CrowdStrike ​
Manage hosts, detections, incidents, and threat intelligence via CrowdStrike Falcon.
| Detail | Value |
|---|---|
| Category | Security |
| Base URL | https://api.crowdstrike.com |
| Authentication | OAuth2 Client Credentials |
| Endpoints | 5 |
| Connector key | crowdstrike |
Using CrowdStrike in a workflow ​
- Go to Connections and click New Connection.
- Pick CrowdStrike from the marketplace.
- Enter your credentials (see Authentication above for what's expected).
- In a workflow, drop an API Call node and select this connection.
- Pick the operation you need from the Operation dropdown — see the table below.
Available Endpoints ​
| Endpoint | Summary |
|---|---|
| GET /devices/queries/devices/v1 | Search for hosts |
| GET /detects/queries/detects/v1 | Search detections |
| GET /incidents/queries/incidents/v1 | Search incidents |
| GET /intel/queries/actors/v1 | Search threat actors |
| GET /policy/queries/prevention/v1 | Search prevention policies |
Each endpoint has its own page with parameter details, an example
API Callnode configuration, and the response shape.