrequestv2_action__meters | Optional | |
msa_entityactionrequestv2_ids | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.code | Number | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.id | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.message | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.code | Number | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.id | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.message | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.platform_name | String | The name of the platform. |
#
cs-performrt-response-policies-actionPerform the specified action on the Response Policies specified in the request.
#
Base Commandcs-performrt-response-policies-action
#
InputArgument Name | Description | Required |
---|---|---|
action_name | The action to perform. Possible values are: add-host-group, add-rule-group, disable, enable, remove-host-group, remove-rule-group. | Required |
msa_entityactionrequestv2_action__meters | Optional | |
msa_entityactionrequestv2_ids | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesRTResponsePoliciesV1.errors.code | Number | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.id | String | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.message | String | |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.name | String | The name of the category. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
CrowdStrike.responsesRTResponsePoliciesV1.errors.code | Number | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.id | String | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.message | String | |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.name | String | The name of the category. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
#
cs-post-cloudconnectazure-entities-account-v1Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
#
Base Commandcs-post-cloudconnectazure-entities-account-v1
#
InputArgument Name | Description | Required |
---|---|---|
registration_azureaccountcreaterequestexternalv1_resources | Required |
#
Context OutputThere is no context output for this command.
#
cs-post-cloudconnectcspmazure-entities-account-v1Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
#
Base Commandcs-post-cloudconnectcspmazure-entities-account-v1
#
InputArgument Name | Description | Required |
---|---|---|
registration_azureaccountcreaterequestexternalv1_resources | Required |
#
Context OutputThere is no context output for this command.
#
cs-post-mal-query-entities-samples-multidownloadv1Schedule samples for download. Use the result id with the /request endpoint to check if the download is ready after which you can call the /entities/samples-fetch to get the zip.
#
Base Commandcs-post-mal-query-entities-samples-multidownloadv1
#
InputArgument Name | Description | Required |
---|---|---|
malquery_multidownloadrequestv1_samples | List of sample sha256 ids. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.malqueryExternalQueryResponse.errors.code | Number | |
CrowdStrike.malqueryExternalQueryResponse.errors.id | String | |
CrowdStrike.malqueryExternalQueryResponse.errors.message | String | |
CrowdStrike.malqueryExternalQueryResponse.errors.type | String | |
CrowdStrike.malqueryExternalQueryResponse.resources.family | String | Sample family. |
CrowdStrike.malqueryExternalQueryResponse.resources.filesize | Number | Sample size. |
CrowdStrike.malqueryExternalQueryResponse.resources.filetype | String | Sample file type. |
CrowdStrike.malqueryExternalQueryResponse.resources.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryExternalQueryResponse.resources.ignore_reason | String | Reason why the resource is ignored. |
CrowdStrike.malqueryExternalQueryResponse.resources.label | String | Sample label. |
CrowdStrike.malqueryExternalQueryResponse.resources.label_confidence | String | Resource label confidence. |
CrowdStrike.malqueryExternalQueryResponse.resources.md5 | String | Sample MD5. |
CrowdStrike.malqueryExternalQueryResponse.resources.pattern | String | Search pattern. |
CrowdStrike.malqueryExternalQueryResponse.resources.pattern_type | String | Search pattern type. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.family | String | Sample family. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.filesize | Number | Sample size. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.filetype | String | Sample file type. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.label | String | Sample label. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.md5 | String | Sample MD5. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.sha256 | String | Sample SHA256. |
CrowdStrike.malqueryExternalQueryResponse.resources.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryExternalQueryResponse.resources.sha256 | String | Sample SHA256. |
CrowdStrike.malqueryExternalQueryResponse.resources.yara_rule | String | Search YARA rule. |
CrowdStrike.malqueryExternalQueryResponse.errors.code | Number | |
CrowdStrike.malqueryExternalQueryResponse.errors.id | String | |
CrowdStrike.malqueryExternalQueryResponse.errors.message | String | |
CrowdStrike.malqueryExternalQueryResponse.errors.type | String | |
CrowdStrike.malqueryExternalQueryResponse.resources.family | String | Sample family. |
CrowdStrike.malqueryExternalQueryResponse.resources.filesize | Number | Sample size. |
CrowdStrike.malqueryExternalQueryResponse.resources.filetype | String | Sample file type. |
CrowdStrike.malqueryExternalQueryResponse.resources.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryExternalQueryResponse.resources.ignore_reason | String | Reason why the resource is ignored. |
CrowdStrike.malqueryExternalQueryResponse.resources.label | String | Sample label. |
CrowdStrike.malqueryExternalQueryResponse.resources.label_confidence | String | Resource label confidence. |
CrowdStrike.malqueryExternalQueryResponse.resources.md5 | String | Sample MD5. |
CrowdStrike.malqueryExternalQueryResponse.resources.pattern | String | Search pattern. |
CrowdStrike.malqueryExternalQueryResponse.resources.pattern_type | String | Search pattern type. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.family | String | Sample family. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.filesize | Number | Sample size. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.filetype | String | Sample file type. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.label | String | Sample label. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.md5 | String | Sample MD5. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.sha256 | String | Sample SHA256. |
CrowdStrike.malqueryExternalQueryResponse.resources.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryExternalQueryResponse.resources.sha256 | String | Sample SHA256. |
CrowdStrike.malqueryExternalQueryResponse.resources.yara_rule | String | Search YARA rule. |
#
cs-post-mal-query-exact-searchv1Search Falcon MalQuery for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. You can filter results on criteria such as file type, file size and first seen date. Returns a request id which can be used with the /request endpoint.
#
Base Commandcs-post-mal-query-exact-searchv1
#
InputArgument Name | Description | Required |
---|---|---|
malquery_externalexactsearchparametersv1_options_filter_filetypes | malquery_externalexactsearchparametersv1_options filter_filetypes. | Optional |
malquery_externalexactsearchparametersv1_options_filter_meta | malquery_externalexactsearchparametersv1_options filter_meta. | Optional |
malquery_externalexactsearchparametersv1_options_limit | malquery_externalexactsearchparametersv1_options limit. | Optional |
malquery_externalexactsearchparametersv1_options_max_date | malquery_externalexactsearchparametersv1_options max_date. | Optional |
malquery_externalexactsearchparametersv1_options_max_size | malquery_externalexactsearchparametersv1_options max_size. | Optional |
malquery_externalexactsearchparametersv1_options_min_date | malquery_externalexactsearchparametersv1_options min_date. | Optional |
malquery_externalexactsearchparametersv1_options_min_size | malquery_externalexactsearchparametersv1_options min_size. | Optional |
malquery_externalexactsearchparametersv1_patterns | Patterns to search for. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.malqueryExternalQueryResponse.errors.code | Number | |
CrowdStrike.malqueryExternalQueryResponse.errors.id | String | |
CrowdStrike.malqueryExternalQueryResponse.errors.message | String | |
CrowdStrike.malqueryExternalQueryResponse.errors.type | String | |
CrowdStrike.malqueryExternalQueryResponse.resources.family | String | Sample family. |
CrowdStrike.malqueryExternalQueryResponse.resources.filesize | Number | Sample size. |
CrowdStrike.malqueryExternalQueryResponse.resources.filetype | String | Sample file type. |
CrowdStrike.malqueryExternalQueryResponse.resources.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryExternalQueryResponse.resources.ignore_reason | String | Reason why the resource is ignored. |
CrowdStrike.malqueryExternalQueryResponse.resources.label | String | Sample label. |
CrowdStrike.malqueryExternalQueryResponse.resources.label_confidence | String | Resource label confidence. |
CrowdStrike.malqueryExternalQueryResponse.resources.md5 | String | Sample MD5. |
CrowdStrike.malqueryExternalQueryResponse.resources.pattern | String | Search pattern. |
CrowdStrike.malqueryExternalQueryResponse.resources.pattern_type | String | Search pattern type. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.family | String | Sample family. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.filesize | Number | Sample size. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.filetype | String | Sample file type. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.label | String | Sample label. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.md5 | String | Sample MD5. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.sha256 | String | Sample SHA256. |
CrowdStrike.malqueryExternalQueryResponse.resources.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryExternalQueryResponse.resources.sha256 | String | Sample SHA256. |
CrowdStrike.malqueryExternalQueryResponse.resources.yara_rule | String | Search YARA rule. |
CrowdStrike.malqueryExternalQueryResponse.errors.code | Number | |
CrowdStrike.malqueryExternalQueryResponse.errors.id | String | |
CrowdStrike.malqueryExternalQueryResponse.errors.message | String | |
CrowdStrike.malqueryExternalQueryResponse.errors.type | String | |
CrowdStrike.malqueryExternalQueryResponse.resources.family | String | Sample family. |
CrowdStrike.malqueryExternalQueryResponse.resources.filesize | Number | Sample size. |
CrowdStrike.malqueryExternalQueryResponse.resources.filetype | String | Sample file type. |
CrowdStrike.malqueryExternalQueryResponse.resources.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryExternalQueryResponse.resources.ignore_reason | String | Reason why the resource is ignored. |
CrowdStrike.malqueryExternalQueryResponse.resources.label | String | Sample label. |
CrowdStrike.malqueryExternalQueryResponse.resources.label_confidence | String | Resource label confidence. |
CrowdStrike.malqueryExternalQueryResponse.resources.md5 | String | Sample MD5. |
CrowdStrike.malqueryExternalQueryResponse.resources.pattern | String | Search pattern. |
CrowdStrike.malqueryExternalQueryResponse.resources.pattern_type | String | Search pattern type. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.family | String | Sample family. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.filesize | Number | Sample size. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.filetype | String | Sample file type. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.label | String | Sample label. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.md5 | String | Sample MD5. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.sha256 | String | Sample SHA256. |
CrowdStrike.malqueryExternalQueryResponse.resources.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryExternalQueryResponse.resources.sha256 | String | Sample SHA256. |
CrowdStrike.malqueryExternalQueryResponse.resources.yara_rule | String | Search YARA rule. |
#
cs-post-mal-query-fuzzy-searchv1Search Falcon MalQuery quickly, but with more potential for false positives. Search for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity.
#
Base Commandcs-post-mal-query-fuzzy-searchv1
#
InputArgument Name | Description | Required |
---|---|---|
malquery_fuzzysearchparametersv1_options_filter_meta | malquery_fuzzysearchparametersv1_options filter_meta. | Optional |
malquery_fuzzysearchparametersv1_options_limit | malquery_fuzzysearchparametersv1_options limit. | Optional |
malquery_fuzzysearchparametersv1_patterns | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.malqueryFuzzySearchResponse.errors.code | Number | |
CrowdStrike.malqueryFuzzySearchResponse.errors.id | String | |
CrowdStrike.malqueryFuzzySearchResponse.errors.message | String | |
CrowdStrike.malqueryFuzzySearchResponse.errors.type | String | |
CrowdStrike.malqueryFuzzySearchResponse.resources.family | String | Sample family. |
CrowdStrike.malqueryFuzzySearchResponse.resources.filesize | Number | Sample size. |
CrowdStrike.malqueryFuzzySearchResponse.resources.filetype | String | Sample file type. |
CrowdStrike.malqueryFuzzySearchResponse.resources.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryFuzzySearchResponse.resources.label | String | Sample label. |
CrowdStrike.malqueryFuzzySearchResponse.resources.md5 | String | Sample MD5. |
CrowdStrike.malqueryFuzzySearchResponse.resources.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryFuzzySearchResponse.resources.sha256 | String | Sample SHA256. |
CrowdStrike.malqueryFuzzySearchResponse.errors.code | Number | |
CrowdStrike.malqueryFuzzySearchResponse.errors.id | String | |
CrowdStrike.malqueryFuzzySearchResponse.errors.message | String | |
CrowdStrike.malqueryFuzzySearchResponse.errors.type | String | |
CrowdStrike.malqueryFuzzySearchResponse.resources.family | String | Sample family. |
CrowdStrike.malqueryFuzzySearchResponse.resources.filesize | Number | Sample size. |
CrowdStrike.malqueryFuzzySearchResponse.resources.filetype | String | Sample file type. |
CrowdStrike.malqueryFuzzySearchResponse.resources.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryFuzzySearchResponse.resources.label | String | Sample label. |
CrowdStrike.malqueryFuzzySearchResponse.resources.md5 | String | Sample MD5. |
CrowdStrike.malqueryFuzzySearchResponse.resources.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryFuzzySearchResponse.resources.sha256 | String | Sample SHA256. |
#
cs-post-mal-query-huntv1Schedule a YARA-based search for execution. Returns a request id which can be used with the /request endpoint.
#
Base Commandcs-post-mal-query-huntv1
#
InputArgument Name | Description | Required |
---|---|---|
malquery_externalhuntparametersv1_options_filter_filetypes | malquery_externalhuntparametersv1_options filter_filetypes. | Optional |
malquery_externalhuntparametersv1_options_filter_meta | malquery_externalhuntparametersv1_options filter_meta. | Optional |
malquery_externalhuntparametersv1_options_limit | malquery_externalhuntparametersv1_options limit. | Optional |
malquery_externalhuntparametersv1_options_max_date | malquery_externalhuntparametersv1_options max_date. | Optional |
malquery_externalhuntparametersv1_options_max_size | malquery_externalhuntparametersv1_options max_size. | Optional |
malquery_externalhuntparametersv1_options_min_date | malquery_externalhuntparametersv1_options min_date. | Optional |
malquery_externalhuntparametersv1_options_min_size | malquery_externalhuntparametersv1_options min_size. | Optional |
malquery_externalhuntparametersv1_yara_rule | A YARA rule that defines your search. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.malqueryExternalQueryResponse.errors.code | Number | |
CrowdStrike.malqueryExternalQueryResponse.errors.id | String | |
CrowdStrike.malqueryExternalQueryResponse.errors.message | String | |
CrowdStrike.malqueryExternalQueryResponse.errors.type | String | |
CrowdStrike.malqueryExternalQueryResponse.resources.family | String | Sample family. |
CrowdStrike.malqueryExternalQueryResponse.resources.filesize | Number | Sample size. |
CrowdStrike.malqueryExternalQueryResponse.resources.filetype | String | Sample file type. |
CrowdStrike.malqueryExternalQueryResponse.resources.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryExternalQueryResponse.resources.ignore_reason | String | Reason why the resource is ignored. |
CrowdStrike.malqueryExternalQueryResponse.resources.label | String | Sample label. |
CrowdStrike.malqueryExternalQueryResponse.resources.label_confidence | String | Resource label confidence. |
CrowdStrike.malqueryExternalQueryResponse.resources.md5 | String | Sample MD5. |
CrowdStrike.malqueryExternalQueryResponse.resources.pattern | String | Search pattern. |
CrowdStrike.malqueryExternalQueryResponse.resources.pattern_type | String | Search pattern type. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.family | String | Sample family. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.filesize | Number | Sample size. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.filetype | String | Sample file type. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.label | String | Sample label. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.md5 | String | Sample MD5. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.sha256 | String | Sample SHA256. |
CrowdStrike.malqueryExternalQueryResponse.resources.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryExternalQueryResponse.resources.sha256 | String | Sample SHA256. |
CrowdStrike.malqueryExternalQueryResponse.resources.yara_rule | String | Search YARA rule. |
CrowdStrike.malqueryExternalQueryResponse.errors.code | Number | |
CrowdStrike.malqueryExternalQueryResponse.errors.id | String | |
CrowdStrike.malqueryExternalQueryResponse.errors.message | String | |
CrowdStrike.malqueryExternalQueryResponse.errors.type | String | |
CrowdStrike.malqueryExternalQueryResponse.resources.family | String | Sample family. |
CrowdStrike.malqueryExternalQueryResponse.resources.filesize | Number | Sample size. |
CrowdStrike.malqueryExternalQueryResponse.resources.filetype | String | Sample file type. |
CrowdStrike.malqueryExternalQueryResponse.resources.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryExternalQueryResponse.resources.ignore_reason | String | Reason why the resource is ignored. |
CrowdStrike.malqueryExternalQueryResponse.resources.label | String | Sample label. |
CrowdStrike.malqueryExternalQueryResponse.resources.label_confidence | String | Resource label confidence. |
CrowdStrike.malqueryExternalQueryResponse.resources.md5 | String | Sample MD5. |
CrowdStrike.malqueryExternalQueryResponse.resources.pattern | String | Search pattern. |
CrowdStrike.malqueryExternalQueryResponse.resources.pattern_type | String | Search pattern type. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.family | String | Sample family. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.filesize | Number | Sample size. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.filetype | String | Sample file type. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.first_seen | String | Date when it was first seen. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.label | String | Sample label. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.md5 | String | Sample MD5. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryExternalQueryResponse.resources.samples.sha256 | String | Sample SHA256. |
CrowdStrike.malqueryExternalQueryResponse.resources.sha1 | String | Sample SHA1. |
CrowdStrike.malqueryExternalQueryResponse.resources.sha256 | String | Sample SHA256. |
CrowdStrike.malqueryExternalQueryResponse.resources.yara_rule | String | Search YARA rule. |
#
cs-preview-rulev1Preview rules notification count and distribution. This will return aggregations on: channel, count, site.
#
Base Commandcs-preview-rulev1
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERUUID | User UUID. | Optional |
domain_rulepreviewrequest_filter | Required | |
domain_rulepreviewrequest_topic | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainAggregatesResponse.errors.code | Number | |
CrowdStrike.domainAggregatesResponse.errors.details.field | String | |
CrowdStrike.domainAggregatesResponse.errors.details.message | String | |
CrowdStrike.domainAggregatesResponse.errors.details.message_key | String | |
CrowdStrike.domainAggregatesResponse.errors.id | String | |
CrowdStrike.domainAggregatesResponse.errors.message | String | |
CrowdStrike.domainAggregatesResponse.errors.message_key | String | |
CrowdStrike.domainAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.domainAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.domainAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.domainAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.domainAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.domainAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.domainAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.domainAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.domainAggregatesResponse.resources.name | String | |
CrowdStrike.domainAggregatesResponse.resources.sum_other_doc_count | Number | |
CrowdStrike.domainAggregatesResponse.errors.code | Number | |
CrowdStrike.domainAggregatesResponse.errors.details.field | String | |
CrowdStrike.domainAggregatesResponse.errors.details.message | String | |
CrowdStrike.domainAggregatesResponse.errors.details.message_key | String | |
CrowdStrike.domainAggregatesResponse.errors.id | String | |
CrowdStrike.domainAggregatesResponse.errors.message | String | |
CrowdStrike.domainAggregatesResponse.errors.message_key | String | |
CrowdStrike.domainAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.domainAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.domainAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.domainAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.domainAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.domainAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.domainAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.domainAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.domainAggregatesResponse.resources.name | String | |
CrowdStrike.domainAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-processes-ran-onSearch for processes associated with a custom IOC.
#
Base Commandcs-processes-ran-on
#
InputArgument Name | Description | Required |
---|---|---|
type_ | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. . | Required |
value | The string representation of the indicator. | Required |
device_id | Specify a host's ID to return only processes from that host. Get a host's ID from GET /devices/queries/devices/v1, the Falcon console, or the Streaming API. | Required |
limit | The first process to return, where 0 is the latest offset. Use with the offset meter to manage pagination of results. | Optional |
offset | The first process to return, where 0 is the latest offset. Use with the limit meter to manage pagination of results. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiMsaReplyProcessesRanOn.errors.code | Number | |
CrowdStrike.apiMsaReplyProcessesRanOn.errors.id | String | |
CrowdStrike.apiMsaReplyProcessesRanOn.errors.message | String | |
CrowdStrike.apiMsaReplyProcessesRanOn.errors.code | Number | |
CrowdStrike.apiMsaReplyProcessesRanOn.errors.id | String | |
CrowdStrike.apiMsaReplyProcessesRanOn.errors.message | String |
#
cs-provisionaws-accountsProvision AWS Accounts by specifying details about the accounts to provision.
#
Base Commandcs-provisionaws-accounts
#
InputArgument Name | Description | Required |
---|---|---|
mode | Mode for provisioning. Allowed values are manual or cloudformation . Defaults to manual if not defined. Possible values are: cloudformation, manual. | Optional |
models_createawsaccountsv1_resources | Required |
#
Context OutputThere is no context output for this command.
#
cs-query-actionsv1Query actions based on provided criteria. Use the IDs from this response to get the action entities on GET /entities/actions/v1.
#
Base Commandcs-query-actionsv1
#
InputArgument Name | Description | Required |
---|---|---|
offset | Starting index of overall result set from which to return IDs. | Optional |
limit | Number of IDs to return. | Optional |
sort | Possible order by fields: created_timestamp, updated_timestamp. Ex: 'updated_timestamp|desc'. | Optional |
filter_ | FQL query to filter actions by. Possible filter properties are: [id cid user_uuid rule_id type frequency recipients status created_timestamp updated_timestamp]. | Optional |
q | Free text search across all indexed fields. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainQueryResponse.errors.code | Number | |
CrowdStrike.domainQueryResponse.errors.details.field | String | |
CrowdStrike.domainQueryResponse.errors.details.message | String | |
CrowdStrike.domainQueryResponse.errors.details.message_key | String | |
CrowdStrike.domainQueryResponse.errors.id | String | |
CrowdStrike.domainQueryResponse.errors.message | String | |
CrowdStrike.domainQueryResponse.errors.message_key | String | |
CrowdStrike.domainQueryResponse.errors.code | Number | |
CrowdStrike.domainQueryResponse.errors.details.field | String | |
CrowdStrike.domainQueryResponse.errors.details.message | String | |
CrowdStrike.domainQueryResponse.errors.details.message_key | String | |
CrowdStrike.domainQueryResponse.errors.id | String | |
CrowdStrike.domainQueryResponse.errors.message | String | |
CrowdStrike.domainQueryResponse.errors.message_key | String |
#
cs-query-allow-list-filterRetrieve allowlist tickets that match the provided filter criteria with scrolling enabled.
#
Base Commandcs-query-allow-list-filter
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum records to return. [1-500]. | Optional |
sort | The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc". | Optional |
filter_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-behaviorsSearch for behaviors by providing an FQL filter, sorting, and paging details.
#
Base Commandcs-query-behaviors
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
limit | The maximum records to return. [1-500]. | Optional |
sort | The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc". Possible values are: timestamp.asc, timestamp.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-block-list-filterRetrieve block listtickets that match the provided filter criteria with scrolling enabled.
#
Base Commandcs-query-block-list-filter
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum records to return. [1-500]. | Optional |
sort | The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc". | Optional |
filter_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-childrenQuery for customers linked as children.
#
Base Commandcs-query-children
#
InputArgument Name | Description | Required |
---|---|---|
sort | The sort expression used to sort the results. Possible values are: last_modified_timestamp. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
limit | Number of ids to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-combined-device-control-policiesSearch for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policies which match the filter criteria.
#
Base Commandcs-query-combined-device-control-policies
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. Possible values are: created_by.asc, created_by.desc, created_timestamp.asc, created_timestamp.desc, enabled.asc, enabled.desc, modified_by.asc, modified_by.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc, platform_name.asc, platform_name.desc, precedence.asc, precedence.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesDeviceControlPoliciesV1.errors.code | Number | |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.id | String | |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.message | String | |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.code | Number | |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.id | String | |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.message | String | |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.platform_name | String | The name of the platform. |
#
cs-query-combined-device-control-policy-membersSearch for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria.
#
Base Commandcs-query-combined-device-control-policy-members
#
InputArgument Name | Description | Required |
---|---|---|
id_ | The ID of the Device Control Policy to search for members of. | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesPolicyMembersRespV1.errors.code | Number | |
CrowdStrike.responsesPolicyMembersRespV1.errors.id | String | |
CrowdStrike.responsesPolicyMembersRespV1.errors.message | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_load_flags | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_local_time | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.build_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cid | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_base | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_build | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_platform | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cpu_signature | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.detection_suppression_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.device_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.email | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.external_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.group_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.host_hidden_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.instance_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.local_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.mac_address | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.machine_domain | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.major_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.minor_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.os_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_namespace | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_service_account_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pointer_size | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied | Boolean | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.assigned_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.rule_set_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.settings_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.uninstall_protection | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type_desc | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.provision_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.reduced_functionality_mode | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.release_group | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.serial_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_major | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_minor | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider_account_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.site_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.slow_changing_modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_product_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.zone_group | String | |
CrowdStrike.responsesPolicyMembersRespV1.errors.code | Number | |
CrowdStrike.responsesPolicyMembersRespV1.errors.id | String | |
CrowdStrike.responsesPolicyMembersRespV1.errors.message | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_load_flags | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_local_time | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.build_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cid | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_base | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_build | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_platform | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cpu_signature | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.detection_suppression_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.device_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.email | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.external_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.group_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.host_hidden_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.instance_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.local_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.mac_address | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.machine_domain | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.major_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.minor_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.os_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_namespace | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_service_account_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pointer_size | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied | Boolean | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.assigned_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.rule_set_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.settings_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.uninstall_protection | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type_desc | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.provision_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.reduced_functionality_mode | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.release_group | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.serial_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_major | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_minor | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider_account_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.site_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.slow_changing_modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_product_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.zone_group | String |
#
cs-query-combined-firewall-policiesSearch for Firewall Policies in your environment by providing an FQL filter and paging details. Returns a set of Firewall Policies which match the filter criteria.
#
Base Commandcs-query-combined-firewall-policies
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. Possible values are: created_by.asc, created_by.desc, created_timestamp.asc, created_timestamp.desc, enabled.asc, enabled.desc, modified_by.asc, modified_by.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc, platform_name.asc, platform_name.desc, precedence.asc, precedence.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesFirewallPoliciesV1.errors.code | Number | |
CrowdStrike.responsesFirewallPoliciesV1.errors.id | String | |
CrowdStrike.responsesFirewallPoliciesV1.errors.message | String | |
CrowdStrike.responsesFirewallPoliciesV1.resources.channel_version | Number | Channel file version for the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesFirewallPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesFirewallPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesFirewallPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesFirewallPoliciesV1.resources.rule_set_id | String | Firewall rule set id. This id combines several firewall rules and gets attached to the policy. |
CrowdStrike.responsesFirewallPoliciesV1.errors.code | Number | |
CrowdStrike.responsesFirewallPoliciesV1.errors.id | String | |
CrowdStrike.responsesFirewallPoliciesV1.errors.message | String | |
CrowdStrike.responsesFirewallPoliciesV1.resources.channel_version | Number | Channel file version for the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesFirewallPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesFirewallPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesFirewallPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesFirewallPoliciesV1.resources.rule_set_id | String | Firewall rule set id. This id combines several firewall rules and gets attached to the policy. |
#
cs-query-combined-firewall-policy-membersSearch for members of a Firewall Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria.
#
Base Commandcs-query-combined-firewall-policy-members
#
InputArgument Name | Description | Required |
---|---|---|
id_ | The ID of the Firewall Policy to search for members of. | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesPolicyMembersRespV1.errors.code | Number | |
CrowdStrike.responsesPolicyMembersRespV1.errors.id | String | |
CrowdStrike.responsesPolicyMembersRespV1.errors.message | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_load_flags | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_local_time | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.build_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cid | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_base | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_build | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_platform | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cpu_signature | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.detection_suppression_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.device_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.email | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.external_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.group_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.host_hidden_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.instance_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.local_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.mac_address | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.machine_domain | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.major_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.minor_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.os_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_namespace | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_service_account_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pointer_size | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied | Boolean | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.assigned_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.rule_set_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.settings_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.uninstall_protection | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type_desc | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.provision_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.reduced_functionality_mode | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.release_group | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.serial_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_major | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_minor | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider_account_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.site_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.slow_changing_modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_product_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.zone_group | String | |
CrowdStrike.responsesPolicyMembersRespV1.errors.code | Number | |
CrowdStrike.responsesPolicyMembersRespV1.errors.id | String | |
CrowdStrike.responsesPolicyMembersRespV1.errors.message | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_load_flags | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_local_time | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.build_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cid | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_base | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_build | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_platform | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cpu_signature | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.detection_suppression_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.device_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.email | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.external_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.group_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.host_hidden_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.instance_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.local_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.mac_address | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.machine_domain | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.major_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.minor_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.os_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_namespace | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_service_account_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pointer_size | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied | Boolean | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.assigned_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.rule_set_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.settings_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.uninstall_protection | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type_desc | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.provision_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.reduced_functionality_mode | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.release_group | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.serial_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_major | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_minor | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider_account_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.site_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.slow_changing_modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_product_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.zone_group | String |
#
cs-query-combined-group-membersSearch for members of a Host Group in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria.
#
Base Commandcs-query-combined-group-members
#
InputArgument Name | Description | Required |
---|---|---|
id_ | The ID of the Host Group to search for members of. | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesHostGroupMembersV1.errors.code | Number | |
CrowdStrike.responsesHostGroupMembersV1.errors.id | String | |
CrowdStrike.responsesHostGroupMembersV1.errors.message | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.agent_load_flags | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.agent_local_time | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.agent_version | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.bios_manufacturer | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.bios_version | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.build_number | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.cid | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.config_id_base | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.config_id_build | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.config_id_platform | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.detection_suppression_status | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.device_id | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.email | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.external_ip | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.first_login_timestamp | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.first_login_user | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.first_seen | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.group_hash | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.host_hidden_status | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.hostname | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.instance_id | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.last_login_timestamp | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.last_login_user | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.last_seen | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.local_ip | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.mac_address | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.machine_domain | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.major_version | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.minor_version | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.modified_timestamp | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.os_version | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.platform_id | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.platform_name | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.pointer_size | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.applied | Boolean | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.applied_date | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.assigned_date | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.policy_id | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.policy_type | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.rule_set_id | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.settings_hash | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.uninstall_protection | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.product_type | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.product_type_desc | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.provision_status | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.release_group | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.service_pack_major | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.service_pack_minor | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.service_provider | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.service_provider_account_id | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.site_name | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.slow_changing_modified_timestamp | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.status | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.system_manufacturer | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.system_product_name | String | |
CrowdStrike.responsesHostGroupMembersV1.errors.code | Number | |
CrowdStrike.responsesHostGroupMembersV1.errors.id | String | |
CrowdStrike.responsesHostGroupMembersV1.errors.message | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.agent_load_flags | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.agent_local_time | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.agent_version | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.bios_manufacturer | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.bios_version | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.build_number | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.cid | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.config_id_base | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.config_id_build | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.config_id_platform | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.detection_suppression_status | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.device_id | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.email | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.external_ip | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.first_login_timestamp | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.first_login_user | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.first_seen | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.group_hash | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.host_hidden_status | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.hostname | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.instance_id | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.last_login_timestamp | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.last_login_user | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.last_seen | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.local_ip | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.mac_address | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.machine_domain | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.major_version | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.minor_version | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.modified_timestamp | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.os_version | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.platform_id | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.platform_name | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.pointer_size | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.applied | Boolean | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.applied_date | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.assigned_date | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.policy_id | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.policy_type | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.rule_set_id | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.settings_hash | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.policies.uninstall_protection | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.product_type | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.product_type_desc | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.provision_status | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.release_group | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.service_pack_major | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.service_pack_minor | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.service_provider | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.service_provider_account_id | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.site_name | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.slow_changing_modified_timestamp | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.status | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.system_manufacturer | String | |
CrowdStrike.responsesHostGroupMembersV1.resources.system_product_name | String |
#
cs-query-combined-host-groupsSearch for Host Groups in your environment by providing an FQL filter and paging details. Returns a set of Host Groups which match the filter criteria.
#
Base Commandcs-query-combined-host-groups
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. Possible values are: created_by.asc, created_by.desc, created_timestamp.asc, created_timestamp.desc, group_type.asc, group_type.desc, modified_by.asc, modified_by.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesHostGroupsV1.errors.code | Number | |
CrowdStrike.responsesHostGroupsV1.errors.id | String | |
CrowdStrike.responsesHostGroupsV1.errors.message | String | |
CrowdStrike.responsesHostGroupsV1.resources.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesHostGroupsV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesHostGroupsV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesHostGroupsV1.resources.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesHostGroupsV1.resources.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesHostGroupsV1.resources.id | String | The identifier of this host group. |
CrowdStrike.responsesHostGroupsV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesHostGroupsV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesHostGroupsV1.resources.name | String | The name of the group. |
CrowdStrike.responsesHostGroupsV1.errors.code | Number | |
CrowdStrike.responsesHostGroupsV1.errors.id | String | |
CrowdStrike.responsesHostGroupsV1.errors.message | String | |
CrowdStrike.responsesHostGroupsV1.resources.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesHostGroupsV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesHostGroupsV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesHostGroupsV1.resources.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesHostGroupsV1.resources.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesHostGroupsV1.resources.id | String | The identifier of this host group. |
CrowdStrike.responsesHostGroupsV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesHostGroupsV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesHostGroupsV1.resources.name | String | The name of the group. |
#
cs-query-combined-prevention-policiesSearch for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria.
#
Base Commandcs-query-combined-prevention-policies
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. Possible values are: created_by.asc, created_by.desc, created_timestamp.asc, created_timestamp.desc, enabled.asc, enabled.desc, modified_by.asc, modified_by.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc, platform_name.asc, platform_name.desc, precedence.asc, precedence.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesPreventionPoliciesV1.errors.code | Number | |
CrowdStrike.responsesPreventionPoliciesV1.errors.id | String | |
CrowdStrike.responsesPreventionPoliciesV1.errors.message | String | |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesPreventionPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.name | String | The name of the category. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
CrowdStrike.responsesPreventionPoliciesV1.errors.code | Number | |
CrowdStrike.responsesPreventionPoliciesV1.errors.id | String | |
CrowdStrike.responsesPreventionPoliciesV1.errors.message | String | |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesPreventionPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.name | String | The name of the category. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
#
cs-query-combined-prevention-policy-membersSearch for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria.
#
Base Commandcs-query-combined-prevention-policy-members
#
InputArgument Name | Description | Required |
---|---|---|
id_ | The ID of the Prevention Policy to search for members of. | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesPolicyMembersRespV1.errors.code | Number | |
CrowdStrike.responsesPolicyMembersRespV1.errors.id | String | |
CrowdStrike.responsesPolicyMembersRespV1.errors.message | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_load_flags | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_local_time | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.build_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cid | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_base | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_build | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_platform | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cpu_signature | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.detection_suppression_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.device_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.email | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.external_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.group_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.host_hidden_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.instance_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.local_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.mac_address | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.machine_domain | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.major_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.minor_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.os_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_namespace | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_service_account_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pointer_size | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied | Boolean | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.assigned_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.rule_set_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.settings_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.uninstall_protection | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type_desc | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.provision_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.reduced_functionality_mode | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.release_group | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.serial_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_major | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_minor | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider_account_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.site_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.slow_changing_modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_product_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.zone_group | String | |
CrowdStrike.responsesPolicyMembersRespV1.errors.code | Number | |
CrowdStrike.responsesPolicyMembersRespV1.errors.id | String | |
CrowdStrike.responsesPolicyMembersRespV1.errors.message | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_load_flags | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_local_time | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.build_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cid | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_base | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_build | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_platform | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cpu_signature | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.detection_suppression_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.device_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.email | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.external_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.group_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.host_hidden_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.instance_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.local_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.mac_address | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.machine_domain | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.major_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.minor_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.os_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_namespace | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_service_account_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pointer_size | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied | Boolean | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.assigned_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.rule_set_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.settings_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.uninstall_protection | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type_desc | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.provision_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.reduced_functionality_mode | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.release_group | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.serial_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_major | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_minor | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider_account_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.site_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.slow_changing_modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_product_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.zone_group | String |
#
cs-query-combined-sensor-update-buildsRetrieve available builds for use with Sensor Update Policies.
#
Base Commandcs-query-combined-sensor-update-builds
#
InputArgument Name | Description | Required |
---|---|---|
platform | The platform to return builds for. Possible values are: linux, mac, windows. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesSensorUpdateBuildsV1.errors.code | Number | |
CrowdStrike.responsesSensorUpdateBuildsV1.errors.id | String | |
CrowdStrike.responsesSensorUpdateBuildsV1.errors.message | String | |
CrowdStrike.responsesSensorUpdateBuildsV1.resources.build | String | |
CrowdStrike.responsesSensorUpdateBuildsV1.resources.platform | String | |
CrowdStrike.responsesSensorUpdateBuildsV1.errors.code | Number | |
CrowdStrike.responsesSensorUpdateBuildsV1.errors.id | String | |
CrowdStrike.responsesSensorUpdateBuildsV1.errors.message | String | |
CrowdStrike.responsesSensorUpdateBuildsV1.resources.build | String | |
CrowdStrike.responsesSensorUpdateBuildsV1.resources.platform | String |
#
cs-query-combined-sensor-update-policiesSearch for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria.
#
Base Commandcs-query-combined-sensor-update-policies
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. Possible values are: created_by.asc, created_by.desc, created_timestamp.asc, created_timestamp.desc, enabled.asc, enabled.desc, modified_by.asc, modified_by.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc, platform_name.asc, platform_name.desc, precedence.asc, precedence.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.code | Number | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.id | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.message | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.code | Number | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.id | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.message | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.platform_name | String | The name of the platform. |
#
cs-query-combined-sensor-update-policiesv2Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria.
#
Base Commandcs-query-combined-sensor-update-policiesv2
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. Possible values are: created_by.asc, created_by.desc, created_timestamp.asc, created_timestamp.desc, enabled.asc, enabled.desc, modified_by.asc, modified_by.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc, platform_name.asc, platform_name.desc, precedence.asc, precedence.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.code | Number | |
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.id | String | |
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.message | String | |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.code | Number | |
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.id | String | |
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.message | String | |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.platform_name | String | The name of the platform. |
#
cs-query-combined-sensor-update-policy-membersSearch for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria.
#
Base Commandcs-query-combined-sensor-update-policy-members
#
InputArgument Name | Description | Required |
---|---|---|
id_ | The ID of the Sensor Update Policy to search for members of. | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesPolicyMembersRespV1.errors.code | Number | |
CrowdStrike.responsesPolicyMembersRespV1.errors.id | String | |
CrowdStrike.responsesPolicyMembersRespV1.errors.message | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_load_flags | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_local_time | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.build_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cid | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_base | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_build | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_platform | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cpu_signature | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.detection_suppression_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.device_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.email | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.external_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.group_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.host_hidden_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.instance_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.local_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.mac_address | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.machine_domain | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.major_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.minor_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.os_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_namespace | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_service_account_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pointer_size | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied | Boolean | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.assigned_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.rule_set_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.settings_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.uninstall_protection | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type_desc | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.provision_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.reduced_functionality_mode | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.release_group | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.serial_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_major | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_minor | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider_account_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.site_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.slow_changing_modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_product_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.zone_group | String | |
CrowdStrike.responsesPolicyMembersRespV1.errors.code | Number | |
CrowdStrike.responsesPolicyMembersRespV1.errors.id | String | |
CrowdStrike.responsesPolicyMembersRespV1.errors.message | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_load_flags | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_local_time | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.build_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cid | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_base | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_build | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_platform | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cpu_signature | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.detection_suppression_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.device_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.email | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.external_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.group_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.host_hidden_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.instance_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.local_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.mac_address | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.machine_domain | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.major_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.minor_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.os_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_namespace | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_service_account_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pointer_size | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied | Boolean | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.assigned_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.rule_set_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.settings_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.uninstall_protection | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type_desc | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.provision_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.reduced_functionality_mode | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.release_group | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.serial_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_major | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_minor | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider_account_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.site_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.slow_changing_modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_product_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.zone_group | String |
#
cs-query-combinedrt-response-policiesSearch for Response Policies in your environment by providing an FQL filter and paging details. Returns a set of Response Policies which match the filter criteria.
#
Base Commandcs-query-combinedrt-response-policies
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. Possible values are: created_by.asc, created_by.desc, created_timestamp.asc, created_timestamp.desc, enabled.asc, enabled.desc, modified_by.asc, modified_by.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc, platform_name.asc, platform_name.desc, precedence.asc, precedence.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesRTResponsePoliciesV1.errors.code | Number | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.id | String | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.message | String | |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.name | String | The name of the category. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
CrowdStrike.responsesRTResponsePoliciesV1.errors.code | Number | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.id | String | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.message | String | |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.name | String | The name of the category. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
#
cs-query-combinedrt-response-policy-membersSearch for members of a Response policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria.
#
Base Commandcs-query-combinedrt-response-policy-members
#
InputArgument Name | Description | Required |
---|---|---|
id_ | The ID of the Response policy to search for members of. | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesPolicyMembersRespV1.errors.code | Number | |
CrowdStrike.responsesPolicyMembersRespV1.errors.id | String | |
CrowdStrike.responsesPolicyMembersRespV1.errors.message | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_load_flags | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_local_time | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.build_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cid | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_base | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_build | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_platform | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cpu_signature | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.detection_suppression_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.device_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.email | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.external_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.group_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.host_hidden_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.instance_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.local_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.mac_address | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.machine_domain | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.major_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.minor_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.os_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_namespace | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_service_account_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pointer_size | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied | Boolean | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.assigned_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.rule_set_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.settings_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.uninstall_protection | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type_desc | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.provision_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.reduced_functionality_mode | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.release_group | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.serial_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_major | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_minor | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider_account_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.site_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.slow_changing_modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_product_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.zone_group | String | |
CrowdStrike.responsesPolicyMembersRespV1.errors.code | Number | |
CrowdStrike.responsesPolicyMembersRespV1.errors.id | String | |
CrowdStrike.responsesPolicyMembersRespV1.errors.message | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_load_flags | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_local_time | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.agent_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.bios_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.build_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cid | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_base | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_build | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.config_id_platform | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.cpu_signature | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.detection_suppression_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.device_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.email | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.external_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.first_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.group_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.host_hidden_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.instance_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_login_user | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.last_seen | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.local_ip | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.mac_address | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.machine_domain | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.major_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.minor_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.os_version | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.platform_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_host_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_hostname | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip4 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_ip6 | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_namespace | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pod_service_account_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.pointer_size | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied | Boolean | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.applied_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.assigned_date | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.policy_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.rule_set_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.settings_hash | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.policies.uninstall_protection | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.product_type_desc | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.provision_status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.reduced_functionality_mode | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.release_group | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.serial_number | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_major | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_pack_minor | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.service_provider_account_id | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.site_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.slow_changing_modified_timestamp | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.status | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_manufacturer | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.system_product_name | String | |
CrowdStrike.responsesPolicyMembersRespV1.resources.zone_group | String |
#
cs-query-detection-ids-by-filterRetrieve DetectionsIds that match the provided FQL filter, criteria with scrolling enabled.
#
Base Commandcs-query-detection-ids-by-filter
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum records to return. [1-500]. | Optional |
sort | The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc". | Optional |
filter_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-detectsSearch for detection IDs that match a given query.
#
Base Commandcs-query-detects
#
InputArgument Name | Description | Required |
---|---|---|
offset | The first detection to return, where 0 is the latest detection. Use with the limit meter to manage pagination of results. | Optional |
limit | The maximum number of detections to return in this response (default: 9999; max: 9999). Use with the offset meter to manage pagination of results. | Optional |
sort | Sort detections using these options: - first_behavior : Timestamp of the first behavior associated with this detection - last_behavior : Timestamp of the last behavior associated with this detection - max_severity : Highest severity of the behaviors associated with this detection - max_confidence : Highest confidence of the behaviors associated with this detection - adversary_id : ID of the adversary associated with this detection, if any - devices.hostname : Hostname of the host where this detection was detected Sort either asc (ascending) or desc (descending). For example: last_behavior\|asc . | Optional |
filter_ | Filter detections using a query in Falcon Query Language (FQL) An asterisk wildcard includes all results. Common filter options include: - status - device.device_id - max_severity The full list of valid filter options is extensive. Review it in our documentation inside the Falcon console. | Optional |
q | Search all detection metadata for the provided string. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-device-control-policiesSearch for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policy IDs which match the filter criteria.
#
Base Commandcs-query-device-control-policies
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. Possible values are: created_by.asc, created_by.desc, created_timestamp.asc, created_timestamp.desc, enabled.asc, enabled.desc, modified_by.asc, modified_by.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc, platform_name.asc, platform_name.desc, precedence.asc, precedence.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-device-control-policy-membersSearch for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria.
#
Base Commandcs-query-device-control-policy-members
#
InputArgument Name | Description | Required |
---|---|---|
id_ | The ID of the Device Control Policy to search for members of. | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-devices-by-filterSearch for hosts in your environment by platform, hostname, IP, and other criteria.
#
Base Commandcs-query-devices-by-filter
#
InputArgument Name | Description | Required |
---|---|---|
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by (e.g. status.desc or hostname.asc). | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-devices-by-filter-scrollSearch for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit).
#
Base Commandcs-query-devices-by-filter-scroll
#
InputArgument Name | Description | Required |
---|---|---|
offset | The offset to page from, for the next result set. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by (e.g. status.desc or hostname.asc). | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainDeviceResponse.errors.code | Number | |
CrowdStrike.domainDeviceResponse.errors.id | String | |
CrowdStrike.domainDeviceResponse.errors.message | String | |
CrowdStrike.domainDeviceResponse.errors.code | Number | |
CrowdStrike.domainDeviceResponse.errors.id | String | |
CrowdStrike.domainDeviceResponse.errors.message | String |
#
cs-query-escalations-filterRetrieve escalation tickets that match the provided filter criteria with scrolling enabled.
#
Base Commandcs-query-escalations-filter
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum records to return. [1-500]. | Optional |
sort | The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc". | Optional |
filter_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-firewall-policiesSearch for Firewall Policies in your environment by providing an FQL filter and paging details. Returns a set of Firewall Policy IDs which match the filter criteria.
#
Base Commandcs-query-firewall-policies
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. Possible values are: created_by.asc, created_by.desc, created_timestamp.asc, created_timestamp.desc, enabled.asc, enabled.desc, modified_by.asc, modified_by.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc, platform_name.asc, platform_name.desc, precedence.asc, precedence.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-firewall-policy-membersSearch for members of a Firewall Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria.
#
Base Commandcs-query-firewall-policy-members
#
InputArgument Name | Description | Required |
---|---|---|
id_ | The ID of the Firewall Policy to search for members of. | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-group-membersSearch for members of a Host Group in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria.
#
Base Commandcs-query-group-members
#
InputArgument Name | Description | Required |
---|---|---|
id_ | The ID of the Host Group to search for members of. | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-hidden-devicesRetrieve hidden hosts that match the provided filter criteria.
#
Base Commandcs-query-hidden-devices
#
InputArgument Name | Description | Required |
---|---|---|
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by (e.g. status.desc or hostname.asc). | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-host-groupsSearch for Host Groups in your environment by providing an FQL filter and paging details. Returns a set of Host Group IDs which match the filter criteria.
#
Base Commandcs-query-host-groups
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. Possible values are: created_by.asc, created_by.desc, created_timestamp.asc, created_timestamp.desc, group_type.asc, group_type.desc, modified_by.asc, modified_by.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-incident-ids-by-filterRetrieve incidents that match the provided filter criteria with scrolling enabled.
#
Base Commandcs-query-incident-ids-by-filter
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum records to return. [1-500]. | Optional |
sort | The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc". | Optional |
filter_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-incidentsSearch for incidents by providing an FQL filter, sorting, and paging details.
#
Base Commandcs-query-incidents
#
InputArgument Name | Description | Required |
---|---|---|
sort | The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc". Possible values are: assigned_to.asc, assigned_to.desc, assigned_to_name.asc, assigned_to_name.desc, end.asc, end.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc, sort_score.asc, sort_score.desc, start.asc, start.desc, state.asc, state.desc, status.asc, status.desc. | Optional |
filter_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
limit | The maximum records to return. [1-500]. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiMsaIncidentQueryResponse.errors.code | Number | |
CrowdStrike.apiMsaIncidentQueryResponse.errors.id | String | |
CrowdStrike.apiMsaIncidentQueryResponse.errors.message | String | |
CrowdStrike.apiMsaIncidentQueryResponse.errors.code | Number | |
CrowdStrike.apiMsaIncidentQueryResponse.errors.id | String | |
CrowdStrike.apiMsaIncidentQueryResponse.errors.message | String |
#
cs-query-intel-actor-entitiesGet info about actors that match provided FQL filters.
#
Base Commandcs-query-intel-actor-entities
#
InputArgument Name | Description | Required |
---|---|---|
offset | Set the starting row number to return actors from. Defaults to 0. | Optional |
limit | Set the number of actors to return. The value must be between 1 and 5000. | Optional |
sort | Order fields in ascending or descending order. Ex: created_date|asc. | Optional |
filter_ | Filter your query by specifying FQL filter meters. Filter meters include: actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. | Optional |
q | Perform a generic substring search across all fields. | Optional |
fields | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: __\ collection\ __. Ex: slug __full__. Defaults to __basic__. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainActorsResponse.errors.code | Number | |
CrowdStrike.domainActorsResponse.errors.id | String | |
CrowdStrike.domainActorsResponse.errors.message | String | |
CrowdStrike.domainActorsResponse.resources.active | Boolean | |
CrowdStrike.domainActorsResponse.resources.actor_type | String | |
CrowdStrike.domainActorsResponse.resources.created_date | Number | |
CrowdStrike.domainActorsResponse.resources.description | String | |
CrowdStrike.domainActorsResponse.resources.entitlements.id | Number | |
CrowdStrike.domainActorsResponse.resources.entitlements.name | String | |
CrowdStrike.domainActorsResponse.resources.entitlements.slug | String | |
CrowdStrike.domainActorsResponse.resources.entitlements.value | String | |
CrowdStrike.domainActorsResponse.resources.first_activity_date | Number | |
CrowdStrike.domainActorsResponse.resources.id | Number | |
CrowdStrike.domainActorsResponse.resources.known_as | String | |
CrowdStrike.domainActorsResponse.resources.last_activity_date | Number | |
CrowdStrike.domainActorsResponse.resources.last_modified_date | Number | |
CrowdStrike.domainActorsResponse.resources.motivations.id | Number | |
CrowdStrike.domainActorsResponse.resources.motivations.name | String | |
CrowdStrike.domainActorsResponse.resources.motivations.slug | String | |
CrowdStrike.domainActorsResponse.resources.motivations.value | String | |
CrowdStrike.domainActorsResponse.resources.name | String | |
CrowdStrike.domainActorsResponse.resources.notify_users | Boolean | |
CrowdStrike.domainActorsResponse.resources.origins.id | Number | |
CrowdStrike.domainActorsResponse.resources.origins.name | String | |
CrowdStrike.domainActorsResponse.resources.origins.slug | String | |
CrowdStrike.domainActorsResponse.resources.origins.value | String | |
CrowdStrike.domainActorsResponse.resources.rich_text_description | String | |
CrowdStrike.domainActorsResponse.resources.short_description | String | |
CrowdStrike.domainActorsResponse.resources.slug | String | |
CrowdStrike.domainActorsResponse.resources.target_countries.id | Number | |
CrowdStrike.domainActorsResponse.resources.target_countries.name | String | |
CrowdStrike.domainActorsResponse.resources.target_countries.slug | String | |
CrowdStrike.domainActorsResponse.resources.target_countries.value | String | |
CrowdStrike.domainActorsResponse.resources.target_industries.id | Number | |
CrowdStrike.domainActorsResponse.resources.target_industries.name | String | |
CrowdStrike.domainActorsResponse.resources.target_industries.slug | String | |
CrowdStrike.domainActorsResponse.resources.target_industries.value | String | |
CrowdStrike.domainActorsResponse.resources.url | String | |
CrowdStrike.domainActorsResponse.errors.code | Number | |
CrowdStrike.domainActorsResponse.errors.id | String | |
CrowdStrike.domainActorsResponse.errors.message | String | |
CrowdStrike.domainActorsResponse.resources.active | Boolean | |
CrowdStrike.domainActorsResponse.resources.actor_type | String | |
CrowdStrike.domainActorsResponse.resources.created_date | Number | |
CrowdStrike.domainActorsResponse.resources.description | String | |
CrowdStrike.domainActorsResponse.resources.entitlements.id | Number | |
CrowdStrike.domainActorsResponse.resources.entitlements.name | String | |
CrowdStrike.domainActorsResponse.resources.entitlements.slug | String | |
CrowdStrike.domainActorsResponse.resources.entitlements.value | String | |
CrowdStrike.domainActorsResponse.resources.first_activity_date | Number | |
CrowdStrike.domainActorsResponse.resources.id | Number | |
CrowdStrike.domainActorsResponse.resources.known_as | String | |
CrowdStrike.domainActorsResponse.resources.last_activity_date | Number | |
CrowdStrike.domainActorsResponse.resources.last_modified_date | Number | |
CrowdStrike.domainActorsResponse.resources.motivations.id | Number | |
CrowdStrike.domainActorsResponse.resources.motivations.name | String | |
CrowdStrike.domainActorsResponse.resources.motivations.slug | String | |
CrowdStrike.domainActorsResponse.resources.motivations.value | String | |
CrowdStrike.domainActorsResponse.resources.name | String | |
CrowdStrike.domainActorsResponse.resources.notify_users | Boolean | |
CrowdStrike.domainActorsResponse.resources.origins.id | Number | |
CrowdStrike.domainActorsResponse.resources.origins.name | String | |
CrowdStrike.domainActorsResponse.resources.origins.slug | String | |
CrowdStrike.domainActorsResponse.resources.origins.value | String | |
CrowdStrike.domainActorsResponse.resources.rich_text_description | String | |
CrowdStrike.domainActorsResponse.resources.short_description | String | |
CrowdStrike.domainActorsResponse.resources.slug | String | |
CrowdStrike.domainActorsResponse.resources.target_countries.id | Number | |
CrowdStrike.domainActorsResponse.resources.target_countries.name | String | |
CrowdStrike.domainActorsResponse.resources.target_countries.slug | String | |
CrowdStrike.domainActorsResponse.resources.target_countries.value | String | |
CrowdStrike.domainActorsResponse.resources.target_industries.id | Number | |
CrowdStrike.domainActorsResponse.resources.target_industries.name | String | |
CrowdStrike.domainActorsResponse.resources.target_industries.slug | String | |
CrowdStrike.domainActorsResponse.resources.target_industries.value | String | |
CrowdStrike.domainActorsResponse.resources.url | String |
#
cs-query-intel-actor-idsGet actor IDs that match provided FQL filters.
#
Base Commandcs-query-intel-actor-ids
#
InputArgument Name | Description | Required |
---|---|---|
offset | Set the starting row number to return actors IDs from. Defaults to 0. | Optional |
limit | Set the number of actor IDs to return. The value must be between 1 and 5000. | Optional |
sort | Order fields in ascending or descending order. Ex: created_date|asc. | Optional |
filter_ | Filter your query by specifying FQL filter meters. Filter meters include: actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. | Optional |
q | Perform a generic substring search across all fields. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-intel-indicator-entitiesGet info about indicators that match provided FQL filters.
#
Base Commandcs-query-intel-indicator-entities
#
InputArgument Name | Description | Required |
---|---|---|
offset | Set the starting row number to return indicators from. Defaults to 0. | Optional |
limit | Set the number of indicators to return. The number must be between 1 and 50000. | Optional |
sort | Order fields in ascending or descending order. Ex: published_date|asc. | Optional |
filter_ | Filter your query by specifying FQL filter meters. Filter meters include: _marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, targets, threat_types, type, vulnerabilities. | Optional |
q | Perform a generic substring search across all fields. | Optional |
include_deleted | If true, include both published and deleted indicators in the response. Defaults to false. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainPublicIndicatorsV3Response.errors.code | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.errors.id | String | |
CrowdStrike.domainPublicIndicatorsV3Response.errors.message | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources._marker | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.deleted | Boolean | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.id | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.indicator | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.labels.created_on | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.labels.last_valid_on | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.labels.name | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.last_updated | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.malicious_confidence | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.published_date | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.relations.created_date | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.relations.id | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.relations.indicator | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.relations.last_valid_date | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.relations.type | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.type | String | |
CrowdStrike.domainPublicIndicatorsV3Response.errors.code | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.errors.id | String | |
CrowdStrike.domainPublicIndicatorsV3Response.errors.message | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources._marker | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.deleted | Boolean | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.id | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.indicator | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.labels.created_on | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.labels.last_valid_on | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.labels.name | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.last_updated | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.malicious_confidence | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.published_date | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.relations.created_date | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.relations.id | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.relations.indicator | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.relations.last_valid_date | Number | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.relations.type | String | |
CrowdStrike.domainPublicIndicatorsV3Response.resources.type | String |
#
cs-query-intel-indicator-idsGet indicators IDs that match provided FQL filters.
#
Base Commandcs-query-intel-indicator-ids
#
InputArgument Name | Description | Required |
---|---|---|
offset | Set the starting row number to return indicator IDs from. Defaults to 0. | Optional |
limit | Set the number of indicator IDs to return. The number must be between 1 and 50000. | Optional |
sort | Order fields in ascending or descending order. Ex: published_date|asc. | Optional |
filter_ | Filter your query by specifying FQL filter meters. Filter meters include: _marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, targets, threat_types, type, vulnerabilities. | Optional |
q | Perform a generic substring search across all fields. | Optional |
include_deleted | If true, include both published and deleted indicators in the response. Defaults to false. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-intel-report-entitiesGet info about reports that match provided FQL filters.
#
Base Commandcs-query-intel-report-entities
#
InputArgument Name | Description | Required |
---|---|---|
offset | Set the starting row number to return reports from. Defaults to 0. | Optional |
limit | Set the number of reports to return. The value must be between 1 and 5000. | Optional |
sort | Order fields in ascending or descending order. Ex: created_date|asc. | Optional |
filter_ | Filter your query by specifying FQL filter meters. Filter meters include: actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. | Optional |
q | Perform a generic substring search across all fields. | Optional |
fields | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: __\ collection\ __. Ex: slug __full__. Defaults to __basic__. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainNewsResponse.errors.code | Number | |
CrowdStrike.domainNewsResponse.errors.id | String | |
CrowdStrike.domainNewsResponse.errors.message | String | |
CrowdStrike.domainNewsResponse.resources.active | Boolean | |
CrowdStrike.domainNewsResponse.resources.actors.id | Number | |
CrowdStrike.domainNewsResponse.resources.actors.name | String | |
CrowdStrike.domainNewsResponse.resources.actors.slug | String | |
CrowdStrike.domainNewsResponse.resources.actors.url | String | |
CrowdStrike.domainNewsResponse.resources.attachments.id | Number | |
CrowdStrike.domainNewsResponse.resources.attachments.url | String | |
CrowdStrike.domainNewsResponse.resources.created_date | Number | |
CrowdStrike.domainNewsResponse.resources.description | String | |
CrowdStrike.domainNewsResponse.resources.entitlements.id | Number | |
CrowdStrike.domainNewsResponse.resources.entitlements.name | String | |
CrowdStrike.domainNewsResponse.resources.entitlements.slug | String | |
CrowdStrike.domainNewsResponse.resources.entitlements.value | String | |
CrowdStrike.domainNewsResponse.resources.id | Number | |
CrowdStrike.domainNewsResponse.resources.last_modified_date | Number | |
CrowdStrike.domainNewsResponse.resources.motivations.id | Number | |
CrowdStrike.domainNewsResponse.resources.motivations.name | String | |
CrowdStrike.domainNewsResponse.resources.motivations.slug | String | |
CrowdStrike.domainNewsResponse.resources.motivations.value | String | |
CrowdStrike.domainNewsResponse.resources.name | String | |
CrowdStrike.domainNewsResponse.resources.notify_users | Boolean | |
CrowdStrike.domainNewsResponse.resources.rich_text_description | String | |
CrowdStrike.domainNewsResponse.resources.short_description | String | |
CrowdStrike.domainNewsResponse.resources.slug | String | |
CrowdStrike.domainNewsResponse.resources.tags.id | Number | |
CrowdStrike.domainNewsResponse.resources.tags.name | String | |
CrowdStrike.domainNewsResponse.resources.tags.slug | String | |
CrowdStrike.domainNewsResponse.resources.tags.value | String | |
CrowdStrike.domainNewsResponse.resources.target_countries.id | Number | |
CrowdStrike.domainNewsResponse.resources.target_countries.name | String | |
CrowdStrike.domainNewsResponse.resources.target_countries.slug | String | |
CrowdStrike.domainNewsResponse.resources.target_countries.value | String | |
CrowdStrike.domainNewsResponse.resources.target_industries.id | Number | |
CrowdStrike.domainNewsResponse.resources.target_industries.name | String | |
CrowdStrike.domainNewsResponse.resources.target_industries.slug | String | |
CrowdStrike.domainNewsResponse.resources.target_industries.value | String | |
CrowdStrike.domainNewsResponse.resources.url | String | |
CrowdStrike.domainNewsResponse.errors.code | Number | |
CrowdStrike.domainNewsResponse.errors.id | String | |
CrowdStrike.domainNewsResponse.errors.message | String | |
CrowdStrike.domainNewsResponse.resources.active | Boolean | |
CrowdStrike.domainNewsResponse.resources.actors.id | Number | |
CrowdStrike.domainNewsResponse.resources.actors.name | String | |
CrowdStrike.domainNewsResponse.resources.actors.slug | String | |
CrowdStrike.domainNewsResponse.resources.actors.url | String | |
CrowdStrike.domainNewsResponse.resources.attachments.id | Number | |
CrowdStrike.domainNewsResponse.resources.attachments.url | String | |
CrowdStrike.domainNewsResponse.resources.created_date | Number | |
CrowdStrike.domainNewsResponse.resources.description | String | |
CrowdStrike.domainNewsResponse.resources.entitlements.id | Number | |
CrowdStrike.domainNewsResponse.resources.entitlements.name | String | |
CrowdStrike.domainNewsResponse.resources.entitlements.slug | String | |
CrowdStrike.domainNewsResponse.resources.entitlements.value | String | |
CrowdStrike.domainNewsResponse.resources.id | Number | |
CrowdStrike.domainNewsResponse.resources.last_modified_date | Number | |
CrowdStrike.domainNewsResponse.resources.motivations.id | Number | |
CrowdStrike.domainNewsResponse.resources.motivations.name | String | |
CrowdStrike.domainNewsResponse.resources.motivations.slug | String | |
CrowdStrike.domainNewsResponse.resources.motivations.value | String | |
CrowdStrike.domainNewsResponse.resources.name | String | |
CrowdStrike.domainNewsResponse.resources.notify_users | Boolean | |
CrowdStrike.domainNewsResponse.resources.rich_text_description | String | |
CrowdStrike.domainNewsResponse.resources.short_description | String | |
CrowdStrike.domainNewsResponse.resources.slug | String | |
CrowdStrike.domainNewsResponse.resources.tags.id | Number | |
CrowdStrike.domainNewsResponse.resources.tags.name | String | |
CrowdStrike.domainNewsResponse.resources.tags.slug | String | |
CrowdStrike.domainNewsResponse.resources.tags.value | String | |
CrowdStrike.domainNewsResponse.resources.target_countries.id | Number | |
CrowdStrike.domainNewsResponse.resources.target_countries.name | String | |
CrowdStrike.domainNewsResponse.resources.target_countries.slug | String | |
CrowdStrike.domainNewsResponse.resources.target_countries.value | String | |
CrowdStrike.domainNewsResponse.resources.target_industries.id | Number | |
CrowdStrike.domainNewsResponse.resources.target_industries.name | String | |
CrowdStrike.domainNewsResponse.resources.target_industries.slug | String | |
CrowdStrike.domainNewsResponse.resources.target_industries.value | String | |
CrowdStrike.domainNewsResponse.resources.url | String |
#
cs-query-intel-report-idsGet report IDs that match provided FQL filters.
#
Base Commandcs-query-intel-report-ids
#
InputArgument Name | Description | Required |
---|---|---|
offset | Set the starting row number to return report IDs from. Defaults to 0. | Optional |
limit | Set the number of report IDs to return. The value must be between 1 and 5000. | Optional |
sort | Order fields in ascending or descending order. Ex: created_date|asc. | Optional |
filter_ | Filter your query by specifying FQL filter meters. Filter meters include: actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. | Optional |
q | Perform a generic substring search across all fields. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-intel-rule-idsSearch for rule IDs that match provided filter criteria.
#
Base Commandcs-query-intel-rule-ids
#
InputArgument Name | Description | Required |
---|---|---|
offset | Set the starting row number to return reports from. Defaults to 0. | Optional |
limit | The number of rule IDs to return. Defaults to 10. | Optional |
sort | Order fields in ascending or descending order. Ex: created_date|asc. | Optional |
name | Search by rule title. | Optional |
type_ | The rule news report type. Accepted values: snort-suricata-master snort-suricata-update snort-suricata-changelog yara-master yara-update yara-changelog common-event-format netwitness. | Required |
description | Substring match on description field. | Optional |
tags | Search for rule tags. | Optional |
min_created_date | Filter results to those created on or after a certain date. | Optional |
max_created_date | Filter results to those created on or before a certain date. | Optional |
q | Perform a generic substring search across all fields. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-notificationsv1Query notifications based on provided criteria. Use the IDs from this response to get the notification entities on GET /entities/notifications/v1 or GET /entities/notifications-detailed/v1.
#
Base Commandcs-query-notificationsv1
#
InputArgument Name | Description | Required |
---|---|---|
offset | Starting index of overall result set from which to return ids. | Optional |
limit | Number of ids to return. | Optional |
sort | Possible order by fields: created_date, updated_date. Ex: 'updated_date|desc'. | Optional |
filter_ | FQL query to filter notifications by. Possible filter properties are: [id cid user_uuid status rule_id rule_name rule_topic rule_priority item_type created_date updated_date]. | Optional |
q | Free text search across all indexed fields. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainQueryResponse.errors.code | Number | |
CrowdStrike.domainQueryResponse.errors.details.field | String | |
CrowdStrike.domainQueryResponse.errors.details.message | String | |
CrowdStrike.domainQueryResponse.errors.details.message_key | String | |
CrowdStrike.domainQueryResponse.errors.id | String | |
CrowdStrike.domainQueryResponse.errors.message | String | |
CrowdStrike.domainQueryResponse.errors.message_key | String | |
CrowdStrike.domainQueryResponse.errors.code | Number | |
CrowdStrike.domainQueryResponse.errors.details.field | String | |
CrowdStrike.domainQueryResponse.errors.details.message | String | |
CrowdStrike.domainQueryResponse.errors.details.message_key | String | |
CrowdStrike.domainQueryResponse.errors.id | String | |
CrowdStrike.domainQueryResponse.errors.message | String | |
CrowdStrike.domainQueryResponse.errors.message_key | String |
#
cs-query-prevention-policiesSearch for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policy IDs which match the filter criteria.
#
Base Commandcs-query-prevention-policies
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. Possible values are: created_by.asc, created_by.desc, created_timestamp.asc, created_timestamp.desc, enabled.asc, enabled.desc, modified_by.asc, modified_by.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc, platform_name.asc, platform_name.desc, precedence.asc, precedence.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-prevention-policy-membersSearch for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria.
#
Base Commandcs-query-prevention-policy-members
#
InputArgument Name | Description | Required |
---|---|---|
id_ | The ID of the Prevention Policy to search for members of. | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-remediations-filterRetrieve remediation tickets that match the provided filter criteria with scrolling enabled.
#
Base Commandcs-query-remediations-filter
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum records to return. [1-500]. | Optional |
sort | The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc". | Optional |
filter_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-reportsFind sandbox reports by providing an FQL filter and paging details. Returns a set of report IDs that match your criteria.
#
Base Commandcs-query-reports
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. | Optional |
offset | The offset to start retrieving reports from. | Optional |
limit | Maximum number of report IDs to return. Max: 5000. | Optional |
sort | Sort order: asc or desc . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-rolesQuery MSSP Role assignment. At least one of CID Group ID or User Group ID should also be provided. Role ID is optional.
#
Base Commandcs-query-roles
#
InputArgument Name | Description | Required |
---|---|---|
user_group_id | User Group ID to fetch MSSP role for. | Optional |
cid_group_id | CID Group ID to fetch MSSP role for. | Optional |
role_id | Role ID to fetch MSSP role for. | Optional |
sort | The sort expression used to sort the results. Possible values are: last_modified_timestamp. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
limit | Number of ids to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-rulesv1Query monitoring rules based on provided criteria. Use the IDs from this response to fetch the rules on /entities/rules/v1.
#
Base Commandcs-query-rulesv1
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERUUID | User UUID. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
limit | Number of ids to return. | Optional |
sort | Possible order by fields: created_timestamp, last_updated_timestamp. Ex: 'last_updated_timestamp|desc'. | Optional |
filter_ | FQL query to filter rules by. Possible filter properties are: [id cid user_uuid topic priority permissions filter status created_timestamp last_updated_timestamp]. | Optional |
q | Free text search across all indexed fields. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainRuleQueryResponseV1.errors.code | Number | |
CrowdStrike.domainRuleQueryResponseV1.errors.details.field | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.details.message | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.details.message_key | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.id | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.message | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.message_key | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.code | Number | |
CrowdStrike.domainRuleQueryResponseV1.errors.details.field | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.details.message | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.details.message_key | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.id | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.message | String | |
CrowdStrike.domainRuleQueryResponseV1.errors.message_key | String |
#
cs-query-samplev1Retrieves a list with sha256 of samples that exist and customer has rights to access them, maximum number of accepted items is 200.
#
Base Commandcs-query-samplev1
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERUUID | User UUID. | Optional |
samplestore_querysamplesrequest_sha256s | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-sensor-update-policiesSearch for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria.
#
Base Commandcs-query-sensor-update-policies
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. Possible values are: created_by.asc, created_by.desc, created_timestamp.asc, created_timestamp.desc, enabled.asc, enabled.desc, modified_by.asc, modified_by.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc, platform_name.asc, platform_name.desc, precedence.asc, precedence.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-sensor-update-policy-membersSearch for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria.
#
Base Commandcs-query-sensor-update-policy-members
#
InputArgument Name | Description | Required |
---|---|---|
id_ | The ID of the Sensor Update Policy to search for members of. | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-sensor-visibility-exclusionsv1Search for sensor visibility exclusions.
#
Base Commandcs-query-sensor-visibility-exclusionsv1
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-500]. | Optional |
sort | The sort expression that should be used to sort the results. Possible values are: applied_globally.asc, applied_globally.desc, created_by.asc, created_by.desc, created_on.asc, created_on.desc, last_modified.asc, last_modified.desc, modified_by.asc, modified_by.desc, value.asc, value.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-submissionsFind submission IDs for uploaded files by providing an FQL filter and paging details. Returns a set of submission IDs that match your criteria.
#
Base Commandcs-query-submissions
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. | Optional |
offset | The offset to start retrieving submissions from. | Optional |
limit | Maximum number of submission IDs to return. Max: 5000. | Optional |
sort | Sort order: asc or desc . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-submissions-mixin0Find IDs for submitted scans by providing an FQL filter and paging details. Returns a set of volume IDs that match your criteria.
#
Base Commandcs-query-submissions-mixin0
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. | Optional |
offset | The offset to start retrieving submissions from. | Optional |
limit | Maximum number of volume IDs to return. Max: 5000. | Optional |
sort | Sort order: asc or desc . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.mlscannerQueryResponse.errors.code | Number | |
CrowdStrike.mlscannerQueryResponse.errors.id | String | |
CrowdStrike.mlscannerQueryResponse.errors.message | String | |
CrowdStrike.mlscannerQueryResponse.errors.code | Number | |
CrowdStrike.mlscannerQueryResponse.errors.id | String | |
CrowdStrike.mlscannerQueryResponse.errors.message | String |
#
cs-query-user-group-membersQuery User Group member by User UUID.
#
Base Commandcs-query-user-group-members
#
InputArgument Name | Description | Required |
---|---|---|
user_uuid | User UUID to lookup associated user group ID. | Required |
sort | The sort expression used to sort the results. Possible values are: last_modified_timestamp. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
limit | Number of ids to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-user-groupsQuery User Groups.
#
Base Commandcs-query-user-groups
#
InputArgument Name | Description | Required |
---|---|---|
name | Name to lookup groups for. | Optional |
sort | The sort expression used to sort the results. Possible values are: last_modified_timestamp, name. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
limit | Number of ids to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-query-vulnerabilitiesSearch for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria.
#
Base Commandcs-query-vulnerabilities
#
InputArgument Name | Description | Required |
---|---|---|
after | A pagination token used with the limit meter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. | Optional |
limit | The number of items to return in this response (default: 100, max: 400). Use with the after meter to manage pagination of results. | Optional |
sort | Sort vulnerabilities by their properties. Common sort options include: ul li created_timestamp|desc /li li closed_timestamp|asc /li /ul. | Optional |
filter_ | Filter items using a query in Falcon Query Language (FQL). Wildcards are unsupported. Common filter options include: ul li created_timestamp: '2019-11-25T22:36:12Z' /li li closed_timestamp: '2019-11-25T22:36:12Z' /li li aid:'8e7656b27d8c49a34a1af416424d6231' /li /ul. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainSPAPIQueryVulnerabilitiesResponse.errors.code | Number | |
CrowdStrike.domainSPAPIQueryVulnerabilitiesResponse.errors.id | String | |
CrowdStrike.domainSPAPIQueryVulnerabilitiesResponse.errors.message | String | |
CrowdStrike.domainSPAPIQueryVulnerabilitiesResponse.errors.code | Number | |
CrowdStrike.domainSPAPIQueryVulnerabilitiesResponse.errors.id | String | |
CrowdStrike.domainSPAPIQueryVulnerabilitiesResponse.errors.message | String |
#
cs-queryaws-accountsSearch for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria.
#
Base Commandcs-queryaws-accounts
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum records to return. [1-500]. Defaults to 100. | Optional |
offset | The offset to start retrieving records from. | Optional |
sort | The property to sort by (e.g. alias.desc or state.asc). | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.modelsAWSAccountsV1.errors.code | Number | |
CrowdStrike.modelsAWSAccountsV1.errors.id | String | |
CrowdStrike.modelsAWSAccountsV1.errors.message | String | |
CrowdStrike.modelsAWSAccountsV1.resources.alias | String | Alias/Name associated with the account. This is only updated once the account is in a registered state. |
CrowdStrike.modelsAWSAccountsV1.resources.cid | String | |
CrowdStrike.modelsAWSAccountsV1.resources.cloudformation_stack_id | String | Unique identifier for the cloudformation stack id used for provisioning. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudformation_url | String | URL of the CloudFormation template to execute. This is returned when mode is to set 'cloudformation' when provisioning. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudtrail_bucket_owner_id | String | The 12 digit AWS account which is hosting the S3 bucket containing cloudtrail logs for this account. If this field is set, it takes precedence of the settings level field. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudtrail_bucket_region | String | Region where the S3 bucket containing cloudtrail logs resides. This is only set if using cloudformation to provision and create the trail. |
CrowdStrike.modelsAWSAccountsV1.resources.created_timestamp | String | Timestamp of when the account was first provisioned within CrowdStrike's system.' |
CrowdStrike.modelsAWSAccountsV1.resources.external_id | String | ID assigned for use with cross account IAM role access. |
CrowdStrike.modelsAWSAccountsV1.resources.iam_role_arn | String | The full arn of the IAM role created in this account to control access. |
CrowdStrike.modelsAWSAccountsV1.resources.id | String | 12 digit AWS provided unique identifier for the account. |
CrowdStrike.modelsAWSAccountsV1.resources.last_modified_timestamp | String | Timestamp of when the account was last modified. |
CrowdStrike.modelsAWSAccountsV1.resources.last_scanned_timestamp | String | Timestamp of when the account was scanned. |
CrowdStrike.modelsAWSAccountsV1.resources.policy_version | String | Current version of permissions associated with IAM role and granted access. |
CrowdStrike.modelsAWSAccountsV1.resources.provisioning_state | String | Provisioning state of the account. Values can be; initiated, registered, unregistered. |
CrowdStrike.modelsAWSAccountsV1.resources.rate_limit_reqs | Number | Rate limiting setting to control the maximum number of requests that can be made within the rate_limit_time duration. |
CrowdStrike.modelsAWSAccountsV1.resources.rate_limit_time | Number | Rate limiting setting to control the number of seconds for which rate_limit_reqs applies. |
CrowdStrike.modelsAWSAccountsV1.resources.template_version | String | Current version of cloudformation template used to manage access. |
CrowdStrike.modelsAWSAccountsV1.errors.code | Number | |
CrowdStrike.modelsAWSAccountsV1.errors.id | String | |
CrowdStrike.modelsAWSAccountsV1.errors.message | String | |
CrowdStrike.modelsAWSAccountsV1.resources.alias | String | Alias/Name associated with the account. This is only updated once the account is in a registered state. |
CrowdStrike.modelsAWSAccountsV1.resources.cid | String | |
CrowdStrike.modelsAWSAccountsV1.resources.cloudformation_stack_id | String | Unique identifier for the cloudformation stack id used for provisioning. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudformation_url | String | URL of the CloudFormation template to execute. This is returned when mode is to set 'cloudformation' when provisioning. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudtrail_bucket_owner_id | String | The 12 digit AWS account which is hosting the S3 bucket containing cloudtrail logs for this account. If this field is set, it takes precedence of the settings level field. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudtrail_bucket_region | String | Region where the S3 bucket containing cloudtrail logs resides. This is only set if using cloudformation to provision and create the trail. |
CrowdStrike.modelsAWSAccountsV1.resources.created_timestamp | String | Timestamp of when the account was first provisioned within CrowdStrike's system.' |
CrowdStrike.modelsAWSAccountsV1.resources.external_id | String | ID assigned for use with cross account IAM role access. |
CrowdStrike.modelsAWSAccountsV1.resources.iam_role_arn | String | The full arn of the IAM role created in this account to control access. |
CrowdStrike.modelsAWSAccountsV1.resources.id | String | 12 digit AWS provided unique identifier for the account. |
CrowdStrike.modelsAWSAccountsV1.resources.last_modified_timestamp | String | Timestamp of when the account was last modified. |
CrowdStrike.modelsAWSAccountsV1.resources.last_scanned_timestamp | String | Timestamp of when the account was scanned. |
CrowdStrike.modelsAWSAccountsV1.resources.policy_version | String | Current version of permissions associated with IAM role and granted access. |
CrowdStrike.modelsAWSAccountsV1.resources.provisioning_state | String | Provisioning state of the account. Values can be; initiated, registered, unregistered. |
CrowdStrike.modelsAWSAccountsV1.resources.rate_limit_reqs | Number | Rate limiting setting to control the maximum number of requests that can be made within the rate_limit_time duration. |
CrowdStrike.modelsAWSAccountsV1.resources.rate_limit_time | Number | Rate limiting setting to control the number of seconds for which rate_limit_reqs applies. |
CrowdStrike.modelsAWSAccountsV1.resources.template_version | String | Current version of cloudformation template used to manage access. |
#
cs-queryaws-accounts-fori-dsSearch for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria.
#
Base Commandcs-queryaws-accounts-fori-ds
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum records to return. [1-500]. Defaults to 100. | Optional |
offset | The offset to start retrieving records from. | Optional |
sort | The property to sort by (e.g. alias.desc or state.asc). | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-querycid-group-membersQuery a CID Groups members by associated CID.
#
Base Commandcs-querycid-group-members
#
InputArgument Name | Description | Required |
---|---|---|
cid | CID to lookup associated CID group ID. | Required |
sort | The sort expression used to sort the results. Possible values are: last_modified_timestamp. | Optional |
offset | Starting index of overall result set from which to return id. | Optional |
limit | Number of ids to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-querycid-groupsQuery CID Groups.
#
Base Commandcs-querycid-groups
#
InputArgument Name | Description | Required |
---|---|---|
name | Name to lookup groups for. | Optional |
sort | The sort expression used to sort the results. Possible values are: last_modified_timestamp, name. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
limit | Number of ids to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-queryeventsFind all event IDs matching the query with filter.
#
Base Commandcs-queryevents
#
InputArgument Name | Description | Required |
---|---|---|
sort | Possible order by fields:. | Optional |
filter_ | FQL query specifying the filter meters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | Optional |
q | Match query criteria, which includes all the filter string fields, plus TODO. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
after | A pagination token used with the limit meter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. | Optional |
limit | Number of ids to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiQueryResponse.errors.code | Number | |
CrowdStrike.fwmgrapiQueryResponse.errors.id | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.message | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.code | Number | |
CrowdStrike.fwmgrapiQueryResponse.errors.id | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.message | String |
#
cs-queryfirewallfieldsGet the firewall field specification IDs for the provided platform.
#
Base Commandcs-queryfirewallfields
#
InputArgument Name | Description | Required |
---|---|---|
platform_id | Get fields configuration for this platform. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
limit | Number of ids to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrmsaQueryResponse.errors.code | Number | |
CrowdStrike.fwmgrmsaQueryResponse.errors.id | String | |
CrowdStrike.fwmgrmsaQueryResponse.errors.message | String | |
CrowdStrike.fwmgrmsaQueryResponse.errors.code | Number | |
CrowdStrike.fwmgrmsaQueryResponse.errors.id | String | |
CrowdStrike.fwmgrmsaQueryResponse.errors.message | String |
#
cs-queryio-cs#
Base Commandcs-queryio-cs
#
InputArgument Name | Description | Required |
---|---|---|
types | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. . | Optional |
values | The string representation of the indicator. | Optional |
from_expiration_timestamp | Find custom IOCs created after this time (RFC-3339 timestamp). | Optional |
to_expiration_timestamp | Find custom IOCs created before this time (RFC-3339 timestamp). | Optional |
policies | \ndetect: Find custom IOCs that produce notifications\n\nnone: Find custom IOCs the particular indicator has been detected on a host. This is equivalent to turning the indicator off. . | Optional |
sources | The source where this indicator originated. This can be used for tracking where this indicator was defined. Limit 200 characters. | Optional |
share_levels | The level at which the indicator will be shared. Currently only red share level (not shared) is supported, indicating that the IOC isn't shared with other FH customers. | Optional |
created_by | created_by. | Optional |
deleted_by | The user or API client who deleted the custom IOC. | Optional |
include_deleted | true: Include deleted IOCs false: Don't include deleted IOCs (default). | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiMsaReplyIOCIDs.errors.code | Number | |
CrowdStrike.apiMsaReplyIOCIDs.errors.id | String | |
CrowdStrike.apiMsaReplyIOCIDs.errors.message | String | |
CrowdStrike.apiMsaReplyIOCIDs.errors.code | Number | |
CrowdStrike.apiMsaReplyIOCIDs.errors.id | String | |
CrowdStrike.apiMsaReplyIOCIDs.errors.message | String |
#
cs-queryioa-exclusionsv1Search for IOA exclusions.
#
Base Commandcs-queryioa-exclusionsv1
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-500]. | Optional |
sort | The sort expression that should be used to sort the results. Possible values are: applied_globally.asc, applied_globally.desc, created_by.asc, created_by.desc, created_on.asc, created_on.desc, last_modified.asc, last_modified.desc, modified_by.asc, modified_by.desc, name.asc, name.desc, pattern_id.asc, pattern_id.desc, pattern_name.asc, pattern_name.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-queryml-exclusionsv1Search for ML exclusions.
#
Base Commandcs-queryml-exclusionsv1
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-500]. | Optional |
sort | The sort expression that should be used to sort the results. Possible values are: applied_globally.asc, applied_globally.desc, created_by.asc, created_by.desc, created_on.asc, created_on.desc, last_modified.asc, last_modified.desc, modified_by.asc, modified_by.desc, value.asc, value.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-querypatternsGet all pattern severity IDs.
#
Base Commandcs-querypatterns
#
InputArgument Name | Description | Required |
---|---|---|
offset | Starting index of overall result set from which to return IDs. | Optional |
limit | Number of IDs to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-queryplatformsGet the list of platform names.
#
Base Commandcs-queryplatforms
#
InputArgument Name | Description | Required |
---|---|---|
offset | Starting index of overall result set from which to return ids. | Optional |
limit | Number of ids to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrmsaQueryResponse.errors.code | Number | |
CrowdStrike.fwmgrmsaQueryResponse.errors.id | String | |
CrowdStrike.fwmgrmsaQueryResponse.errors.message | String | |
CrowdStrike.fwmgrmsaQueryResponse.errors.code | Number | |
CrowdStrike.fwmgrmsaQueryResponse.errors.id | String | |
CrowdStrike.fwmgrmsaQueryResponse.errors.message | String |
#
cs-queryplatforms-mixin0Get all platform IDs.
#
Base Commandcs-queryplatforms-mixin0
#
InputArgument Name | Description | Required |
---|---|---|
offset | Starting index of overall result set from which to return IDs. | Optional |
limit | Number of IDs to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-querypolicyrulesFind all firewall rule IDs matching the query with filter, and return them in precedence order.
#
Base Commandcs-querypolicyrules
#
InputArgument Name | Description | Required |
---|---|---|
id_ | The ID of the policy container within which to query. | Optional |
sort | Possible order by fields:. | Optional |
filter_ | FQL query specifying the filter meters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | Optional |
q | Match query criteria, which includes all the filter string fields, plus TODO. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
limit | Number of ids to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiQueryResponse.errors.code | Number | |
CrowdStrike.fwmgrapiQueryResponse.errors.id | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.message | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.code | Number | |
CrowdStrike.fwmgrapiQueryResponse.errors.id | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.message | String |
#
cs-queryrt-response-policiesSearch for Response Policies in your environment by providing an FQL filter with sort and/or paging details. This returns a set of Response Policy IDs that match the given criteria.
#
Base Commandcs-queryrt-response-policies
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | The filter expression that should be used to determine the results. | Optional |
offset | The offset of the first record to retrieve from. | Optional |
limit | The maximum number of records to return [1-5000]. | Optional |
sort | The property to sort results by. Possible values are: created_by.asc, created_by.desc, created_timestamp.asc, created_timestamp.desc, enabled.asc, enabled.desc, modified_by.asc, modified_by.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc, platform_name.asc, platform_name.desc, precedence.asc, precedence.desc. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-queryrt-response-policy-membersSearch for members of a Response policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria.
#
Base Commandcs-queryrt-response-policy-members
#
InputArgument Name | Description | Required |
---|---|---|
id_ | The ID of the Response policy to search for members of. | Optional |
filter_ | The filter expression that should be used to limit the results. | Optional |
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-5000]. | Optional |
sort | The property to sort by. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-queryrulegroupsFind all rule group IDs matching the query with filter.
#
Base Commandcs-queryrulegroups
#
InputArgument Name | Description | Required |
---|---|---|
sort | Possible order by fields:. | Optional |
filter_ | FQL query specifying the filter meters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | Optional |
q | Match query criteria, which includes all the filter string fields, plus TODO. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
after | A pagination token used with the limit meter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. | Optional |
limit | Number of ids to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiQueryResponse.errors.code | Number | |
CrowdStrike.fwmgrapiQueryResponse.errors.id | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.message | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.code | Number | |
CrowdStrike.fwmgrapiQueryResponse.errors.id | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.message | String |
#
cs-queryrulegroups-mixin0Finds all rule group IDs matching the query with optional filter.
#
Base Commandcs-queryrulegroups-mixin0
#
InputArgument Name | Description | Required |
---|---|---|
sort | Possible order by fields: {created_by, created_on, modified_by, modified_on, enabled, name, description}. Possible values are: created_by, created_on, description, enabled, modified_by, modified_on, name. | Optional |
filter_ | FQL query specifying the filter meters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | Optional |
q | Match query criteria, which includes all the filter string fields. | Optional |
offset | Starting index of overall result set from which to return IDs. | Optional |
limit | Number of IDs to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-queryrulegroupsfullFind all rule groups matching the query with optional filter.
#
Base Commandcs-queryrulegroupsfull
#
InputArgument Name | Description | Required |
---|---|---|
sort | Possible order by fields: {created_by, created_on, modified_by, modified_on, enabled, name, description}. Possible values are: created_by, created_on, description, enabled, modified_by, modified_on, name. | Optional |
filter_ | FQL query specifying the filter meters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | Optional |
q | Match query criteria, which includes all the filter string fields. | Optional |
offset | Starting index of overall result set from which to return IDs. | Optional |
limit | Number of IDs to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-queryrulesFind all rule IDs matching the query with filter.
#
Base Commandcs-queryrules
#
InputArgument Name | Description | Required |
---|---|---|
sort | Possible order by fields:. | Optional |
filter_ | FQL query specifying the filter meters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | Optional |
q | Match query criteria, which includes all the filter string fields, plus TODO. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
after | A pagination token used with the limit meter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. | Optional |
limit | Number of ids to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiQueryResponse.errors.code | Number | |
CrowdStrike.fwmgrapiQueryResponse.errors.id | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.message | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.code | Number | |
CrowdStrike.fwmgrapiQueryResponse.errors.id | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.message | String |
#
cs-queryrules-mixin0Finds all rule IDs matching the query with optional filter.
#
Base Commandcs-queryrules-mixin0
#
InputArgument Name | Description | Required |
---|---|---|
sort | Possible order by fields: {rules.ruletype_name, rules.enabled, rules.created_by, rules.current_version.name, rules.current_version.modified_by, rules.created_on, rules.current_version.description, rules.current_version.pattern_severity, rules.current_version.action_label, rules.current_version.modified_on}. Possible values are: rules.created_by, rules.created_on, rules.current_version.action_label, rules.current_version.description, rules.current_version.modified_by, rules.current_version.modified_on, rules.current_version.name, rules.current_version.pattern_severity, rules.enabled, rules.ruletype_name. | Optional |
filter_ | FQL query specifying the filter meters. Filter term criteria: [enabled platform name description rules.action_label rules.name rules.description rules.pattern_severity rules.ruletype_name rules.enabled]. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | Optional |
q | Match query criteria, which includes all the filter string fields. | Optional |
offset | Starting index of overall result set from which to return IDs. | Optional |
limit | Number of IDs to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-queryruletypesGet all rule type IDs.
#
Base Commandcs-queryruletypes
#
InputArgument Name | Description | Required |
---|---|---|
offset | Starting index of overall result set from which to return IDs. | Optional |
limit | Number of IDs to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-refresh-active-stream-sessionRefresh an active event stream. Use the URL shown in a GET /sensors/entities/datafeed/v2 response.
#
Base Commandcs-refresh-active-stream-session
#
InputArgument Name | Description | Required |
---|---|---|
action_name | Action name. Allowed value is refresh_active_stream_session. | Required |
appId | Label that identifies your connection. Max: 32 alphanumeric characters (a-z, A-Z, 0-9). | Required |
partition | Partition to request data for. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String | |
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String |
#
cs-regenerateapi-keyRegenerate API key for docker registry integrations.
#
Base Commandcs-regenerateapi-key
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.k8sregRegenAPIKeyResp.errors.code | Number | |
CrowdStrike.k8sregRegenAPIKeyResp.errors.id | String | |
CrowdStrike.k8sregRegenAPIKeyResp.errors.message | String | |
CrowdStrike.k8sregRegenAPIKeyResp.resources.api_key | String | |
CrowdStrike.k8sregRegenAPIKeyResp.errors.code | Number | |
CrowdStrike.k8sregRegenAPIKeyResp.errors.id | String | |
CrowdStrike.k8sregRegenAPIKeyResp.errors.message | String | |
CrowdStrike.k8sregRegenAPIKeyResp.resources.api_key | String |
#
cs-retrieve-emails-bycidList the usernames (usually an email address) for all users in your customer account.
#
Base Commandcs-retrieve-emails-bycid
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-retrieve-userGet info about a user.
#
Base Commandcs-retrieve-user
#
InputArgument Name | Description | Required |
---|---|---|
ids | ID of a user. Find a user's ID from /users/entities/user/v1 . | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainUserMetaDataResponse.errors.code | Number | |
CrowdStrike.domainUserMetaDataResponse.errors.id | String | |
CrowdStrike.domainUserMetaDataResponse.errors.message | String | |
CrowdStrike.domainUserMetaDataResponse.resources.customer | String | |
CrowdStrike.domainUserMetaDataResponse.resources.firstName | String | |
CrowdStrike.domainUserMetaDataResponse.resources.lastName | String | |
CrowdStrike.domainUserMetaDataResponse.resources.uid | String | |
CrowdStrike.domainUserMetaDataResponse.resources.uuid | String | |
CrowdStrike.domainUserMetaDataResponse.errors.code | Number | |
CrowdStrike.domainUserMetaDataResponse.errors.id | String | |
CrowdStrike.domainUserMetaDataResponse.errors.message | String | |
CrowdStrike.domainUserMetaDataResponse.resources.customer | String | |
CrowdStrike.domainUserMetaDataResponse.resources.firstName | String | |
CrowdStrike.domainUserMetaDataResponse.resources.lastName | String | |
CrowdStrike.domainUserMetaDataResponse.resources.uid | String | |
CrowdStrike.domainUserMetaDataResponse.resources.uuid | String |
#
cs-retrieve-useruui-ds-bycidList user IDs for all users in your customer account. For more information on each user, provide the user ID to /users/entities/user/v1
.
#
Base Commandcs-retrieve-useruui-ds-bycid
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-retrieve-useruuidGet a user's ID by providing a username (usually an email address).
#
Base Commandcs-retrieve-useruuid
#
InputArgument Name | Description | Required |
---|---|---|
uid | A username. This is usually the user's email address, but may vary based on your configuration. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-reveal-uninstall-tokenReveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value 'MAINTENANCE' as the value for 'device_id'.
#
Base Commandcs-reveal-uninstall-token
#
InputArgument Name | Description | Required |
---|---|---|
requests_revealuninstalltokenv1_audit_message | An optional message to append to the recorded audit log. | Optional |
requests_revealuninstalltokenv1_device_id | The id of the device to reveal the token for. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesRevealUninstallTokenRespV1.errors.code | Number | |
CrowdStrike.responsesRevealUninstallTokenRespV1.errors.id | String | |
CrowdStrike.responsesRevealUninstallTokenRespV1.errors.message | String | |
CrowdStrike.responsesRevealUninstallTokenRespV1.resources.device_id | String | The device the token belongs to. |
CrowdStrike.responsesRevealUninstallTokenRespV1.resources.seed_id | Number | The seedID of the uninstall token. |
CrowdStrike.responsesRevealUninstallTokenRespV1.resources.uninstall_token | String | The uninstall token. |
CrowdStrike.responsesRevealUninstallTokenRespV1.errors.code | Number | |
CrowdStrike.responsesRevealUninstallTokenRespV1.errors.id | String | |
CrowdStrike.responsesRevealUninstallTokenRespV1.errors.message | String | |
CrowdStrike.responsesRevealUninstallTokenRespV1.resources.device_id | String | The device the token belongs to. |
CrowdStrike.responsesRevealUninstallTokenRespV1.resources.seed_id | Number | The seedID of the uninstall token. |
CrowdStrike.responsesRevealUninstallTokenRespV1.resources.uninstall_token | String | The uninstall token. |
#
cs-revoke-user-role-idsRevoke one or more roles from a user.
#
Base Commandcs-revoke-user-role-ids
#
InputArgument Name | Description | Required |
---|---|---|
user_uuid | ID of a user. Find a user's ID from /users/entities/user/v1 . | Required |
ids | One or more role IDs to revoke. Find a role's ID from /users/queries/roles/v1 . | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainUserRoleIDsResponse.errors.code | Number | |
CrowdStrike.domainUserRoleIDsResponse.errors.id | String | |
CrowdStrike.domainUserRoleIDsResponse.errors.message | String | |
CrowdStrike.domainUserRoleIDsResponse.errors.code | Number | |
CrowdStrike.domainUserRoleIDsResponse.errors.id | String | |
CrowdStrike.domainUserRoleIDsResponse.errors.message | String |
#
cs-rtr-aggregate-sessionsGet aggregates on session data.
#
Base Commandcs-rtr-aggregate-sessions
#
InputArgument Name | Description | Required |
---|---|---|
msa_aggregatequeryrequest_date_ranges | Required | |
msa_aggregatequeryrequest_field | Required | |
msa_aggregatequeryrequest_filter | Required | |
msa_aggregatequeryrequest_interval | Required | |
msa_aggregatequeryrequest_min_doc_count | Required | |
msa_aggregatequeryrequest_missing | Required | |
msa_aggregatequeryrequest_name | Required | |
msa_aggregatequeryrequest_q | Required | |
msa_aggregatequeryrequest_ranges | Required | |
msa_aggregatequeryrequest_size | Required | |
msa_aggregatequeryrequest_sort | Required | |
msa_aggregatequeryrequest_sub_aggregates | Required | |
msa_aggregatequeryrequest_time_zone | Required | |
msa_aggregatequeryrequest_type | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaAggregatesResponse.errors.code | Number | |
CrowdStrike.msaAggregatesResponse.errors.id | String | |
CrowdStrike.msaAggregatesResponse.errors.message | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.msaAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.name | String | |
CrowdStrike.msaAggregatesResponse.resources.sum_other_doc_count | Number | |
CrowdStrike.msaAggregatesResponse.errors.code | Number | |
CrowdStrike.msaAggregatesResponse.errors.id | String | |
CrowdStrike.msaAggregatesResponse.errors.message | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.count | Number | |
CrowdStrike.msaAggregatesResponse.resources.buckets.from | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.key_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_from | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.string_to | String | |
CrowdStrike.msaAggregatesResponse.resources.buckets.to | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value | Unknown | |
CrowdStrike.msaAggregatesResponse.resources.buckets.value_as_string | String | |
CrowdStrike.msaAggregatesResponse.resources.name | String | |
CrowdStrike.msaAggregatesResponse.resources.sum_other_doc_count | Number |
#
cs-rtr-check-active-responder-command-statusGet status of an executed active-responder command on a single host.
#
Base Commandcs-rtr-check-active-responder-command-status
#
InputArgument Name | Description | Required |
---|---|---|
cloud_request_id | Cloud Request ID of the executed command to query. | Required |
sequence_id | Sequence ID that we want to retrieve. Command responses are chunked across sequences. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainStatusResponseWrapper.errors.code | Number | |
CrowdStrike.domainStatusResponseWrapper.errors.id | String | |
CrowdStrike.domainStatusResponseWrapper.errors.message | String | |
CrowdStrike.domainStatusResponseWrapper.resources.base_command | String | |
CrowdStrike.domainStatusResponseWrapper.resources.complete | Boolean | |
CrowdStrike.domainStatusResponseWrapper.resources.sequence_id | Number | |
CrowdStrike.domainStatusResponseWrapper.resources.session_id | String | |
CrowdStrike.domainStatusResponseWrapper.resources.stderr | String | |
CrowdStrike.domainStatusResponseWrapper.resources.stdout | String | |
CrowdStrike.domainStatusResponseWrapper.resources.task_id | String | |
CrowdStrike.domainStatusResponseWrapper.errors.code | Number | |
CrowdStrike.domainStatusResponseWrapper.errors.id | String | |
CrowdStrike.domainStatusResponseWrapper.errors.message | String | |
CrowdStrike.domainStatusResponseWrapper.resources.base_command | String | |
CrowdStrike.domainStatusResponseWrapper.resources.complete | Boolean | |
CrowdStrike.domainStatusResponseWrapper.resources.sequence_id | Number | |
CrowdStrike.domainStatusResponseWrapper.resources.session_id | String | |
CrowdStrike.domainStatusResponseWrapper.resources.stderr | String | |
CrowdStrike.domainStatusResponseWrapper.resources.stdout | String | |
CrowdStrike.domainStatusResponseWrapper.resources.task_id | String |
#
cs-rtr-check-admin-command-statusGet status of an executed RTR administrator command on a single host.
#
Base Commandcs-rtr-check-admin-command-status
#
InputArgument Name | Description | Required |
---|---|---|
cloud_request_id | Cloud Request ID of the executed command to query. | Required |
sequence_id | Sequence ID that we want to retrieve. Command responses are chunked across sequences. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainStatusResponseWrapper.errors.code | Number | |
CrowdStrike.domainStatusResponseWrapper.errors.id | String | |
CrowdStrike.domainStatusResponseWrapper.errors.message | String | |
CrowdStrike.domainStatusResponseWrapper.resources.base_command | String | |
CrowdStrike.domainStatusResponseWrapper.resources.complete | Boolean | |
CrowdStrike.domainStatusResponseWrapper.resources.sequence_id | Number | |
CrowdStrike.domainStatusResponseWrapper.resources.session_id | String | |
CrowdStrike.domainStatusResponseWrapper.resources.stderr | String | |
CrowdStrike.domainStatusResponseWrapper.resources.stdout | String | |
CrowdStrike.domainStatusResponseWrapper.resources.task_id | String | |
CrowdStrike.domainStatusResponseWrapper.errors.code | Number | |
CrowdStrike.domainStatusResponseWrapper.errors.id | String | |
CrowdStrike.domainStatusResponseWrapper.errors.message | String | |
CrowdStrike.domainStatusResponseWrapper.resources.base_command | String | |
CrowdStrike.domainStatusResponseWrapper.resources.complete | Boolean | |
CrowdStrike.domainStatusResponseWrapper.resources.sequence_id | Number | |
CrowdStrike.domainStatusResponseWrapper.resources.session_id | String | |
CrowdStrike.domainStatusResponseWrapper.resources.stderr | String | |
CrowdStrike.domainStatusResponseWrapper.resources.stdout | String | |
CrowdStrike.domainStatusResponseWrapper.resources.task_id | String |
#
cs-rtr-check-command-statusGet status of an executed command on a single host.
#
Base Commandcs-rtr-check-command-status
#
InputArgument Name | Description | Required |
---|---|---|
cloud_request_id | Cloud Request ID of the executed command to query. | Required |
sequence_id | Sequence ID that we want to retrieve. Command responses are chunked across sequences. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainStatusResponseWrapper.errors.code | Number | |
CrowdStrike.domainStatusResponseWrapper.errors.id | String | |
CrowdStrike.domainStatusResponseWrapper.errors.message | String | |
CrowdStrike.domainStatusResponseWrapper.resources.base_command | String | |
CrowdStrike.domainStatusResponseWrapper.resources.complete | Boolean | |
CrowdStrike.domainStatusResponseWrapper.resources.sequence_id | Number | |
CrowdStrike.domainStatusResponseWrapper.resources.session_id | String | |
CrowdStrike.domainStatusResponseWrapper.resources.stderr | String | |
CrowdStrike.domainStatusResponseWrapper.resources.stdout | String | |
CrowdStrike.domainStatusResponseWrapper.resources.task_id | String | |
CrowdStrike.domainStatusResponseWrapper.errors.code | Number | |
CrowdStrike.domainStatusResponseWrapper.errors.id | String | |
CrowdStrike.domainStatusResponseWrapper.errors.message | String | |
CrowdStrike.domainStatusResponseWrapper.resources.base_command | String | |
CrowdStrike.domainStatusResponseWrapper.resources.complete | Boolean | |
CrowdStrike.domainStatusResponseWrapper.resources.sequence_id | Number | |
CrowdStrike.domainStatusResponseWrapper.resources.session_id | String | |
CrowdStrike.domainStatusResponseWrapper.resources.stderr | String | |
CrowdStrike.domainStatusResponseWrapper.resources.stdout | String | |
CrowdStrike.domainStatusResponseWrapper.resources.task_id | String |
#
cs-rtr-create-put-filesUpload a new put-file to use for the RTR put
command.
#
Base Commandcs-rtr-create-put-files
#
InputArgument Name | Description | Required |
---|---|---|
file | put-file to upload. | Required |
description | File description. | Required |
name | File name (if different than actual file name). | Optional |
comments_for_audit_log | The audit log comment. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String | |
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String |
#
cs-rtr-create-scriptsUpload a new custom-script to use for the RTR runscript
command.
#
Base Commandcs-rtr-create-scripts
#
InputArgument Name | Description | Required |
---|---|---|
file | custom-script file to upload. These should be powershell scripts. | Optional |
description | File description. | Required |
name | File name (if different than actual file name). | Optional |
comments_for_audit_log | The audit log comment. | Optional |
permission_type | Permission for the custom-script. Valid permission values: - private , usable by only the user who uploaded it - group , usable by all RTR Admins - public , usable by all active-responders and RTR admins. | Required |
content | The script text that you want to use to upload. | Optional |
platform | Platforms for the file. Currently supports: windows, mac, linux, . If no platform is provided, it will default to 'windows'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String | |
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String |
#
cs-rtr-delete-fileDelete a RTR session file.
#
Base Commandcs-rtr-delete-file
#
InputArgument Name | Description | Required |
---|---|---|
ids | RTR Session file id. | Required |
session_id | RTR Session id. | Required |
#
Context OutputThere is no context output for this command.
#
cs-rtr-delete-put-filesDelete a put-file based on the ID given. Can only delete one file at a time.
#
Base Commandcs-rtr-delete-put-files
#
InputArgument Name | Description | Required |
---|---|---|
ids | File id. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String | |
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String |
#
cs-rtr-delete-queued-sessionDelete a queued session command.
#
Base Commandcs-rtr-delete-queued-session
#
InputArgument Name | Description | Required |
---|---|---|
session_id | RTR Session id. | Required |
cloud_request_id | Cloud Request ID of the executed command to query. | Required |
#
Context OutputThere is no context output for this command.
#
cs-rtr-delete-scriptsDelete a custom-script based on the ID given. Can only delete one script at a time.
#
Base Commandcs-rtr-delete-scripts
#
InputArgument Name | Description | Required |
---|---|---|
ids | File id. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String | |
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String |
#
cs-rtr-delete-sessionDelete a session.
#
Base Commandcs-rtr-delete-session
#
InputArgument Name | Description | Required |
---|---|---|
session_id | RTR Session id. | Required |
#
Context OutputThere is no context output for this command.
#
cs-rtr-execute-active-responder-commandExecute an active responder command on a single host.
#
Base Commandcs-rtr-execute-active-responder-command
#
InputArgument Name | Description | Required |
---|---|---|
domain_commandexecuterequest_base_command | Required | |
domain_commandexecuterequest_command_string | Required | |
domain_commandexecuterequest_device_id | Required | |
domain_commandexecuterequest_id | Required | |
domain_commandexecuterequest_persist | Required | |
domain_commandexecuterequest_session_id | Required |
#
Context OutputThere is no context output for this command.
#
cs-rtr-execute-admin-commandExecute a RTR administrator command on a single host.
#
Base Commandcs-rtr-execute-admin-command
#
InputArgument Name | Description | Required |
---|---|---|
domain_commandexecuterequest_base_command | Required | |
domain_commandexecuterequest_command_string | Required | |
domain_commandexecuterequest_device_id | Required | |
domain_commandexecuterequest_id | Required | |
domain_commandexecuterequest_persist | Required | |
domain_commandexecuterequest_session_id | Required |
#
Context OutputThere is no context output for this command.
#
cs-rtr-execute-commandExecute a command on a single host.
#
Base Commandcs-rtr-execute-command
#
InputArgument Name | Description | Required |
---|---|---|
domain_commandexecuterequest_base_command | Required | |
domain_commandexecuterequest_command_string | Required | |
domain_commandexecuterequest_device_id | Required | |
domain_commandexecuterequest_id | Required | |
domain_commandexecuterequest_persist | Required | |
domain_commandexecuterequest_session_id | Required |
#
Context OutputThere is no context output for this command.
#
cs-rtr-get-extracted-file-contentsGet RTR extracted file contents for specified session and sha256.
#
Base Commandcs-rtr-get-extracted-file-contents
#
InputArgument Name | Description | Required |
---|---|---|
session_id | RTR Session id. | Required |
sha256 | Extracted SHA256 (e.g. 'efa256a96af3b556cd3fc9d8b1cf587d72807d7805ced441e8149fc279db422b'). | Required |
filename | Filename to use for the archive name and the file within the archive. | Optional |
#
Context OutputThere is no context output for this command.
#
cs-rtr-get-put-filesGet put-files based on the ID's given. These are used for the RTR put
command.
#
Base Commandcs-rtr-get-put-files
#
InputArgument Name | Description | Required |
---|---|---|
ids | File IDs. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.binservclientMsaPFResponse.errors.code | Number | |
CrowdStrike.binservclientMsaPFResponse.errors.id | String | |
CrowdStrike.binservclientMsaPFResponse.errors.message | String | |
CrowdStrike.binservclientMsaPFResponse.resources.bucket | String | |
CrowdStrike.binservclientMsaPFResponse.resources.cid | String | |
CrowdStrike.binservclientMsaPFResponse.resources.comments_for_audit_log | String | |
CrowdStrike.binservclientMsaPFResponse.resources.content | String | |
CrowdStrike.binservclientMsaPFResponse.resources.created_by | String | |
CrowdStrike.binservclientMsaPFResponse.resources.created_by_uuid | String | |
CrowdStrike.binservclientMsaPFResponse.resources.created_timestamp | String | |
CrowdStrike.binservclientMsaPFResponse.resources.description | String | |
CrowdStrike.binservclientMsaPFResponse.resources.file_type | String | |
CrowdStrike.binservclientMsaPFResponse.resources.id | String | |
CrowdStrike.binservclientMsaPFResponse.resources.modified_by | String | |
CrowdStrike.binservclientMsaPFResponse.resources.modified_by_uuid | String | |
CrowdStrike.binservclientMsaPFResponse.resources.modified_timestamp | String | |
CrowdStrike.binservclientMsaPFResponse.resources.name | String | |
CrowdStrike.binservclientMsaPFResponse.resources.path | String | |
CrowdStrike.binservclientMsaPFResponse.resources.permission_type | String | |
CrowdStrike.binservclientMsaPFResponse.resources.run_attempt_count | Number | |
CrowdStrike.binservclientMsaPFResponse.resources.run_success_count | Number | |
CrowdStrike.binservclientMsaPFResponse.resources.sha256 | String | |
CrowdStrike.binservclientMsaPFResponse.resources.size | Number | |
CrowdStrike.binservclientMsaPFResponse.resources.write_access | Boolean | |
CrowdStrike.binservclientMsaPFResponse.errors.code | Number | |
CrowdStrike.binservclientMsaPFResponse.errors.id | String | |
CrowdStrike.binservclientMsaPFResponse.errors.message | String | |
CrowdStrike.binservclientMsaPFResponse.resources.bucket | String | |
CrowdStrike.binservclientMsaPFResponse.resources.cid | String | |
CrowdStrike.binservclientMsaPFResponse.resources.comments_for_audit_log | String | |
CrowdStrike.binservclientMsaPFResponse.resources.content | String | |
CrowdStrike.binservclientMsaPFResponse.resources.created_by | String | |
CrowdStrike.binservclientMsaPFResponse.resources.created_by_uuid | String | |
CrowdStrike.binservclientMsaPFResponse.resources.created_timestamp | String | |
CrowdStrike.binservclientMsaPFResponse.resources.description | String | |
CrowdStrike.binservclientMsaPFResponse.resources.file_type | String | |
CrowdStrike.binservclientMsaPFResponse.resources.id | String | |
CrowdStrike.binservclientMsaPFResponse.resources.modified_by | String | |
CrowdStrike.binservclientMsaPFResponse.resources.modified_by_uuid | String | |
CrowdStrike.binservclientMsaPFResponse.resources.modified_timestamp | String | |
CrowdStrike.binservclientMsaPFResponse.resources.name | String | |
CrowdStrike.binservclientMsaPFResponse.resources.path | String | |
CrowdStrike.binservclientMsaPFResponse.resources.permission_type | String | |
CrowdStrike.binservclientMsaPFResponse.resources.run_attempt_count | Number | |
CrowdStrike.binservclientMsaPFResponse.resources.run_success_count | Number | |
CrowdStrike.binservclientMsaPFResponse.resources.sha256 | String | |
CrowdStrike.binservclientMsaPFResponse.resources.size | Number | |
CrowdStrike.binservclientMsaPFResponse.resources.write_access | Boolean |
#
cs-rtr-get-scriptsGet custom-scripts based on the ID's given. These are used for the RTR runscript
command.
#
Base Commandcs-rtr-get-scripts
#
InputArgument Name | Description | Required |
---|---|---|
ids | File IDs. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.binservclientMsaPFResponse.errors.code | Number | |
CrowdStrike.binservclientMsaPFResponse.errors.id | String | |
CrowdStrike.binservclientMsaPFResponse.errors.message | String | |
CrowdStrike.binservclientMsaPFResponse.resources.bucket | String | |
CrowdStrike.binservclientMsaPFResponse.resources.cid | String | |
CrowdStrike.binservclientMsaPFResponse.resources.comments_for_audit_log | String | |
CrowdStrike.binservclientMsaPFResponse.resources.content | String | |
CrowdStrike.binservclientMsaPFResponse.resources.created_by | String | |
CrowdStrike.binservclientMsaPFResponse.resources.created_by_uuid | String | |
CrowdStrike.binservclientMsaPFResponse.resources.created_timestamp | String | |
CrowdStrike.binservclientMsaPFResponse.resources.description | String | |
CrowdStrike.binservclientMsaPFResponse.resources.file_type | String | |
CrowdStrike.binservclientMsaPFResponse.resources.id | String | |
CrowdStrike.binservclientMsaPFResponse.resources.modified_by | String | |
CrowdStrike.binservclientMsaPFResponse.resources.modified_by_uuid | String | |
CrowdStrike.binservclientMsaPFResponse.resources.modified_timestamp | String | |
CrowdStrike.binservclientMsaPFResponse.resources.name | String | |
CrowdStrike.binservclientMsaPFResponse.resources.path | String | |
CrowdStrike.binservclientMsaPFResponse.resources.permission_type | String | |
CrowdStrike.binservclientMsaPFResponse.resources.run_attempt_count | Number | |
CrowdStrike.binservclientMsaPFResponse.resources.run_success_count | Number | |
CrowdStrike.binservclientMsaPFResponse.resources.sha256 | String | |
CrowdStrike.binservclientMsaPFResponse.resources.size | Number | |
CrowdStrike.binservclientMsaPFResponse.resources.write_access | Boolean | |
CrowdStrike.binservclientMsaPFResponse.errors.code | Number | |
CrowdStrike.binservclientMsaPFResponse.errors.id | String | |
CrowdStrike.binservclientMsaPFResponse.errors.message | String | |
CrowdStrike.binservclientMsaPFResponse.resources.bucket | String | |
CrowdStrike.binservclientMsaPFResponse.resources.cid | String | |
CrowdStrike.binservclientMsaPFResponse.resources.comments_for_audit_log | String | |
CrowdStrike.binservclientMsaPFResponse.resources.content | String | |
CrowdStrike.binservclientMsaPFResponse.resources.created_by | String | |
CrowdStrike.binservclientMsaPFResponse.resources.created_by_uuid | String | |
CrowdStrike.binservclientMsaPFResponse.resources.created_timestamp | String | |
CrowdStrike.binservclientMsaPFResponse.resources.description | String | |
CrowdStrike.binservclientMsaPFResponse.resources.file_type | String | |
CrowdStrike.binservclientMsaPFResponse.resources.id | String | |
CrowdStrike.binservclientMsaPFResponse.resources.modified_by | String | |
CrowdStrike.binservclientMsaPFResponse.resources.modified_by_uuid | String | |
CrowdStrike.binservclientMsaPFResponse.resources.modified_timestamp | String | |
CrowdStrike.binservclientMsaPFResponse.resources.name | String | |
CrowdStrike.binservclientMsaPFResponse.resources.path | String | |
CrowdStrike.binservclientMsaPFResponse.resources.permission_type | String | |
CrowdStrike.binservclientMsaPFResponse.resources.run_attempt_count | Number | |
CrowdStrike.binservclientMsaPFResponse.resources.run_success_count | Number | |
CrowdStrike.binservclientMsaPFResponse.resources.sha256 | String | |
CrowdStrike.binservclientMsaPFResponse.resources.size | Number | |
CrowdStrike.binservclientMsaPFResponse.resources.write_access | Boolean |
#
cs-rtr-init-sessionInitialize a new session with the RTR cloud.
#
Base Commandcs-rtr-init-session
#
InputArgument Name | Description | Required |
---|---|---|
domain_initrequest_device_id | Required | |
domain_initrequest_origin | Required | |
domain_initrequest_queue_offline | Required |
#
Context OutputThere is no context output for this command.
#
cs-rtr-list-all-sessionsGet a list of session_ids.
#
Base Commandcs-rtr-list-all-sessions
#
InputArgument Name | Description | Required |
---|---|---|
offset | Starting index of overall result set from which to return ids. | Optional |
limit | Number of ids to return. | Optional |
sort | Sort by spec. Ex: 'date_created|asc'. | Optional |
filter_ | Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. “user_id” can accept a special value ‘@me’ which will restrict results to records with current user’s ID. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainListSessionsResponseMsa.errors.code | Number | |
CrowdStrike.domainListSessionsResponseMsa.errors.id | String | |
CrowdStrike.domainListSessionsResponseMsa.errors.message | String | |
CrowdStrike.domainListSessionsResponseMsa.errors.code | Number | |
CrowdStrike.domainListSessionsResponseMsa.errors.id | String | |
CrowdStrike.domainListSessionsResponseMsa.errors.message | String |
#
cs-rtr-list-filesGet a list of files for the specified RTR session.
#
Base Commandcs-rtr-list-files
#
InputArgument Name | Description | Required |
---|---|---|
session_id | RTR Session id. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainListFilesResponseWrapper.errors.code | Number | |
CrowdStrike.domainListFilesResponseWrapper.errors.id | String | |
CrowdStrike.domainListFilesResponseWrapper.errors.message | String | |
CrowdStrike.domainListFilesResponseWrapper.resources.cloud_request_id | String | |
CrowdStrike.domainListFilesResponseWrapper.resources.created_at | String | |
CrowdStrike.domainListFilesResponseWrapper.resources.deleted_at | String | |
CrowdStrike.domainListFilesResponseWrapper.resources.id | Number | |
CrowdStrike.domainListFilesResponseWrapper.resources.name | String | |
CrowdStrike.domainListFilesResponseWrapper.resources.session_id | String | |
CrowdStrike.domainListFilesResponseWrapper.resources.sha256 | String | |
CrowdStrike.domainListFilesResponseWrapper.resources.size | Number | |
CrowdStrike.domainListFilesResponseWrapper.resources.updated_at | String | |
CrowdStrike.domainListFilesResponseWrapper.errors.code | Number | |
CrowdStrike.domainListFilesResponseWrapper.errors.id | String | |
CrowdStrike.domainListFilesResponseWrapper.errors.message | String | |
CrowdStrike.domainListFilesResponseWrapper.resources.cloud_request_id | String | |
CrowdStrike.domainListFilesResponseWrapper.resources.created_at | String | |
CrowdStrike.domainListFilesResponseWrapper.resources.deleted_at | String | |
CrowdStrike.domainListFilesResponseWrapper.resources.id | Number | |
CrowdStrike.domainListFilesResponseWrapper.resources.name | String | |
CrowdStrike.domainListFilesResponseWrapper.resources.session_id | String | |
CrowdStrike.domainListFilesResponseWrapper.resources.sha256 | String | |
CrowdStrike.domainListFilesResponseWrapper.resources.size | Number | |
CrowdStrike.domainListFilesResponseWrapper.resources.updated_at | String |
#
cs-rtr-list-put-filesGet a list of put-file ID's that are available to the user for the put
command.
#
Base Commandcs-rtr-list-put-files
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
limit | Number of ids to return. | Optional |
sort | Sort by spec. Ex: 'created_at|asc'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.binservclientMsaPutFileResponse.errors.code | Number | |
CrowdStrike.binservclientMsaPutFileResponse.errors.id | String | |
CrowdStrike.binservclientMsaPutFileResponse.errors.message | String | |
CrowdStrike.binservclientMsaPutFileResponse.errors.code | Number | |
CrowdStrike.binservclientMsaPutFileResponse.errors.id | String | |
CrowdStrike.binservclientMsaPutFileResponse.errors.message | String |
#
cs-rtr-list-queued-sessionsGet queued session metadata by session ID.
#
Base Commandcs-rtr-list-queued-sessions
#
InputArgument Name | Description | Required |
---|---|---|
msa_idsrequest_ids | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainQueuedSessionResponseWrapper.errors.code | Number | |
CrowdStrike.domainQueuedSessionResponseWrapper.errors.id | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.errors.message | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.base_command | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.cloud_request_id | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.command_string | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.created_at | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.deleted_at | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.status | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.status_text | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.updated_at | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.aid | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.created_at | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.deleted_at | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.id | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.status | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.updated_at | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.user_id | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.user_uuid | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.errors.code | Number | |
CrowdStrike.domainQueuedSessionResponseWrapper.errors.id | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.errors.message | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.base_command | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.cloud_request_id | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.command_string | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.created_at | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.deleted_at | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.status | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.status_text | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.Commands.updated_at | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.aid | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.created_at | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.deleted_at | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.id | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.status | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.updated_at | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.user_id | String | |
CrowdStrike.domainQueuedSessionResponseWrapper.resources.user_uuid | String |
#
cs-rtr-list-scriptsGet a list of custom-script ID's that are available to the user for the runscript
command.
#
Base Commandcs-rtr-list-scripts
#
InputArgument Name | Description | Required |
---|---|---|
filter_ | Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. | Optional |
offset | Starting index of overall result set from which to return ids. | Optional |
limit | Number of ids to return. | Optional |
sort | Sort by spec. Ex: 'created_at|asc'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.binservclientMsaPutFileResponse.errors.code | Number | |
CrowdStrike.binservclientMsaPutFileResponse.errors.id | String | |
CrowdStrike.binservclientMsaPutFileResponse.errors.message | String | |
CrowdStrike.binservclientMsaPutFileResponse.errors.code | Number | |
CrowdStrike.binservclientMsaPutFileResponse.errors.id | String | |
CrowdStrike.binservclientMsaPutFileResponse.errors.message | String |
#
cs-rtr-list-sessionsGet session metadata by session id.
#
Base Commandcs-rtr-list-sessions
#
InputArgument Name | Description | Required |
---|---|---|
msa_idsrequest_ids | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainSessionResponseWrapper.errors.code | Number | |
CrowdStrike.domainSessionResponseWrapper.errors.id | String | |
CrowdStrike.domainSessionResponseWrapper.errors.message | String | |
CrowdStrike.domainSessionResponseWrapper.resources.cid | String | |
CrowdStrike.domainSessionResponseWrapper.resources.commands_queued | Boolean | |
CrowdStrike.domainSessionResponseWrapper.resources.created_at | String | |
CrowdStrike.domainSessionResponseWrapper.resources.deleted_at | String | |
CrowdStrike.domainSessionResponseWrapper.resources.device_id | String | |
CrowdStrike.domainSessionResponseWrapper.resources.duration | Unknown | |
CrowdStrike.domainSessionResponseWrapper.resources.hostname | String | |
CrowdStrike.domainSessionResponseWrapper.resources.id | String | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.base_command | String | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.cloud_request_id | String | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.command_string | String | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.created_at | String | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.current_directory | String | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.id | Number | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.session_id | String | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.updated_at | String | |
CrowdStrike.domainSessionResponseWrapper.resources.offline_queued | Boolean | |
CrowdStrike.domainSessionResponseWrapper.resources.origin | String | |
CrowdStrike.domainSessionResponseWrapper.resources.platform_id | Number | |
CrowdStrike.domainSessionResponseWrapper.resources.platform_name | String | |
CrowdStrike.domainSessionResponseWrapper.resources.pwd | String | |
CrowdStrike.domainSessionResponseWrapper.resources.updated_at | String | |
CrowdStrike.domainSessionResponseWrapper.resources.user_id | String | |
CrowdStrike.domainSessionResponseWrapper.resources.user_uuid | String | |
CrowdStrike.domainSessionResponseWrapper.errors.code | Number | |
CrowdStrike.domainSessionResponseWrapper.errors.id | String | |
CrowdStrike.domainSessionResponseWrapper.errors.message | String | |
CrowdStrike.domainSessionResponseWrapper.resources.cid | String | |
CrowdStrike.domainSessionResponseWrapper.resources.commands_queued | Boolean | |
CrowdStrike.domainSessionResponseWrapper.resources.created_at | String | |
CrowdStrike.domainSessionResponseWrapper.resources.deleted_at | String | |
CrowdStrike.domainSessionResponseWrapper.resources.device_id | String | |
CrowdStrike.domainSessionResponseWrapper.resources.duration | Unknown | |
CrowdStrike.domainSessionResponseWrapper.resources.hostname | String | |
CrowdStrike.domainSessionResponseWrapper.resources.id | String | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.base_command | String | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.cloud_request_id | String | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.command_string | String | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.created_at | String | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.current_directory | String | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.id | Number | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.session_id | String | |
CrowdStrike.domainSessionResponseWrapper.resources.logs.updated_at | String | |
CrowdStrike.domainSessionResponseWrapper.resources.offline_queued | Boolean | |
CrowdStrike.domainSessionResponseWrapper.resources.origin | String | |
CrowdStrike.domainSessionResponseWrapper.resources.platform_id | Number | |
CrowdStrike.domainSessionResponseWrapper.resources.platform_name | String | |
CrowdStrike.domainSessionResponseWrapper.resources.pwd | String | |
CrowdStrike.domainSessionResponseWrapper.resources.updated_at | String | |
CrowdStrike.domainSessionResponseWrapper.resources.user_id | String | |
CrowdStrike.domainSessionResponseWrapper.resources.user_uuid | String |
#
cs-rtr-pulse-sessionRefresh a session timeout on a single host.
#
Base Commandcs-rtr-pulse-session
#
InputArgument Name | Description | Required |
---|---|---|
domain_initrequest_device_id | Required | |
domain_initrequest_origin | Required | |
domain_initrequest_queue_offline | Required |
#
Context OutputThere is no context output for this command.
#
cs-rtr-update-scriptsUpload a new scripts to replace an existing one.
#
Base Commandcs-rtr-update-scripts
#
InputArgument Name | Description | Required |
---|---|---|
id_ | ID to update. | Required |
file | custom-script file to upload. These should be powershell scripts. | Optional |
description | File description. | Optional |
name | File name (if different than actual file name). | Optional |
comments_for_audit_log | The audit log comment. | Optional |
permission_type | Permission for the custom-script. Valid permission values: - private , usable by only the user who uploaded it - group , usable by all RTR Admins - public , usable by all active-responders and RTR admins. | Optional |
content | The script text that you want to use to upload. | Optional |
platform | Platforms for the file. Currently supports: windows, mac,. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String | |
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String |
#
cs-scan-samplesSubmit a volume of files for ml scanning. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute.
#
Base Commandcs-scan-samples
#
InputArgument Name | Description | Required |
---|---|---|
mlscanner_samplesscanparameters_samples | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.mlscannerQueryResponse.errors.code | Number | |
CrowdStrike.mlscannerQueryResponse.errors.id | String | |
CrowdStrike.mlscannerQueryResponse.errors.message | String | |
CrowdStrike.mlscannerQueryResponse.errors.code | Number | |
CrowdStrike.mlscannerQueryResponse.errors.id | String | |
CrowdStrike.mlscannerQueryResponse.errors.message | String |
#
cs-set-device-control-policies-precedenceSets the precedence of Device Control Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence.
#
Base Commandcs-set-device-control-policies-precedence
#
InputArgument Name | Description | Required |
---|---|---|
requests_setpolicyprecedencereqv1_ids | The ids of all current prevention policies for the platform specified. The precedence will be set in the order the ids are specified. | Required |
requests_setpolicyprecedencereqv1_platform_name | The name of the platform for which to set precedence. Possible values are: Windows, Mac, Linux. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-set-firewall-policies-precedenceSets the precedence of Firewall Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence.
#
Base Commandcs-set-firewall-policies-precedence
#
InputArgument Name | Description | Required |
---|---|---|
requests_setpolicyprecedencereqv1_ids | The ids of all current prevention policies for the platform specified. The precedence will be set in the order the ids are specified. | Required |
requests_setpolicyprecedencereqv1_platform_name | The name of the platform for which to set precedence. Possible values are: Windows, Mac, Linux. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-set-prevention-policies-precedenceSets the precedence of Prevention Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence.
#
Base Commandcs-set-prevention-policies-precedence
#
InputArgument Name | Description | Required |
---|---|---|
requests_setpolicyprecedencereqv1_ids | The ids of all current prevention policies for the platform specified. The precedence will be set in the order the ids are specified. | Required |
requests_setpolicyprecedencereqv1_platform_name | The name of the platform for which to set precedence. Possible values are: Windows, Mac, Linux. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-set-sensor-update-policies-precedenceSets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence.
#
Base Commandcs-set-sensor-update-policies-precedence
#
InputArgument Name | Description | Required |
---|---|---|
requests_setpolicyprecedencereqv1_ids | The ids of all current prevention policies for the platform specified. The precedence will be set in the order the ids are specified. | Required |
requests_setpolicyprecedencereqv1_platform_name | The name of the platform for which to set precedence. Possible values are: Windows, Mac, Linux. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-setrt-response-policies-precedenceSets the precedence of Response Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence.
#
Base Commandcs-setrt-response-policies-precedence
#
InputArgument Name | Description | Required |
---|---|---|
requests_setpolicyprecedencereqv1_ids | The ids of all current prevention policies for the platform specified. The precedence will be set in the order the ids are specified. | Required |
requests_setpolicyprecedencereqv1_platform_name | The name of the platform for which to set precedence. Possible values are: Windows, Mac, Linux. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-submitSubmit an uploaded file or a URL for sandbox analysis. Time required for analysis varies but is usually less than 15 minutes.
#
Base Commandcs-submit
#
InputArgument Name | Description | Required |
---|---|---|
falconx_submissionparametersv1_sandbox | Optional | |
falconx_submissionparametersv1_user_tags | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.falconxSubmissionV1Response.errors.code | Number | |
CrowdStrike.falconxSubmissionV1Response.errors.id | String | |
CrowdStrike.falconxSubmissionV1Response.errors.message | String | |
CrowdStrike.falconxSubmissionV1Response.resources.cid | String | |
CrowdStrike.falconxSubmissionV1Response.resources.created_timestamp | String | |
CrowdStrike.falconxSubmissionV1Response.resources.id | String | |
CrowdStrike.falconxSubmissionV1Response.resources.origin | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.action_script | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.command_line | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.document_password | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.enable_tor | Boolean | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.environment_id | Number | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.sha256 | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.submit_name | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.system_date | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.system_time | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.url | String | |
CrowdStrike.falconxSubmissionV1Response.resources.state | String | |
CrowdStrike.falconxSubmissionV1Response.resources.user_id | String | |
CrowdStrike.falconxSubmissionV1Response.resources.user_name | String | |
CrowdStrike.falconxSubmissionV1Response.resources.user_uuid | String | |
CrowdStrike.falconxSubmissionV1Response.errors.code | Number | |
CrowdStrike.falconxSubmissionV1Response.errors.id | String | |
CrowdStrike.falconxSubmissionV1Response.errors.message | String | |
CrowdStrike.falconxSubmissionV1Response.resources.cid | String | |
CrowdStrike.falconxSubmissionV1Response.resources.created_timestamp | String | |
CrowdStrike.falconxSubmissionV1Response.resources.id | String | |
CrowdStrike.falconxSubmissionV1Response.resources.origin | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.action_script | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.command_line | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.document_password | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.enable_tor | Boolean | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.environment_id | Number | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.sha256 | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.submit_name | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.system_date | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.system_time | String | |
CrowdStrike.falconxSubmissionV1Response.resources.sandbox.url | String | |
CrowdStrike.falconxSubmissionV1Response.resources.state | String | |
CrowdStrike.falconxSubmissionV1Response.resources.user_id | String | |
CrowdStrike.falconxSubmissionV1Response.resources.user_name | String | |
CrowdStrike.falconxSubmissionV1Response.resources.user_uuid | String |
#
cs-tokenscreateCreates a token.
#
Base Commandcs-tokenscreate
#
InputArgument Name | Description | Required |
---|---|---|
api_tokencreaterequestv1_expires_timestamp | The token's expiration time (RFC-3339). Null, if the token never expires. | Optional |
api_tokencreaterequestv1_label | The token label. | Optional |
api_tokencreaterequestv1_type | The token type. | Optional |
#
Context OutputThere is no context output for this command.
#
cs-tokensdeleteDeletes a token immediately. To revoke a token, use PATCH /installation-tokens/entities/tokens/v1 instead.
#
Base Commandcs-tokensdelete
#
InputArgument Name | Description | Required |
---|---|---|
ids | The token ids to delete. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String | |
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String |
#
cs-tokensquerySearch for tokens by providing an FQL filter and paging details.
#
Base Commandcs-tokensquery
#
InputArgument Name | Description | Required |
---|---|---|
offset | The offset to start retrieving records from. | Optional |
limit | The maximum records to return. [1-1000]. Defaults to 50. | Optional |
sort | The property to sort by (e.g. created_timestamp.desc). | Optional |
filter_ | The filter expression that should be used to limit the results (e.g., status:'valid' ). | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-tokensreadGets the details of one or more tokens by id.
#
Base Commandcs-tokensread
#
InputArgument Name | Description | Required |
---|---|---|
ids | IDs of tokens to retrieve details for. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apitokenDetailsResponseV1.errors.code | Number | |
CrowdStrike.apitokenDetailsResponseV1.errors.id | String | |
CrowdStrike.apitokenDetailsResponseV1.errors.message | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.created_timestamp | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.expires_timestamp | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.id | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.label | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.last_used_timestamp | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.revoked_timestamp | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.status | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.type | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.value | String | |
CrowdStrike.apitokenDetailsResponseV1.errors.code | Number | |
CrowdStrike.apitokenDetailsResponseV1.errors.id | String | |
CrowdStrike.apitokenDetailsResponseV1.errors.message | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.created_timestamp | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.expires_timestamp | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.id | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.label | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.last_used_timestamp | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.revoked_timestamp | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.status | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.type | String | |
CrowdStrike.apitokenDetailsResponseV1.resources.value | String |
#
cs-tokensupdateUpdates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore.
#
Base Commandcs-tokensupdate
#
InputArgument Name | Description | Required |
---|---|---|
ids | The token ids to update. | Required |
api_tokenpatchrequestv1_expires_timestamp | The token's expiration time (RFC-3339). Null, if the token never expires. | Optional |
api_tokenpatchrequestv1_label | The token label. | Optional |
api_tokenpatchrequestv1_revoked | Set to true to revoke the token, false to un-revoked it. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String | |
CrowdStrike.msaQueryResponse.errors.code | Number | |
CrowdStrike.msaQueryResponse.errors.id | String | |
CrowdStrike.msaQueryResponse.errors.message | String |
#
cs-trigger-scanTriggers a dry run or a full scan of a customer's kubernetes footprint.
#
Base Commandcs-trigger-scan
#
InputArgument Name | Description | Required |
---|---|---|
scan_type | Scan Type to do. Possible values are: cluster-refresh, dry-run, full. | Required |
#
Context OutputThere is no context output for this command.
#
cs-update-actionv1Update an action for a monitoring rule.
#
Base Commandcs-update-actionv1
#
InputArgument Name | Description | Required |
---|---|---|
domain_updateactionrequest_frequency | Required | |
domain_updateactionrequest_id | Required | |
domain_updateactionrequest_recipients | Required | |
domain_updateactionrequest_status | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainActionEntitiesResponseV1.errors.code | Number | |
CrowdStrike.domainActionEntitiesResponseV1.errors.details.field | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.details.message | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.details.message_key | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.id | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.message | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.message_key | String | |
CrowdStrike.domainActionEntitiesResponseV1.resources.cid | String | The ID of the customer who created the action. |
CrowdStrike.domainActionEntitiesResponseV1.resources.created_timestamp | String | The date when the action was created. |
CrowdStrike.domainActionEntitiesResponseV1.resources.frequency | String | |
CrowdStrike.domainActionEntitiesResponseV1.resources.id | String | The ID of the action. |
CrowdStrike.domainActionEntitiesResponseV1.resources.rule_id | String | The ID of the rule on which this action is attached. |
CrowdStrike.domainActionEntitiesResponseV1.resources.status | String | The action status. It can be either 'enabled' or 'muted'. |
CrowdStrike.domainActionEntitiesResponseV1.resources.type | String | The action type. The only type currently supported is 'email'. |
CrowdStrike.domainActionEntitiesResponseV1.resources.updated_timestamp | String | The date when the action was updated. |
CrowdStrike.domainActionEntitiesResponseV1.resources.user_uuid | String | The UUID of the user who created the action. |
CrowdStrike.domainActionEntitiesResponseV1.errors.code | Number | |
CrowdStrike.domainActionEntitiesResponseV1.errors.details.field | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.details.message | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.details.message_key | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.id | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.message | String | |
CrowdStrike.domainActionEntitiesResponseV1.errors.message_key | String | |
CrowdStrike.domainActionEntitiesResponseV1.resources.cid | String | The ID of the customer who created the action. |
CrowdStrike.domainActionEntitiesResponseV1.resources.created_timestamp | String | The date when the action was created. |
CrowdStrike.domainActionEntitiesResponseV1.resources.frequency | String | |
CrowdStrike.domainActionEntitiesResponseV1.resources.id | String | The ID of the action. |
CrowdStrike.domainActionEntitiesResponseV1.resources.rule_id | String | The ID of the rule on which this action is attached. |
CrowdStrike.domainActionEntitiesResponseV1.resources.status | String | The action status. It can be either 'enabled' or 'muted'. |
CrowdStrike.domainActionEntitiesResponseV1.resources.type | String | The action type. The only type currently supported is 'email'. |
CrowdStrike.domainActionEntitiesResponseV1.resources.updated_timestamp | String | The date when the action was updated. |
CrowdStrike.domainActionEntitiesResponseV1.resources.user_uuid | String | The UUID of the user who created the action. |
#
cs-update-detects-by-idsv2Modify the state, assignee, and visibility of detections.
#
Base Commandcs-update-detects-by-idsv2
#
InputArgument Name | Description | Required |
---|---|---|
domain_detectsentitiespatchrequest_assigned_to_uuid | Optional | |
domain_detectsentitiespatchrequest_comment | Optional | |
domain_detectsentitiespatchrequest_ids | Optional | |
domain_detectsentitiespatchrequest_show_in_ui | Optional | |
domain_detectsentitiespatchrequest_status | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String | |
CrowdStrike.msaReplyMetaOnly.errors.code | Number | |
CrowdStrike.msaReplyMetaOnly.errors.id | String | |
CrowdStrike.msaReplyMetaOnly.errors.message | String |
#
cs-update-device-control-policiesUpdate Device Control Policies by specifying the ID of the policy and details to update.
#
Base Commandcs-update-device-control-policies
#
InputArgument Name | Description | Required |
---|---|---|
requests_updatedevicecontrolpoliciesv1_resources | A collection of policies to update. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesDeviceControlPoliciesV1.errors.code | Number | |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.id | String | |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.message | String | |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.code | Number | |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.id | String | |
CrowdStrike.responsesDeviceControlPoliciesV1.errors.message | String | |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesDeviceControlPoliciesV1.resources.platform_name | String | The name of the platform. |
#
cs-update-device-tagsAppend or remove one or more Falcon Grouping Tags on one or more hosts.
#
Base Commandcs-update-device-tags
#
InputArgument Name | Description | Required |
---|---|---|
domain_updatedevicetagsrequestv1_action | Required | |
domain_updatedevicetagsrequestv1_device_ids | Required | |
domain_updatedevicetagsrequestv1_tags | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaEntitiesResponse.errors.code | Number | |
CrowdStrike.msaEntitiesResponse.errors.id | String | |
CrowdStrike.msaEntitiesResponse.errors.message | String | |
CrowdStrike.msaEntitiesResponse.errors.code | Number | |
CrowdStrike.msaEntitiesResponse.errors.id | String | |
CrowdStrike.msaEntitiesResponse.errors.message | String |
#
cs-update-firewall-policiesUpdate Firewall Policies by specifying the ID of the policy and details to update.
#
Base Commandcs-update-firewall-policies
#
InputArgument Name | Description | Required |
---|---|---|
requests_updatefirewallpoliciesv1_resources | A collection of policies to update. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesFirewallPoliciesV1.errors.code | Number | |
CrowdStrike.responsesFirewallPoliciesV1.errors.id | String | |
CrowdStrike.responsesFirewallPoliciesV1.errors.message | String | |
CrowdStrike.responsesFirewallPoliciesV1.resources.channel_version | Number | Channel file version for the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesFirewallPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesFirewallPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesFirewallPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesFirewallPoliciesV1.resources.rule_set_id | String | Firewall rule set id. This id combines several firewall rules and gets attached to the policy. |
CrowdStrike.responsesFirewallPoliciesV1.errors.code | Number | |
CrowdStrike.responsesFirewallPoliciesV1.errors.id | String | |
CrowdStrike.responsesFirewallPoliciesV1.errors.message | String | |
CrowdStrike.responsesFirewallPoliciesV1.resources.channel_version | Number | Channel file version for the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesFirewallPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesFirewallPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesFirewallPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesFirewallPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesFirewallPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesFirewallPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesFirewallPoliciesV1.resources.rule_set_id | String | Firewall rule set id. This id combines several firewall rules and gets attached to the policy. |
#
cs-update-host-groupsUpdate Host Groups by specifying the ID of the group and details to update.
#
Base Commandcs-update-host-groups
#
InputArgument Name | Description | Required |
---|---|---|
requests_updategroupsv1_resources | A collection of groups to update. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesHostGroupsV1.errors.code | Number | |
CrowdStrike.responsesHostGroupsV1.errors.id | String | |
CrowdStrike.responsesHostGroupsV1.errors.message | String | |
CrowdStrike.responsesHostGroupsV1.resources.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesHostGroupsV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesHostGroupsV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesHostGroupsV1.resources.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesHostGroupsV1.resources.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesHostGroupsV1.resources.id | String | The identifier of this host group. |
CrowdStrike.responsesHostGroupsV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesHostGroupsV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesHostGroupsV1.resources.name | String | The name of the group. |
CrowdStrike.responsesHostGroupsV1.errors.code | Number | |
CrowdStrike.responsesHostGroupsV1.errors.id | String | |
CrowdStrike.responsesHostGroupsV1.errors.message | String | |
CrowdStrike.responsesHostGroupsV1.resources.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesHostGroupsV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesHostGroupsV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesHostGroupsV1.resources.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesHostGroupsV1.resources.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesHostGroupsV1.resources.id | String | The identifier of this host group. |
CrowdStrike.responsesHostGroupsV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesHostGroupsV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesHostGroupsV1.resources.name | String | The name of the group. |
#
cs-update-notificationsv1Update notification status or assignee. Accepts bulk requests.
#
Base Commandcs-update-notificationsv1
#
InputArgument Name | Description | Required |
---|---|---|
domain_updatenotificationrequestv1_assigned_to_uuid | The unique ID of the user who is assigned to this notification. | Required |
domain_updatenotificationrequestv1_id | The ID of the notifications. | Required |
domain_updatenotificationrequestv1_status | The notification status. This can be one of: new, in-progress, closed-false-positive, closed-true-positive. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainNotificationEntitiesResponseV1.errors.code | Number | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.field | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.message | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.message_key | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.id | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.message | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.message_key | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_uid | String | The email of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_username | String | The name of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_uuid | String | The unique ID of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.created_date | String | The date when the notification was generated. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.id | String | The ID of the notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_date | String | Timestamp when the intelligence item is considered to have been posted. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_id | String | ID of the intelligence item which generated the match. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_type | String | Type of intelligence item based on format, e.g. post, reply, botnet_config. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_id | String | The ID of the rule that generated this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_name | String | The name of the rule that generated this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_priority | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_topic | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.status | String | The notification status. This can be one of: new, in-progress, closed-false-positive, closed-true-positive. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.updated_date | String | The date when the notification was updated. |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.code | Number | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.field | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.message | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.details.message_key | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.id | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.message | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.errors.message_key | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_uid | String | The email of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_username | String | The name of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.assigned_to_uuid | String | The unique ID of the user who is assigned to this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.created_date | String | The date when the notification was generated. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.id | String | The ID of the notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_date | String | Timestamp when the intelligence item is considered to have been posted. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_id | String | ID of the intelligence item which generated the match. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.item_type | String | Type of intelligence item based on format, e.g. post, reply, botnet_config. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_id | String | The ID of the rule that generated this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_name | String | The name of the rule that generated this notification. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_priority | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.rule_topic | String | |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.status | String | The notification status. This can be one of: new, in-progress, closed-false-positive, closed-true-positive. |
CrowdStrike.domainNotificationEntitiesResponseV1.resources.updated_date | String | The date when the notification was updated. |
#
cs-update-prevention-policiesUpdate Prevention Policies by specifying the ID of the policy and details to update.
#
Base Commandcs-update-prevention-policies
#
InputArgument Name | Description | Required |
---|---|---|
requests_updatepreventionpoliciesv1_resources | A collection of policies to update. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesPreventionPoliciesV1.errors.code | Number | |
CrowdStrike.responsesPreventionPoliciesV1.errors.id | String | |
CrowdStrike.responsesPreventionPoliciesV1.errors.message | String | |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesPreventionPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.name | String | The name of the category. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
CrowdStrike.responsesPreventionPoliciesV1.errors.code | Number | |
CrowdStrike.responsesPreventionPoliciesV1.errors.id | String | |
CrowdStrike.responsesPreventionPoliciesV1.errors.message | String | |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesPreventionPoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesPreventionPoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesPreventionPoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesPreventionPoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.name | String | The name of the category. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesPreventionPoliciesV1.resources.prevention_settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
#
cs-update-rulesv1Update monitoring rules.
#
Base Commandcs-update-rulesv1
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERUUID | User UUID. | Optional |
domain_updaterulerequestv1_filter | The filter to be used for searching. | Required |
domain_updaterulerequestv1_id | The rule ID to be updated. | Required |
domain_updaterulerequestv1_name | The name of a particular rule. | Required |
domain_updaterulerequestv1_permissions | The permissions for a particular rule which specifies the rule's access by other users. Possible values: [private public]. | Required |
domain_updaterulerequestv1_priority | The priority for a particular rule. Possible values: [low medium high]. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainRulesEntitiesResponseV1.errors.code | Number | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.details.field | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.details.message | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.details.message_key | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.id | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.message | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.message_key | String | |
CrowdStrike.domainRulesEntitiesResponseV1.resources.cid | String | |
CrowdStrike.domainRulesEntitiesResponseV1.resources.created_timestamp | String | The creation time for a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.filter | String | The FQL filter contained in a rule and used for searching. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.id | String | The ID of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.name | String | The name for a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.permissions | String | The permissions of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.priority | String | The priority of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.status | String | The status of a rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.status_message | String | The detailed status message. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.topic | String | The topic of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.updated_timestamp | String | The last updated time for a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.user_id | String | The user ID of the user that created a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.user_name | String | The user name of the user that created a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.user_uuid | String | The UUID of the user that created a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.errors.code | Number | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.details.field | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.details.message | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.details.message_key | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.id | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.message | String | |
CrowdStrike.domainRulesEntitiesResponseV1.errors.message_key | String | |
CrowdStrike.domainRulesEntitiesResponseV1.resources.cid | String | |
CrowdStrike.domainRulesEntitiesResponseV1.resources.created_timestamp | String | The creation time for a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.filter | String | The FQL filter contained in a rule and used for searching. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.id | String | The ID of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.name | String | The name for a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.permissions | String | The permissions of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.priority | String | The priority of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.status | String | The status of a rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.status_message | String | The detailed status message. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.topic | String | The topic of a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.updated_timestamp | String | The last updated time for a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.user_id | String | The user ID of the user that created a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.user_name | String | The user name of the user that created a given rule. |
CrowdStrike.domainRulesEntitiesResponseV1.resources.user_uuid | String | The UUID of the user that created a given rule. |
#
cs-update-sensor-update-policiesUpdate Sensor Update Policies by specifying the ID of the policy and details to update.
#
Base Commandcs-update-sensor-update-policies
#
InputArgument Name | Description | Required |
---|---|---|
requests_updatesensorupdatepoliciesv1_resources | A collection of policies to update. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.code | Number | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.id | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.message | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.code | Number | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.id | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.errors.message | String | |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV1.resources.platform_name | String | The name of the platform. |
#
cs-update-sensor-update-policiesv2Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection.
#
Base Commandcs-update-sensor-update-policiesv2
#
InputArgument Name | Description | Required |
---|---|---|
requests_updatesensorupdatepoliciesv2_resources | A collection of policies to update. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.code | Number | |
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.id | String | |
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.message | String | |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.code | Number | |
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.id | String | |
CrowdStrike.responsesSensorUpdatePoliciesV2.errors.message | String | |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesSensorUpdatePoliciesV2.resources.platform_name | String | The name of the platform. |
#
cs-update-sensor-visibility-exclusionsv1Update the sensor visibility exclusions.
#
Base Commandcs-update-sensor-visibility-exclusionsv1
#
InputArgument Name | Description | Required |
---|---|---|
requests_svexclusionupdatereqv1_comment | Optional | |
requests_svexclusionupdatereqv1_groups | Optional | |
requests_svexclusionupdatereqv1_id | Required | |
requests_svexclusionupdatereqv1_value | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesSvExclusionRespV1.errors.code | Number | |
CrowdStrike.responsesSvExclusionRespV1.errors.id | String | |
CrowdStrike.responsesSvExclusionRespV1.errors.message | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.applied_globally | Boolean | |
CrowdStrike.responsesSvExclusionRespV1.resources.created_by | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.created_on | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSvExclusionRespV1.resources.id | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.last_modified | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.modified_by | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.regexp_value | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.value | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.value_hash | String | |
CrowdStrike.responsesSvExclusionRespV1.errors.code | Number | |
CrowdStrike.responsesSvExclusionRespV1.errors.id | String | |
CrowdStrike.responsesSvExclusionRespV1.errors.message | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.applied_globally | Boolean | |
CrowdStrike.responsesSvExclusionRespV1.resources.created_by | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.created_on | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesSvExclusionRespV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesSvExclusionRespV1.resources.id | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.last_modified | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.modified_by | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.regexp_value | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.value | String | |
CrowdStrike.responsesSvExclusionRespV1.resources.value_hash | String |
#
cs-update-userModify an existing user's first or last name.
#
Base Commandcs-update-user
#
InputArgument Name | Description | Required |
---|---|---|
user_uuid | ID of a user. Find a user's ID from /users/entities/user/v1 . | Required |
domain_updateuserfields_firstname | Optional | |
domain_updateuserfields_lastname | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainUserMetaDataResponse.errors.code | Number | |
CrowdStrike.domainUserMetaDataResponse.errors.id | String | |
CrowdStrike.domainUserMetaDataResponse.errors.message | String | |
CrowdStrike.domainUserMetaDataResponse.resources.customer | String | |
CrowdStrike.domainUserMetaDataResponse.resources.firstName | String | |
CrowdStrike.domainUserMetaDataResponse.resources.lastName | String | |
CrowdStrike.domainUserMetaDataResponse.resources.uid | String | |
CrowdStrike.domainUserMetaDataResponse.resources.uuid | String | |
CrowdStrike.domainUserMetaDataResponse.errors.code | Number | |
CrowdStrike.domainUserMetaDataResponse.errors.id | String | |
CrowdStrike.domainUserMetaDataResponse.errors.message | String | |
CrowdStrike.domainUserMetaDataResponse.resources.customer | String | |
CrowdStrike.domainUserMetaDataResponse.resources.firstName | String | |
CrowdStrike.domainUserMetaDataResponse.resources.lastName | String | |
CrowdStrike.domainUserMetaDataResponse.resources.uid | String | |
CrowdStrike.domainUserMetaDataResponse.resources.uuid | String |
#
cs-update-user-groupsUpdate existing User Group(s). User Group ID is expected for each User Group definition provided in request body. User Group member(s) remain unaffected.
#
Base Commandcs-update-user-groups
#
InputArgument Name | Description | Required |
---|---|---|
domain_usergroupsrequestv1_resources | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainUserGroupsResponseV1.errors.code | Number | |
CrowdStrike.domainUserGroupsResponseV1.errors.id | String | |
CrowdStrike.domainUserGroupsResponseV1.errors.message | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.cid | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.description | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.name | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.user_group_id | String | |
CrowdStrike.domainUserGroupsResponseV1.errors.code | Number | |
CrowdStrike.domainUserGroupsResponseV1.errors.id | String | |
CrowdStrike.domainUserGroupsResponseV1.errors.message | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.cid | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.description | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.name | String | |
CrowdStrike.domainUserGroupsResponseV1.resources.user_group_id | String |
#
cs-updateaws-accountUpdates the AWS account per the query meters provided.
#
Base Commandcs-updateaws-account
#
InputArgument Name | Description | Required |
---|---|---|
ids | AWS Account ID. | Required |
region | Default Region for Account Automation. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.msaBaseEntitiesResponse.errors.code | Number | |
CrowdStrike.msaBaseEntitiesResponse.errors.id | String | |
CrowdStrike.msaBaseEntitiesResponse.errors.message | String | |
CrowdStrike.msaBaseEntitiesResponse.errors.code | Number | |
CrowdStrike.msaBaseEntitiesResponse.errors.id | String | |
CrowdStrike.msaBaseEntitiesResponse.errors.message | String |
#
cs-updateaws-accountsUpdate AWS Accounts by specifying the ID of the account and details to update.
#
Base Commandcs-updateaws-accounts
#
InputArgument Name | Description | Required |
---|---|---|
models_updateawsaccountsv1_resources | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.modelsAWSAccountsV1.errors.code | Number | |
CrowdStrike.modelsAWSAccountsV1.errors.id | String | |
CrowdStrike.modelsAWSAccountsV1.errors.message | String | |
CrowdStrike.modelsAWSAccountsV1.resources.alias | String | Alias/Name associated with the account. This is only updated once the account is in a registered state. |
CrowdStrike.modelsAWSAccountsV1.resources.cid | String | |
CrowdStrike.modelsAWSAccountsV1.resources.cloudformation_stack_id | String | Unique identifier for the cloudformation stack id used for provisioning. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudformation_url | String | URL of the CloudFormation template to execute. This is returned when mode is to set 'cloudformation' when provisioning. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudtrail_bucket_owner_id | String | The 12 digit AWS account which is hosting the S3 bucket containing cloudtrail logs for this account. If this field is set, it takes precedence of the settings level field. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudtrail_bucket_region | String | Region where the S3 bucket containing cloudtrail logs resides. This is only set if using cloudformation to provision and create the trail. |
CrowdStrike.modelsAWSAccountsV1.resources.created_timestamp | String | Timestamp of when the account was first provisioned within CrowdStrike's system.' |
CrowdStrike.modelsAWSAccountsV1.resources.external_id | String | ID assigned for use with cross account IAM role access. |
CrowdStrike.modelsAWSAccountsV1.resources.iam_role_arn | String | The full arn of the IAM role created in this account to control access. |
CrowdStrike.modelsAWSAccountsV1.resources.id | String | 12 digit AWS provided unique identifier for the account. |
CrowdStrike.modelsAWSAccountsV1.resources.last_modified_timestamp | String | Timestamp of when the account was last modified. |
CrowdStrike.modelsAWSAccountsV1.resources.last_scanned_timestamp | String | Timestamp of when the account was scanned. |
CrowdStrike.modelsAWSAccountsV1.resources.policy_version | String | Current version of permissions associated with IAM role and granted access. |
CrowdStrike.modelsAWSAccountsV1.resources.provisioning_state | String | Provisioning state of the account. Values can be; initiated, registered, unregistered. |
CrowdStrike.modelsAWSAccountsV1.resources.rate_limit_reqs | Number | Rate limiting setting to control the maximum number of requests that can be made within the rate_limit_time duration. |
CrowdStrike.modelsAWSAccountsV1.resources.rate_limit_time | Number | Rate limiting setting to control the number of seconds for which rate_limit_reqs applies. |
CrowdStrike.modelsAWSAccountsV1.resources.template_version | String | Current version of cloudformation template used to manage access. |
CrowdStrike.modelsAWSAccountsV1.errors.code | Number | |
CrowdStrike.modelsAWSAccountsV1.errors.id | String | |
CrowdStrike.modelsAWSAccountsV1.errors.message | String | |
CrowdStrike.modelsAWSAccountsV1.resources.alias | String | Alias/Name associated with the account. This is only updated once the account is in a registered state. |
CrowdStrike.modelsAWSAccountsV1.resources.cid | String | |
CrowdStrike.modelsAWSAccountsV1.resources.cloudformation_stack_id | String | Unique identifier for the cloudformation stack id used for provisioning. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudformation_url | String | URL of the CloudFormation template to execute. This is returned when mode is to set 'cloudformation' when provisioning. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudtrail_bucket_owner_id | String | The 12 digit AWS account which is hosting the S3 bucket containing cloudtrail logs for this account. If this field is set, it takes precedence of the settings level field. |
CrowdStrike.modelsAWSAccountsV1.resources.cloudtrail_bucket_region | String | Region where the S3 bucket containing cloudtrail logs resides. This is only set if using cloudformation to provision and create the trail. |
CrowdStrike.modelsAWSAccountsV1.resources.created_timestamp | String | Timestamp of when the account was first provisioned within CrowdStrike's system.' |
CrowdStrike.modelsAWSAccountsV1.resources.external_id | String | ID assigned for use with cross account IAM role access. |
CrowdStrike.modelsAWSAccountsV1.resources.iam_role_arn | String | The full arn of the IAM role created in this account to control access. |
CrowdStrike.modelsAWSAccountsV1.resources.id | String | 12 digit AWS provided unique identifier for the account. |
CrowdStrike.modelsAWSAccountsV1.resources.last_modified_timestamp | String | Timestamp of when the account was last modified. |
CrowdStrike.modelsAWSAccountsV1.resources.last_scanned_timestamp | String | Timestamp of when the account was scanned. |
CrowdStrike.modelsAWSAccountsV1.resources.policy_version | String | Current version of permissions associated with IAM role and granted access. |
CrowdStrike.modelsAWSAccountsV1.resources.provisioning_state | String | Provisioning state of the account. Values can be; initiated, registered, unregistered. |
CrowdStrike.modelsAWSAccountsV1.resources.rate_limit_reqs | Number | Rate limiting setting to control the maximum number of requests that can be made within the rate_limit_time duration. |
CrowdStrike.modelsAWSAccountsV1.resources.rate_limit_time | Number | Rate limiting setting to control the number of seconds for which rate_limit_reqs applies. |
CrowdStrike.modelsAWSAccountsV1.resources.template_version | String | Current version of cloudformation template used to manage access. |
#
cs-updatecid-groupsUpdate existing CID Group(s). CID Group ID is expected for each CID Group definition provided in request body. CID Group member(s) remain unaffected.
#
Base Commandcs-updatecid-groups
#
InputArgument Name | Description | Required |
---|---|---|
domain_cidgroupsrequestv1_resources | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.domainCIDGroupsResponseV1.errors.code | Number | |
CrowdStrike.domainCIDGroupsResponseV1.errors.id | String | |
CrowdStrike.domainCIDGroupsResponseV1.errors.message | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.cid | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.cid_group_id | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.description | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.name | String | |
CrowdStrike.domainCIDGroupsResponseV1.errors.code | Number | |
CrowdStrike.domainCIDGroupsResponseV1.errors.id | String | |
CrowdStrike.domainCIDGroupsResponseV1.errors.message | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.cid | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.cid_group_id | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.description | String | |
CrowdStrike.domainCIDGroupsResponseV1.resources.name | String |
#
cs-updatecspm-azure-tenant-default-subscriptionidUpdate an Azure default subscription_id in our system for given tenant_id.
#
Base Commandcs-updatecspm-azure-tenant-default-subscriptionid
#
InputArgument Name | Description | Required |
---|---|---|
tenant_id | Tenant ID to update client ID for. Required if multiple tenants are registered. | Optional |
subscription_id | Default Subscription ID to patch for all subscriptions belonged to a tenant. | Required |
#
Context OutputThere is no context output for this command.
#
cs-updatecspm-policy-settingsUpdates a policy setting - can be used to override policy severity or to disable a policy entirely.
#
Base Commandcs-updatecspm-policy-settings
#
InputArgument Name | Description | Required |
---|---|---|
registration_policyrequestextv1_resources | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationPolicySettingsResponseV1.errors.code | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.errors.id | String | |
CrowdStrike.registrationPolicySettingsResponseV1.errors.message | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cid | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cis_benchmark.benchmark_short | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cis_benchmark.id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cis_benchmark.recommendation_number | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cloud_service | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cloud_service_subtype | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.default_severity | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.name | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.nist_benchmark.benchmark_short | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.nist_benchmark.id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.nist_benchmark.recommendation_number | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.pci_benchmark.benchmark_short | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.pci_benchmark.id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.pci_benchmark.recommendation_number | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.account_id | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.enabled | Boolean | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.severity | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.tag_excluded | Boolean | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.tenant_id | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_timestamp | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_type | String | |
CrowdStrike.registrationPolicySettingsResponseV1.errors.code | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.errors.id | String | |
CrowdStrike.registrationPolicySettingsResponseV1.errors.message | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cid | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cis_benchmark.benchmark_short | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cis_benchmark.id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cis_benchmark.recommendation_number | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cloud_service | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.cloud_service_subtype | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.default_severity | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.name | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.nist_benchmark.benchmark_short | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.nist_benchmark.id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.nist_benchmark.recommendation_number | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.pci_benchmark.benchmark_short | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.pci_benchmark.id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.pci_benchmark.recommendation_number | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_id | Number | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.account_id | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.enabled | Boolean | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.severity | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.tag_excluded | Boolean | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_settings.tenant_id | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_timestamp | String | |
CrowdStrike.registrationPolicySettingsResponseV1.resources.policy_type | String |
#
cs-updatecspm-scan-scheduleUpdates scan schedule configuration for one or more cloud platforms.
#
Base Commandcs-updatecspm-scan-schedule
#
InputArgument Name | Description | Required |
---|---|---|
registration_scanscheduleupdaterequestv1_resources | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.registrationScanScheduleResponseV1.errors.code | Number | |
CrowdStrike.registrationScanScheduleResponseV1.errors.id | String | |
CrowdStrike.registrationScanScheduleResponseV1.errors.message | String | |
CrowdStrike.registrationScanScheduleResponseV1.resources.cloud_platform | String | |
CrowdStrike.registrationScanScheduleResponseV1.resources.next_scan_timestamp | String | |
CrowdStrike.registrationScanScheduleResponseV1.resources.scan_schedule | String | |
CrowdStrike.registrationScanScheduleResponseV1.errors.code | Number | |
CrowdStrike.registrationScanScheduleResponseV1.errors.id | String | |
CrowdStrike.registrationScanScheduleResponseV1.errors.message | String | |
CrowdStrike.registrationScanScheduleResponseV1.resources.cloud_platform | String | |
CrowdStrike.registrationScanScheduleResponseV1.resources.next_scan_timestamp | String | |
CrowdStrike.registrationScanScheduleResponseV1.resources.scan_schedule | String |
#
cs-updateioa-exclusionsv1Update the IOA exclusions.
#
Base Commandcs-updateioa-exclusionsv1
#
InputArgument Name | Description | Required |
---|---|---|
requests_ioaexclusionupdatereqv1_cl_regex | Required | |
requests_ioaexclusionupdatereqv1_comment | Optional | |
requests_ioaexclusionupdatereqv1_description | Required | |
requests_ioaexclusionupdatereqv1_detection_json | Required | |
requests_ioaexclusionupdatereqv1_groups | Required | |
requests_ioaexclusionupdatereqv1_id | Required | |
requests_ioaexclusionupdatereqv1_ifn_regex | Required | |
requests_ioaexclusionupdatereqv1_name | Required | |
requests_ioaexclusionupdatereqv1_pattern_id | Required | |
requests_ioaexclusionupdatereqv1_pattern_name | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesIoaExclusionRespV1.errors.code | Number | |
CrowdStrike.responsesIoaExclusionRespV1.errors.id | String | |
CrowdStrike.responsesIoaExclusionRespV1.errors.message | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.applied_globally | Boolean | |
CrowdStrike.responsesIoaExclusionRespV1.resources.cl_regex | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.created_by | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.created_on | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.description | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.detection_json | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesIoaExclusionRespV1.resources.id | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.ifn_regex | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.last_modified | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.modified_by | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.name | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.pattern_id | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.pattern_name | String | |
CrowdStrike.responsesIoaExclusionRespV1.errors.code | Number | |
CrowdStrike.responsesIoaExclusionRespV1.errors.id | String | |
CrowdStrike.responsesIoaExclusionRespV1.errors.message | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.applied_globally | Boolean | |
CrowdStrike.responsesIoaExclusionRespV1.resources.cl_regex | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.created_by | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.created_on | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.description | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.detection_json | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesIoaExclusionRespV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesIoaExclusionRespV1.resources.id | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.ifn_regex | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.last_modified | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.modified_by | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.name | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.pattern_id | String | |
CrowdStrike.responsesIoaExclusionRespV1.resources.pattern_name | String |
#
cs-updateioc#
Base Commandcs-updateioc
#
InputArgument Name | Description | Required |
---|---|---|
api_iocviewrecord_batch_id | Optional | |
api_iocviewrecord_created_by | Optional | |
api_iocviewrecord_created_timestamp | Optional | |
api_iocviewrecord_description | Optional | |
api_iocviewrecord_expiration_days | Optional | |
api_iocviewrecord_expiration_timestamp | Optional | |
api_iocviewrecord_modified_by | Optional | |
api_iocviewrecord_modified_timestamp | Optional | |
api_iocviewrecord_policy | Optional | |
api_iocviewrecord_share_level | Optional | |
api_iocviewrecord_source | Optional | |
api_iocviewrecord_type | Optional | |
api_iocviewrecord_value | Optional | |
type_ | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. . | Required |
value | The string representation of the indicator. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiMsaReplyIOC.errors.code | Number | |
CrowdStrike.apiMsaReplyIOC.errors.id | String | |
CrowdStrike.apiMsaReplyIOC.errors.message | String | |
CrowdStrike.apiMsaReplyIOC.resources.batch_id | String | |
CrowdStrike.apiMsaReplyIOC.resources.created_by | String | |
CrowdStrike.apiMsaReplyIOC.resources.created_timestamp | String | |
CrowdStrike.apiMsaReplyIOC.resources.description | String | |
CrowdStrike.apiMsaReplyIOC.resources.expiration_days | Number | |
CrowdStrike.apiMsaReplyIOC.resources.expiration_timestamp | String | |
CrowdStrike.apiMsaReplyIOC.resources.modified_by | String | |
CrowdStrike.apiMsaReplyIOC.resources.modified_timestamp | String | |
CrowdStrike.apiMsaReplyIOC.resources.policy | String | |
CrowdStrike.apiMsaReplyIOC.resources.share_level | String | |
CrowdStrike.apiMsaReplyIOC.resources.source | String | |
CrowdStrike.apiMsaReplyIOC.resources.type | String | |
CrowdStrike.apiMsaReplyIOC.resources.value | String | |
CrowdStrike.apiMsaReplyIOC.errors.code | Number | |
CrowdStrike.apiMsaReplyIOC.errors.id | String | |
CrowdStrike.apiMsaReplyIOC.errors.message | String | |
CrowdStrike.apiMsaReplyIOC.resources.batch_id | String | |
CrowdStrike.apiMsaReplyIOC.resources.created_by | String | |
CrowdStrike.apiMsaReplyIOC.resources.created_timestamp | String | |
CrowdStrike.apiMsaReplyIOC.resources.description | String | |
CrowdStrike.apiMsaReplyIOC.resources.expiration_days | Number | |
CrowdStrike.apiMsaReplyIOC.resources.expiration_timestamp | String | |
CrowdStrike.apiMsaReplyIOC.resources.modified_by | String | |
CrowdStrike.apiMsaReplyIOC.resources.modified_timestamp | String | |
CrowdStrike.apiMsaReplyIOC.resources.policy | String | |
CrowdStrike.apiMsaReplyIOC.resources.share_level | String | |
CrowdStrike.apiMsaReplyIOC.resources.source | String | |
CrowdStrike.apiMsaReplyIOC.resources.type | String | |
CrowdStrike.apiMsaReplyIOC.resources.value | String |
#
cs-updateml-exclusionsv1Update the ML exclusions.
#
Base Commandcs-updateml-exclusionsv1
#
InputArgument Name | Description | Required |
---|---|---|
requests_svexclusionupdatereqv1_comment | Optional | |
requests_svexclusionupdatereqv1_groups | Optional | |
requests_svexclusionupdatereqv1_id | Required | |
requests_svexclusionupdatereqv1_value | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesMlExclusionRespV1.errors.code | Number | |
CrowdStrike.responsesMlExclusionRespV1.errors.id | String | |
CrowdStrike.responsesMlExclusionRespV1.errors.message | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.applied_globally | Boolean | |
CrowdStrike.responsesMlExclusionRespV1.resources.created_by | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.created_on | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesMlExclusionRespV1.resources.id | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.last_modified | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.modified_by | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.regexp_value | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.value | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.value_hash | String | |
CrowdStrike.responsesMlExclusionRespV1.errors.code | Number | |
CrowdStrike.responsesMlExclusionRespV1.errors.id | String | |
CrowdStrike.responsesMlExclusionRespV1.errors.message | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.applied_globally | Boolean | |
CrowdStrike.responsesMlExclusionRespV1.resources.created_by | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.created_on | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesMlExclusionRespV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesMlExclusionRespV1.resources.id | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.last_modified | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.modified_by | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.regexp_value | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.value | String | |
CrowdStrike.responsesMlExclusionRespV1.resources.value_hash | String |
#
cs-updatepolicycontainerUpdate an identified policy container.
#
Base Commandcs-updatepolicycontainer
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERNAME | The user id. | Required |
fwmgr_api_policycontainerupsertrequestv1_default_inbound | Required | |
fwmgr_api_policycontainerupsertrequestv1_default_outbound | Required | |
fwmgr_api_policycontainerupsertrequestv1_enforce | Required | |
fwmgr_api_policycontainerupsertrequestv1_is_default_policy | Optional | |
fwmgr_api_policycontainerupsertrequestv1_platform_id | Required | |
fwmgr_api_policycontainerupsertrequestv1_policy_id | Required | |
fwmgr_api_policycontainerupsertrequestv1_rule_group_ids | Required | |
fwmgr_api_policycontainerupsertrequestv1_test_mode | Required | |
fwmgr_api_policycontainerupsertrequestv1_tracking | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrmsaReplyMetaOnly.errors.code | Number | |
CrowdStrike.fwmgrmsaReplyMetaOnly.errors.id | String | |
CrowdStrike.fwmgrmsaReplyMetaOnly.errors.message | String | |
CrowdStrike.fwmgrmsaReplyMetaOnly.errors.code | Number | |
CrowdStrike.fwmgrmsaReplyMetaOnly.errors.id | String | |
CrowdStrike.fwmgrmsaReplyMetaOnly.errors.message | String |
#
cs-updatert-response-policiesUpdate Response Policies by specifying the ID of the policy and details to update.
#
Base Commandcs-updatert-response-policies
#
InputArgument Name | Description | Required |
---|---|---|
requests_updatertresponsepoliciesv1_resources | A collection of policies to update. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.responsesRTResponsePoliciesV1.errors.code | Number | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.id | String | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.message | String | |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.name | String | The name of the category. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
CrowdStrike.responsesRTResponsePoliciesV1.errors.code | Number | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.id | String | |
CrowdStrike.responsesRTResponsePoliciesV1.errors.message | String | |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.description | String | The description of a policy. Use this field to provide a high level summary of what this policy enforces. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.enabled | Boolean | If a policy is enabled it will be used during the course of policy evaluation. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.assignment_rule | String | The assignment rule of a group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_by | String | The email of the user which created the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.created_timestamp | String | The time at which the policy was created. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.description | String | An additional description of the group or the devices it targets. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.group_type | String | The method by which this host group is managed. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.id | String | The identifier of this host group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.groups.name | String | The name of the group. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.id | String | The unique id of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_by | String | The email of the user which last modified the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.modified_timestamp | String | The time at which the policy was last modified. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.name | String | The human readable name of the policy. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.platform_name | String | The name of the platform. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.name | String | The name of the category. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.description | String | The human readable description of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.id | String | The id of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.name | String | The name of the setting. |
CrowdStrike.responsesRTResponsePoliciesV1.resources.settings.settings.type | String | The type of the setting which can be used as a hint when displaying in the UI. |
#
cs-updaterulegroupUpdate name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules.
#
Base Commandcs-updaterulegroup
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERNAME | The user id. | Required |
comment | Audit log comment for this action. | Optional |
fwmgr_api_rulegroupmodifyrequestv1_diff_operations | Required | |
fwmgr_api_rulegroupmodifyrequestv1_diff_type | Required | |
fwmgr_api_rulegroupmodifyrequestv1_id | Required | |
fwmgr_api_rulegroupmodifyrequestv1_rule_ids | Required | |
fwmgr_api_rulegroupmodifyrequestv1_rule_versions | Required | |
fwmgr_api_rulegroupmodifyrequestv1_tracking | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.fwmgrapiQueryResponse.errors.code | Number | |
CrowdStrike.fwmgrapiQueryResponse.errors.id | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.message | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.code | Number | |
CrowdStrike.fwmgrapiQueryResponse.errors.id | String | |
CrowdStrike.fwmgrapiQueryResponse.errors.message | String |
#
cs-updaterulegroup-mixin0Update a rule group. The following properties can be modified: name, description, enabled.
#
Base Commandcs-updaterulegroup-mixin0
#
InputArgument Name | Description | Required |
---|---|---|
api_rulegroupmodifyrequestv1_comment | Required | |
api_rulegroupmodifyrequestv1_description | Required | |
api_rulegroupmodifyrequestv1_enabled | Required | |
api_rulegroupmodifyrequestv1_id | Required | |
api_rulegroupmodifyrequestv1_name | Required | |
api_rulegroupmodifyrequestv1_rulegroup_version | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiRuleGroupsResponse.errors.code | Number | |
CrowdStrike.apiRuleGroupsResponse.errors.id | String | |
CrowdStrike.apiRuleGroupsResponse.errors.message | String | |
CrowdStrike.apiRuleGroupsResponse.resources.comment | String | |
CrowdStrike.apiRuleGroupsResponse.resources.committed_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.created_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.created_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.customer_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.deleted | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.description | String | |
CrowdStrike.apiRuleGroupsResponse.resources.enabled | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.modified_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.modified_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.platform | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.action_label | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.comment | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.committed_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.created_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.created_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.customer_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.deleted | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.description | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.disposition_id | Number | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.enabled | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.final_value | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.label | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.type | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.value | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.values.label | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.values.value | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.instance_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.instance_version | Number | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.magic_cookie | Number | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.modified_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.modified_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.pattern_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.pattern_severity | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.rulegroup_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.ruletype_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.ruletype_name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.version | Number | |
CrowdStrike.apiRuleGroupsResponse.errors.code | Number | |
CrowdStrike.apiRuleGroupsResponse.errors.id | String | |
CrowdStrike.apiRuleGroupsResponse.errors.message | String | |
CrowdStrike.apiRuleGroupsResponse.resources.comment | String | |
CrowdStrike.apiRuleGroupsResponse.resources.committed_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.created_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.created_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.customer_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.deleted | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.description | String | |
CrowdStrike.apiRuleGroupsResponse.resources.enabled | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.modified_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.modified_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.platform | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.action_label | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.comment | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.committed_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.created_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.created_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.customer_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.deleted | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.description | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.disposition_id | Number | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.enabled | Boolean | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.final_value | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.label | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.type | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.value | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.values.label | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.field_values.values.value | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.instance_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.instance_version | Number | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.magic_cookie | Number | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.modified_by | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.modified_on | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.pattern_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.pattern_severity | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.rulegroup_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.ruletype_id | String | |
CrowdStrike.apiRuleGroupsResponse.resources.rules.ruletype_name | String | |
CrowdStrike.apiRuleGroupsResponse.resources.version | Number |
#
cs-updaterulesUpdate rules within a rule group. Return the updated rules.
#
Base Commandcs-updaterules
#
InputArgument Name | Description | Required |
---|---|---|
api_ruleupdatesrequestv1_comment | Required | |
api_ruleupdatesrequestv1_rule_updates | Required | |
api_ruleupdatesrequestv1_rulegroup_id | Required | |
api_ruleupdatesrequestv1_rulegroup_version | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiRulesResponse.errors.code | Number | |
CrowdStrike.apiRulesResponse.errors.id | String | |
CrowdStrike.apiRulesResponse.errors.message | String | |
CrowdStrike.apiRulesResponse.resources.action_label | String | |
CrowdStrike.apiRulesResponse.resources.comment | String | |
CrowdStrike.apiRulesResponse.resources.committed_on | String | |
CrowdStrike.apiRulesResponse.resources.created_by | String | |
CrowdStrike.apiRulesResponse.resources.created_on | String | |
CrowdStrike.apiRulesResponse.resources.customer_id | String | |
CrowdStrike.apiRulesResponse.resources.deleted | Boolean | |
CrowdStrike.apiRulesResponse.resources.description | String | |
CrowdStrike.apiRulesResponse.resources.disposition_id | Number | |
CrowdStrike.apiRulesResponse.resources.enabled | Boolean | |
CrowdStrike.apiRulesResponse.resources.field_values.final_value | String | |
CrowdStrike.apiRulesResponse.resources.field_values.label | String | |
CrowdStrike.apiRulesResponse.resources.field_values.name | String | |
CrowdStrike.apiRulesResponse.resources.field_values.type | String | |
CrowdStrike.apiRulesResponse.resources.field_values.value | String | |
CrowdStrike.apiRulesResponse.resources.field_values.values.label | String | |
CrowdStrike.apiRulesResponse.resources.field_values.values.value | String | |
CrowdStrike.apiRulesResponse.resources.instance_id | String | |
CrowdStrike.apiRulesResponse.resources.instance_version | Number | |
CrowdStrike.apiRulesResponse.resources.magic_cookie | Number | |
CrowdStrike.apiRulesResponse.resources.modified_by | String | |
CrowdStrike.apiRulesResponse.resources.modified_on | String | |
CrowdStrike.apiRulesResponse.resources.name | String | |
CrowdStrike.apiRulesResponse.resources.pattern_id | String | |
CrowdStrike.apiRulesResponse.resources.pattern_severity | String | |
CrowdStrike.apiRulesResponse.resources.rulegroup_id | String | |
CrowdStrike.apiRulesResponse.resources.ruletype_id | String | |
CrowdStrike.apiRulesResponse.resources.ruletype_name | String | |
CrowdStrike.apiRulesResponse.errors.code | Number | |
CrowdStrike.apiRulesResponse.errors.id | String | |
CrowdStrike.apiRulesResponse.errors.message | String | |
CrowdStrike.apiRulesResponse.resources.action_label | String | |
CrowdStrike.apiRulesResponse.resources.comment | String | |
CrowdStrike.apiRulesResponse.resources.committed_on | String | |
CrowdStrike.apiRulesResponse.resources.created_by | String | |
CrowdStrike.apiRulesResponse.resources.created_on | String | |
CrowdStrike.apiRulesResponse.resources.customer_id | String | |
CrowdStrike.apiRulesResponse.resources.deleted | Boolean | |
CrowdStrike.apiRulesResponse.resources.description | String | |
CrowdStrike.apiRulesResponse.resources.disposition_id | Number | |
CrowdStrike.apiRulesResponse.resources.enabled | Boolean | |
CrowdStrike.apiRulesResponse.resources.field_values.final_value | String | |
CrowdStrike.apiRulesResponse.resources.field_values.label | String | |
CrowdStrike.apiRulesResponse.resources.field_values.name | String | |
CrowdStrike.apiRulesResponse.resources.field_values.type | String | |
CrowdStrike.apiRulesResponse.resources.field_values.value | String | |
CrowdStrike.apiRulesResponse.resources.field_values.values.label | String | |
CrowdStrike.apiRulesResponse.resources.field_values.values.value | String | |
CrowdStrike.apiRulesResponse.resources.instance_id | String | |
CrowdStrike.apiRulesResponse.resources.instance_version | Number | |
CrowdStrike.apiRulesResponse.resources.magic_cookie | Number | |
CrowdStrike.apiRulesResponse.resources.modified_by | String | |
CrowdStrike.apiRulesResponse.resources.modified_on | String | |
CrowdStrike.apiRulesResponse.resources.name | String | |
CrowdStrike.apiRulesResponse.resources.pattern_id | String | |
CrowdStrike.apiRulesResponse.resources.pattern_severity | String | |
CrowdStrike.apiRulesResponse.resources.rulegroup_id | String | |
CrowdStrike.apiRulesResponse.resources.ruletype_id | String | |
CrowdStrike.apiRulesResponse.resources.ruletype_name | String |
#
cs-upload-samplev2Upload a file for sandbox analysis. After uploading, use /falconx/entities/submissions/v1
to start analyzing the file.
#
Base Commandcs-upload-samplev2
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERUUID | User UUID. | Optional |
body | Content of the uploaded sample in binary format. For example, use --data-binary @$FILE_PATH when using cURL. Max file size: 100 MB. Accepted file formats: - Portable executables: .exe , .scr , .pif , .dll , .com , .cpl , etc. - Office documents: .doc , .docx , .ppt , .pps , .pptx , .ppsx , .xls , .xlsx , .rtf , .pub - PDF - APK - Executable JAR - Windows script component: .sct - Windows shortcut: .lnk - Windows help: .chm - HTML application: .hta - Windows script file: .wsf - Javascript: .js - Visual Basic: .vbs , .vbe - Shockwave Flash: .swf - Perl: .pl - Powershell: .ps1 , .psd1 , .psm1 - Scalable vector graphics: .svg - Python: .py - Linux ELF executables - Email files: MIME RFC 822 .eml , Outlook .msg . | Required |
upfile | The binary file. | Required |
file_name | Name of the file. | Required |
comment | A descriptive comment to identify the file for other users. | Optional |
is_confidential | Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console. - true : File is only shown to users within your customer account - false : File can be seen by other CrowdStrike customers Default: true . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.samplestoreSampleMetadataResponseV2.errors.code | Number | |
CrowdStrike.samplestoreSampleMetadataResponseV2.errors.id | String | |
CrowdStrike.samplestoreSampleMetadataResponseV2.errors.message | String | |
CrowdStrike.samplestoreSampleMetadataResponseV2.resources.file_name | String | |
CrowdStrike.samplestoreSampleMetadataResponseV2.resources.sha256 | String | |
CrowdStrike.samplestoreSampleMetadataResponseV2.errors.code | Number | |
CrowdStrike.samplestoreSampleMetadataResponseV2.errors.id | String | |
CrowdStrike.samplestoreSampleMetadataResponseV2.errors.message | String | |
CrowdStrike.samplestoreSampleMetadataResponseV2.resources.file_name | String | |
CrowdStrike.samplestoreSampleMetadataResponseV2.resources.sha256 | String |
#
cs-upload-samplev3Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint.
#
Base Commandcs-upload-samplev3
#
InputArgument Name | Description | Required |
---|---|---|
X_CS_USERUUID | User UUID. | Optional |
body | Content of the uploaded sample in binary format. For example, use --data-binary @$FILE_PATH when using cURL. Max file size: 100 MB. Accepted file formats: - Portable executables: .exe , .scr , .pif , .dll , .com , .cpl , etc. - Office documents: .doc , .docx , .ppt , .pps , .pptx , .ppsx , .xls , .xlsx , .rtf , .pub - PDF - APK - Executable JAR - Windows script component: .sct - Windows shortcut: .lnk - Windows help: .chm - HTML application: .hta - Windows script file: .wsf - Javascript: .js - Visual Basic: .vbs , .vbe - Shockwave Flash: .swf - Perl: .pl - Powershell: .ps1 , .psd1 , .psm1 - Scalable vector graphics: .svg - Python: .py - Linux ELF executables - Email files: MIME RFC 822 .eml , Outlook .msg . | Required |
upfile | The binary file. | Required |
file_name | Name of the file. | Required |
comment | A descriptive comment to identify the file for other users. | Optional |
is_confidential | Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console. - true : File is only shown to users within your customer account - false : File can be seen by other CrowdStrike customers Default: true . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.samplestoreSampleMetadataResponseV2.errors.code | Number | |
CrowdStrike.samplestoreSampleMetadataResponseV2.errors.id | String | |
CrowdStrike.samplestoreSampleMetadataResponseV2.errors.message | String | |
CrowdStrike.samplestoreSampleMetadataResponseV2.resources.file_name | String | |
CrowdStrike.samplestoreSampleMetadataResponseV2.resources.sha256 | String | |
CrowdStrike.samplestoreSampleMetadataResponseV2.errors.code | Number | |
CrowdStrike.samplestoreSampleMetadataResponseV2.errors.id | String | |
CrowdStrike.samplestoreSampleMetadataResponseV2.errors.message | String | |
CrowdStrike.samplestoreSampleMetadataResponseV2.resources.file_name | String | |
CrowdStrike.samplestoreSampleMetadataResponseV2.resources.sha256 | String |
#
cs-validateValidates field values and checks for matches if a test string is provided.
#
Base Commandcs-validate
#
InputArgument Name | Description | Required |
---|---|---|
api_validationrequestv1_fields | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.apiValidationResponseV1.errors.code | Number | |
CrowdStrike.apiValidationResponseV1.errors.id | String | |
CrowdStrike.apiValidationResponseV1.errors.message | String | |
CrowdStrike.apiValidationResponseV1.resources.bytes | String | |
CrowdStrike.apiValidationResponseV1.resources.error | String | |
CrowdStrike.apiValidationResponseV1.resources.matches_test | Boolean | |
CrowdStrike.apiValidationResponseV1.resources.name | String | |
CrowdStrike.apiValidationResponseV1.resources.test_data | String | |
CrowdStrike.apiValidationResponseV1.resources.valid | Boolean | |
CrowdStrike.apiValidationResponseV1.resources.value | String | |
CrowdStrike.apiValidationResponseV1.errors.code | Number | |
CrowdStrike.apiValidationResponseV1.errors.id | String | |
CrowdStrike.apiValidationResponseV1.errors.message | String | |
CrowdStrike.apiValidationResponseV1.resources.bytes | String | |
CrowdStrike.apiValidationResponseV1.resources.error | String | |
CrowdStrike.apiValidationResponseV1.resources.matches_test | Boolean | |
CrowdStrike.apiValidationResponseV1.resources.name | String | |
CrowdStrike.apiValidationResponseV1.resources.test_data | String | |
CrowdStrike.apiValidationResponseV1.resources.valid | Boolean | |
CrowdStrike.apiValidationResponseV1.resources.value | String |
#
cs-verifyaws-account-accessPerforms an Access Verification check on the specified AWS Account IDs.
#
Base Commandcs-verifyaws-account-access
#
InputArgument Name | Description | Required |
---|---|---|
ids | IDs of accounts to verify access on. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.modelsVerifyAccessResponseV1.errors.code | Number | |
CrowdStrike.modelsVerifyAccessResponseV1.errors.id | String | |
CrowdStrike.modelsVerifyAccessResponseV1.errors.message | String | |
CrowdStrike.modelsVerifyAccessResponseV1.resources.id | String | |
CrowdStrike.modelsVerifyAccessResponseV1.resources.reason | String | |
CrowdStrike.modelsVerifyAccessResponseV1.resources.successful | Boolean | |
CrowdStrike.modelsVerifyAccessResponseV1.errors.code | Number | |
CrowdStrike.modelsVerifyAccessResponseV1.errors.id | String | |
CrowdStrike.modelsVerifyAccessResponseV1.errors.message | String | |
CrowdStrike.modelsVerifyAccessResponseV1.resources.id | String | |
CrowdStrike.modelsVerifyAccessResponseV1.resources.reason | String | |
CrowdStrike.modelsVerifyAccessResponseV1.resources.successful | Boolean |
#
cs-get-device-login-historyRetrieve details about recent login sessions for a set of devices.
#
Base Commandcs-get-device-login-history
#
InputArgument Name | Description | Required |
---|---|---|
ids | IDs of devices to get the login history for. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.deviceHistoryLogin.errors.code | Number | |
CrowdStrike.deviceHistoryLogin.errors.id | String | |
CrowdStrike.deviceHistoryLogin.errors.message | String | |
CrowdStrike.deviceHistoryLogin.resources.device_id | String | |
CrowdStrike.deviceHistoryLogin.resources.recent_logins.login_time | String | |
CrowdStrike.deviceHistoryLogin.resources.recent_logins.user_name | String | |
CrowdStrike.deviceHistoryLogin.meta.powered_by | String | |
CrowdStrike.deviceHistoryLogin.meta.trace_id | String | |
CrowdStrike.deviceHistoryLogin.meta.query_time | Number | |
CrowdStrike.deviceHistoryLogin.meta.writes | Unknown |
#
cs-get-device-network-historyRetrieve history of IP and MAC addresses of devices.
#
Base Commandcs-get-device-network-history
#
InputArgument Name | Description | Required |
---|---|---|
ids | IDs of devices to get the network adres history for. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CrowdStrike.deviceNetworkHistory.error.code | Number | |
CrowdStrike.deviceNetworkHistory.errors.id | String | |
CrowdStrike.deviceNetworkHistory.errors.message | String | |
CrowdStrike.deviceNetworkHistory.meta.powered_by | String | |
CrowdStrike.deviceNetworkHistory.meta.trace_id | String | |
CrowdStrike.deviceNetworkHistory.meta.query_time | Number | |
CrowdStrike.deviceNetworkHistory.meta.writes | Unknown | |
CrowdStrike.deviceNetworkHistory.resources.device_id | String | |
CrowdStrike.deviceNetworkHistory.resources.cid | String | |
CrowdStrike.deviceNetworkHistory.resources.history.ip_address | String | |
CrowdStrike.deviceNetworkHistory.resources.history.mac_address | String | |
CrowdStrike.deviceNetworkHistory.resources.history.timestamp | String |