---
title: 'GET /intel/queries/actors/v1'
description: 'Search threat actors'
---

# GET /intel/queries/actors/v1

Search threat actors

| Detail | Value |
|---|---|
| Operation ID | `security.queryActors` |
| Method | `GET` |
| Path | `/intel/queries/actors/v1` |
| Connector | [CrowdStrike](./) |

## Parameters

_No parameters._

## Using this endpoint in a workflow

1. Add an **API Call** node to your workflow.
2. Pick your CrowdStrike connection from the Connection dropdown.
3. In the Operation dropdown, select `security.queryActors`.
4. Fill in the parameter fields that appear. Use `{{...}}` to reference upstream values.

## What it returns

The `API Call` node writes the response to the workflow context:

```
{
  status: 200,
  success: true,
  data: { ...response body from the API... },
  latencyMs: 142
}
```

Reference response fields downstream as <code v-pre>{{nodeId.data.path}}</code>. The exact response shape is documented on the upstream CrowdStrike API reference.