---
title: 'CrowdStrike'
description: 'Manage hosts, detections, incidents, and threat intelligence via CrowdStrike Falcon.'
---

# CrowdStrike

Manage hosts, detections, incidents, and threat intelligence via CrowdStrike Falcon.

| Detail | Value |
|---|---|
| Category | Security |
| Base URL | `https://api.crowdstrike.com` |
| Authentication | OAuth2 Client Credentials |
| Endpoints | 5 |
| Connector key | `crowdstrike` |

## Using CrowdStrike in a workflow

1. Go to **Connections** and click **New Connection**.
2. Pick **CrowdStrike** from the marketplace.
3. Enter your credentials (see Authentication above for what's expected).
4. In a workflow, drop an **API Call** node and select this connection.
5. Pick the operation you need from the Operation dropdown — see the table below.

## Available Endpoints

| Endpoint | Summary |
|---|---|
| [GET /devices/queries/devices/v1](./get_devices_queries_devices_v1_security_querydevices) | Search for hosts |
| [GET /detects/queries/detects/v1](./get_detects_queries_detects_v1_security_querydetections) | Search detections |
| [GET /incidents/queries/incidents/v1](./get_incidents_queries_incidents_v1_security_queryincidents) | Search incidents |
| [GET /intel/queries/actors/v1](./get_intel_queries_actors_v1_security_queryactors) | Search threat actors |
| [GET /policy/queries/prevention/v1](./get_policy_queries_prevention_v1_security_querypolicies) | Search prevention policies |

> Each endpoint has its own page with parameter details, an example
> `API Call` node configuration, and the response shape.