> ## Documentation Index > Fetch the complete documentation index at: https://docs.tracecat.com/llms.txt > Use this file to discover all available pages before exploring further. # CrowdStrike > Reference for the Tracecat CrowdStrike integration: registered actions, required secrets, expected inputs, and example workflow usage. ## List alerts Action ID: `tools.crowdstrike.list_alerts` Query for Crowdstrike alerts via the Falcon SIEM API. Reference: [https://falconpy.io/Service-Collections/Alerts.html#uber-class-example-7](https://falconpy.io/Service-Collections/Alerts.html#uber-class-example-7) ### Input fields End time for the query (exclusive). Start time for the query (inclusive). Maximum number of alerts to return. Default: `100`. Crowdstrike member CID. Default: `null`. Falcon Query Language (FQL) filter to apply to alerts. If specified, overrides `start_time` and `end_time`. Default: `null`. ## List detects Action ID: `tools.crowdstrike.list_detects` Query for CrowdStrike detects and summaries via the Falcon SIEM API. Reference: [https://falconpy.io/Service-Collections/Detects.html](https://falconpy.io/Service-Collections/Detects.html) ### Input fields End time for the query (exclusive). Start time for the query (inclusive). Maximum number of alerts to return. Default: `100`. Crowdstrike member CID. Default: `null`. Falcon Query Language (FQL) filter to apply to alerts. If specified, overrides `start_time` and `end_time`. Default: `null`. ## List incidents Action ID: `tools.crowdstrike.list_incidents` Query for Crowdstrike incidents via the Falcon SIEM API. Reference: [https://falconpy.io/Service-Collections/Incidents.html](https://falconpy.io/Service-Collections/Incidents.html) ### Input fields End time for the query (exclusive). Start time for the query (inclusive). Maximum number of incidents to return. Default: `100`. Crowdstrike member CID. Default: `null`. Falcon Query Language (FQL) filter to apply to cases. If specified, overrides `start_time` and `end_time`. Default: `null`.