List alerts
Action ID:tools.crowdstrike.list_alerts
Query for Crowdstrike alerts via the Falcon SIEM API.
Reference: https://falconpy.io/Service-Collections/Alerts.html#uber-class-example-7
Input fields
End time for the query (exclusive).
Start time for the query (inclusive).
Maximum number of alerts to return.Default:
100.Crowdstrike member CID.Default:
null.Falcon Query Language (FQL) filter to apply to alerts. If specified, overrides
start_time and end_time.Default: null.List detects
Action ID:tools.crowdstrike.list_detects
Query for CrowdStrike detects and summaries via the Falcon SIEM API.
Reference: https://falconpy.io/Service-Collections/Detects.html
Input fields
End time for the query (exclusive).
Start time for the query (inclusive).
Maximum number of alerts to return.Default:
100.Crowdstrike member CID.Default:
null.Falcon Query Language (FQL) filter to apply to alerts. If specified, overrides
start_time and end_time.Default: null.List incidents
Action ID:tools.crowdstrike.list_incidents
Query for Crowdstrike incidents via the Falcon SIEM API.
Reference: https://falconpy.io/Service-Collections/Incidents.html
Input fields
End time for the query (exclusive).
Start time for the query (inclusive).
Maximum number of incidents to return.Default:
100.Crowdstrike member CID.Default:
null.Falcon Query Language (FQL) filter to apply to cases. If specified, overrides
start_time and end_time.Default: null.