CrowdStrike Vulnerability Management Integration Guide

Overview

The CrowdStrike Vulnerability Management integration allows your NINA workflows to connect with CrowdStrike Falcon platform for vulnerability scanning, exposure management, and risk assessment. This integration enables automated security operations, threat detection, and incident response directly from your automation platform.

Capabilities

This integration provides access to 9 resources with 41 operations covering:

Configuration Assessment: Operations for Configuration Assessment
Configuration Assessment Evaluation Logic: Operations for Configuration Assessment Evaluation Logic
Discover: Operations for Discover
Discover Iot: Operations for Discover Iot
Drift Indicators: Operations for Drift Indicators
Exposure Management: Operations for Exposure Management
Spotlight Evaluation Logic: Operations for Spotlight Evaluation Logic
Spotlight Vulnerabilities: Operations for Spotlight Vulnerabilities
Spotlight Vulnerability Metadata: Operations for Spotlight Vulnerability Metadata

Credential Configuration

Before using the CrowdStrike Vulnerability Management integration in your workflows, you need to configure credentials for authentication.

Authentication Method

CrowdStrike Falcon uses OAuth2 Client Credentials authentication. This is a server-to-server authentication flow where you provide a Client ID and Client Secret, and the integration automatically handles token acquisition and refresh.

Field	Description	Required
Client ID	Your CrowdStrike API Client ID	Yes
Client Secret	Your CrowdStrike API Client Secret	Yes
Base URL	CrowdStrike API endpoint for your cloud region	Yes

How It Works

You provide the Client ID and Client Secret when creating a credential
The integration exchanges these for an OAuth2 access token automatically
Tokens are refreshed automatically when they expire
No redirect URLs or user interaction required

CrowdStrike Cloud Regions

Select the Base URL that matches your CrowdStrike Falcon cloud region:

Cloud Region	Base URL	Description
US-1	`https://api.crowdstrike.com`	United States (default)
US-2	`https://api.us-2.crowdstrike.com`	United States (secondary)
EU-1	`https://api.eu-1.crowdstrike.com`	European Union
US-GOV-1	`https://api.laggar.gcw.crowdstrike.com`	US Government Cloud

How to Obtain API Credentials

Log in to the CrowdStrike Falcon Console
Navigate to Support and resources > API Clients and Keys
Click Add new API client
Configure the API client:
- Client Name: A descriptive name (e.g., "NINA Integration")
- Description: Purpose of this API client
- API Scopes: Select the permissions required for your use case (see Required Scopes below)
Click Add to create the client
Copy and securely store the Client ID and Client Secret immediately

Important: The Client Secret is only displayed once at creation time. If you lose it, you must create a new API client.

Required API Scopes

The API scopes required depend on which operations you plan to use. Common scopes include:

Scope	Permission	Use Case
Detections	Read/Write	View and manage detections
Hosts	Read/Write	Query and manage endpoints
Incidents	Read/Write	View and manage incidents
IOCs	Read/Write	Manage indicators of compromise
Prevention Policies	Read/Write	Manage prevention policies
Real Time Response	Read/Write	Execute RTR commands
Sensor Update Policies	Read/Write	Manage sensor updates

Refer to the CrowdStrike API documentation for a complete list of available scopes.

Creating a CrowdStrike Credential in NINA

Navigate to the Credentials section in NINA
Click Add New Credential
Fill in the credential details:
- Integration Service: Select "CrowdStrike Vulnerability Management"
- Client ID: Paste your CrowdStrike API Client ID
- Client Secret: Paste your CrowdStrike API Client Secret
- Base URL: Select your CrowdStrike cloud region URL
Click Test Connection to verify the credentials work
Click Save to store the credential securely

Note: All CrowdStrike integrations (EDR, Intel, Platform, etc.) share the same credential. You only need to create one credential to use across all CrowdStrike modules.

Supported Resources

Resource	Description	Operations
Configuration Assessment	Operations for Configuration Assessment	2
Configuration Assessment Evaluation Logic	Operations for Configuration Assessment Evaluation Logic	1
Discover	Operations for Discover	10
Discover Iot	Operations for Discover Iot	3
Drift Indicators	Operations for Drift Indicators	5
Exposure Management	Operations for Exposure Management	12
Spotlight Evaluation Logic	Operations for Spotlight Evaluation Logic	3
Spotlight Vulnerabilities	Operations for Spotlight Vulnerabilities	4
Spotlight Vulnerability Metadata	Operations for Spotlight Vulnerability Metadata	1

Resource Details

Configuration Assessment

Operations for Configuration Assessment

Operations

Operation	Name	Description
`get_rule_details`	Get Rule Details	SDK: configuration_assessment.GetRuleDetails
`list_combined_assessments`	List Combined Assessments	SDK: configuration_assessment.GetCombinedAssessmentsQuery

Get Rule Details

SDK: configuration_assessment.GetRuleDetails

Parameters:

Name	Type	Required	Description
`ids`	array	No	One or more rules IDs (max: 400)

Example:

{
  "ids": ["<ids>"]
}

List Combined Assessments

SDK: configuration_assessment.GetCombinedAssessmentsQuery

Parameters:

Name	Type	Required	Description
`after`	string	No	A pagination token used with the `limit` parameter to manage pagination of results. On your first...
`facet`	array	No	Select various details blocks to be returned for each assessment entity. Supported values: <ul>...
`filter`	string	No	Filter items using a query in Falcon Query Language (FQL). Wildcards * are unsupported. Common fi...
`limit`	number	No	The number of items to return in this response (default: 100, max: 5000). Use with the after para...
`sort`	string	No	Sort assessment by their properties. Common sort options include: <ul><li>created_timestamp

Example:

{
  "after": "<after>",
  "facet": ["<facet>"],
  "filter": "<filter>",
  "limit": 10,
  "sort": "<sort>"
}

Configuration Assessment Evaluation Logic

Operations for Configuration Assessment Evaluation Logic

Operations

Operation	Name	Description
`get_evaluation_logic_mixin0`	Get Evaluation Logic Mixin0	SDK: configuration_assessment_evaluation_logic.GetEvaluationLogicMixin0

Get Evaluation Logic Mixin0

SDK: configuration_assessment_evaluation_logic.GetEvaluationLogicMixin0

Parameters:

Name	Type	Required	Description
`ids`	array	No	One or more evaluation logic finding IDs.

Example:

{
  "ids": ["<ids>"]
}

Discover

Operations for Discover

Operations

Operation	Name	Description
`combined_applications`	Combined Applications	SDK: discover.CombinedApplications
`combined_hosts`	Combined Hosts	SDK: discover.CombinedHosts
`get_accounts`	Get Accounts	SDK: discover.GetAccounts
`get_applications`	Get Applications	SDK: discover.GetApplications
`get_hosts`	Get Hosts	SDK: discover.GetHosts
`get_logins`	Get Logins	SDK: discover.GetLogins
`list_accounts`	List Accounts	SDK: discover.QueryAccounts
`list_applications`	List Applications	SDK: discover.QueryApplications
`list_hosts`	List Hosts	SDK: discover.QueryHosts
`list_logins`	List Logins	SDK: discover.QueryLogins

Combined Applications

SDK: discover.CombinedApplications

Parameters:

Name	Type	Required	Description
`after`	string	No	A pagination token used with the `limit` parameter to manage pagination of results. On your first...
`facet`	array	No	Select various details blocks to be returned for each application entity. Supported values: <ul...
`filter`	string	No	Search for applications in your environment by providing an FQL filter. Available filter fields t...
`limit`	number	No	The number of application ids to return in this response (Min: 1, Max: 1000, Default: 100). Use w...
`sort`	string	No	Sort applications by their properties. A single sort field is allowed.

Example:

{
  "after": "<after>",
  "facet": ["<facet>"],
  "filter": "<filter>",
  "limit": 10,
  "sort": "<sort>"
}

Combined Hosts

SDK: discover.CombinedHosts

Parameters:

Name	Type	Required	Description
`after`	string	No	A pagination token used with the `limit` parameter to manage pagination of results. On your first...
`facet`	array	No	Select various details blocks to be returned for each host entity. Supported values: <ul><li>...
`filter`	string	No	Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'...
`limit`	number	No	The number of asset IDs to return in this response (min: 1, max: 1000, default: 100). Use with th...
`sort`	string	No	Sort assets by their properties. A single sort field is allowed. Common sort options include: <u...

Example:

{
  "after": "<after>",
  "facet": ["<facet>"],
  "filter": "<filter>",
  "limit": 10,
  "sort": "<sort>"
}

Get Accounts

SDK: discover.GetAccounts

Parameters:

Name	Type	Required	Description
`ids`	array	No	One or more account IDs (max: 100). Find account IDs with GET `/discover/queries/accounts/v1`

Example:

{
  "ids": ["<ids>"]
}

Get Applications

SDK: discover.GetApplications

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of applications to retrieve. (Min: 1, Max: 100)

Example:

{
  "ids": ["<ids>"]
}

Get Hosts

SDK: discover.GetHosts

Parameters:

Name	Type	Required	Description
`ids`	array	No	One or more asset IDs (max: 100). Find asset IDs with GET `/discover/queries/hosts/v1`

Example:

{
  "ids": ["<ids>"]
}

Get Logins

SDK: discover.GetLogins

Parameters:

Name	Type	Required	Description
`ids`	array	No	One or more login IDs (max: 100). Find login IDs with GET `/discover/queries/logins/v1`

Example:

{
  "ids": ["<ids>"]
}

List Accounts

SDK: discover.QueryAccounts

Parameters:

Name	Type	Required	Description
`filter`	string	No	Filter accounts using an FQL query. Common filter options include:<ul><li>account_type:'Local...
`limit`	number	No	The number of account IDs to return in this response (min: 1, max: 100, default: 100). Use with t...
`offset`	number	No	An offset used with the `limit` parameter to manage pagination of results. On your first request,...
`sort`	string	No	Sort accounts by their properties. A single sort field is allowed. Common sort options include: ...

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Applications

SDK: discover.QueryApplications

Parameters:

Name	Type	Required	Description
`filter`	string	No	Search for applications in your environment by providing an FQL filter. Available filter fields t...
`limit`	number	No	The number of application ids to return in this response (Min: 1, Max: 100, Default: 100).
`offset`	number	No	An offset used with the `limit` parameter to manage pagination of results. On your first request,...
`sort`	string	No	Sort applications by their properties. A single sort field is allowed.

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Hosts

SDK: discover.QueryHosts

Parameters:

Name	Type	Required	Description
`filter`	string	No	Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'...
`limit`	number	No	The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the...
`offset`	number	No	An offset used with the `limit` parameter to manage pagination of results. On your first request,...
`sort`	string	No	Sort assets by their properties. A single sort field is allowed. Common sort options include: <u...

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Logins

SDK: discover.QueryLogins

Parameters:

Name	Type	Required	Description
`filter`	string	No	Filter logins using an FQL query. Common filter options include:<ul><li>account_type:'Local'...
`limit`	number	No	The number of login IDs to return in this response (min: 1, max: 100, default: 100). Use with the...
`offset`	number	No	An offset used with the `limit` parameter to manage pagination of results. On your first request,...
`sort`	string	No	Sort logins by their properties. A single sort field is allowed. Common sort options include: <u...

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Discover Iot

Operations for Discover Iot

Operations

Operation	Name	Description
`get_iot_hosts`	Get Iot Hosts	SDK: discover_iot.GetIotHosts
`list_iot_hosts`	List Iot Hosts	SDK: discover_iot.QueryIotHosts
`list_iot_hosts_v2`	List Iot Hosts V2	SDK: discover_iot.QueryIotHostsV2

Get Iot Hosts

SDK: discover_iot.GetIotHosts

Parameters:

Name	Type	Required	Description
`ids`	array	No	One or more asset IDs (max: 100). Find asset IDs with GET `/discover/queries/iot-hosts/v1`

Example:

{
  "ids": ["<ids>"]
}

List Iot Hosts

SDK: discover_iot.QueryIotHosts

Parameters:

Name	Type	Required	Description
`filter`	string	No	Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'...
`limit`	number	No	The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the...
`offset`	number	No	An offset used with the `limit` parameter to manage pagination of results. On your first request,...
`sort`	string	No	Sort assets by their properties. A single sort field is allowed. Common sort options include: <u...

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Iot Hosts V2

SDK: discover_iot.QueryIotHostsV2

Parameters:

Name	Type	Required	Description
`after`	string	No	A pagination token used with the `limit` parameter to manage pagination of results. On your first...
`filter`	string	No	Filter assets using an FQL query. Common filter options include:<ul><li>entity_type:'managed'...
`limit`	number	No	The number of asset IDs to return in this response (min: 1, max: 100, default: 100). Use with the...
`sort`	string	No	Sort assets by their properties. A single sort field is allowed. Common sort options include: <u...

Example:

{
  "after": "<after>",
  "filter": "<filter>",
  "limit": 10,
  "sort": "<sort>"
}

Drift Indicators

Operations for Drift Indicators

Operations

Operation	Name	Description
`get_drift_indicators_values_by_date`	Get Drift Indicators Values By Date	SDK: drift_indicators.GetDriftIndicatorsValuesByDate
`read_drift_indicator_entities`	Read Drift Indicator Entities	SDK: drift_indicators.ReadDriftIndicatorEntities
`read_drift_indicators_count`	Read Drift Indicators Count	SDK: drift_indicators.ReadDriftIndicatorsCount
`search_and_read_drift_indicator_entities`	Search And Read Drift Indicator Entities	SDK: drift_indicators.SearchAndReadDriftIndicatorEntities
`search_drift_indicators`	Search Drift Indicators	SDK: drift_indicators.SearchDriftIndicators

Get Drift Indicators Values By Date

SDK: drift_indicators.GetDriftIndicatorsValuesByDate

Parameters:

Name	Type	Required	Description
`filter`	string	No	Filter Drift Indicators using a query in Falcon Query Language (FQL). Supported filter fields: - ...
`limit`	number	No	The upper-bound on the number of records to retrieve.

Example:

{
  "filter": "<filter>",
  "limit": 10
}

Read Drift Indicator Entities

SDK: drift_indicators.ReadDriftIndicatorEntities

Parameters:

Name	Type	Required	Description
`ids`	array	No	Search Drift Indicators by ids - The maximum amount is 100 IDs

Example:

{
  "ids": ["<ids>"]
}

Read Drift Indicators Count

SDK: drift_indicators.ReadDriftIndicatorsCount

Parameters:

Name	Type	Required	Description
`filter`	string	No	Filter Drift Indicators using a query in Falcon Query Language (FQL). Supported filter fields: - ...

Example:

{
  "filter": "<filter>"
}

Search And Read Drift Indicator Entities

SDK: drift_indicators.SearchAndReadDriftIndicatorEntities

Parameters:

Name	Type	Required	Description
`filter`	string	No	Filter Drift Indicators using a query in Falcon Query Language (FQL). Supported filter fields: - ...
`limit`	number	No	The upper-bound on the number of records to retrieve. Maximum limit: 100. Default: 100
`offset`	number	No	The offset from where to begin. Maximum offset = 10000 - limit.
`sort`	string	No	The fields to sort the records on.

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Search Drift Indicators

SDK: drift_indicators.SearchDriftIndicators

Parameters:

Name	Type	Required	Description
`filter`	string	No	Filter Drift Indicators using a query in Falcon Query Language (FQL). Supported filter fields: - ...
`limit`	number	No	The upper-bound on the number of records to retrieve. Maximum limit: 100. Default: 100
`offset`	number	No	The offset from where to begin. Maximum offset = 10000 - limit.
`sort`	string	No	The fields to sort the records on.

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Exposure Management

Operations for Exposure Management

Operations

Operation	Name	Description
`aggregate_external_assets`	Aggregate External Assets	SDK: exposure_management.AggregateExternalAssets
`blob_download_external_assets`	Blob Download External Assets	SDK: exposure_management.BlobDownloadExternalAssets
`blob_preview_external_assets`	Blob Preview External Assets	SDK: exposure_management.BlobPreviewExternalAssets
`combined_ecosystem_subsidiaries`	Combined Ecosystem Subsidiaries	SDK: exposure_management.CombinedEcosystemSubsidiaries
`delete_external_assets`	Delete External Assets	SDK: exposure_management.DeleteExternalAssets
`get_ecosystem_subsidiaries`	Get Ecosystem Subsidiaries	SDK: exposure_management.GetEcosystemSubsidiaries
`get_external_assets`	Get External Assets	SDK: exposure_management.GetExternalAssets
`list_ecosystem_subsidiaries`	List Ecosystem Subsidiaries	SDK: exposure_management.QueryEcosystemSubsidiaries
`list_external_assets`	List External Assets	SDK: exposure_management.QueryExternalAssets
`list_external_assets_v2`	List External Assets V2	SDK: exposure_management.QueryExternalAssetsV2
`post_external_assets_inventory_`	Post External Assets Inventory	SDK: exposure_management.PostExternalAssetsInventoryV1
`update_external_assets`	Update External Assets	SDK: exposure_management.PatchExternalAssets

Aggregate External Assets

SDK: exposure_management.AggregateExternalAssets

Parameters:

Name	Type	Required	Description
`body`	object	No	Aggregation specification.

Example:

{
  "body": {}
}

Blob Download External Assets

SDK: exposure_management.BlobDownloadExternalAssets

Parameters:

Name	Type	Required	Description
`asset_id`	string	No	The Asset ID
`hash`	string	No	The File Hash

Example:

{
  "asset_id": "<asset_id>",
  "hash": "<hash>"
}

Blob Preview External Assets

SDK: exposure_management.BlobPreviewExternalAssets

Parameters:

Name	Type	Required	Description
`asset_id`	string	No	The Asset ID
`hash`	string	No	The File Hash

Example:

{
  "asset_id": "<asset_id>",
  "hash": "<hash>"
}

Combined Ecosystem Subsidiaries

SDK: exposure_management.CombinedEcosystemSubsidiaries

Parameters:

Name	Type	Required	Description
`filter`	string	No	Filter ecosystem subsidiaries
`limit`	number	No	The maximum number of subsidiaries to return in the response. Default: 100
`offset`	number	No	Starting index of result set from which to return subsidiaries
`sort`	string	No	The field by which to sort the list of subsidiaries. Possible values:<ul><li>name</li><li...
`version_id`	string	No	The version ID of the ecosystem subsidiaries data, represented as a hash string. This parameter i...

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>",
  "version_id": "<version_id>"
}

Delete External Assets

SDK: exposure_management.DeleteExternalAssets

Parameters:

Name	Type	Required	Description
`description`	string	No	Some description that the user attached to the delete

Example:

{
  "description": "<description>"
}

Get Ecosystem Subsidiaries

SDK: exposure_management.GetEcosystemSubsidiaries

Parameters:

Name	Type	Required	Description
`ids`	array	No	One or more asset IDs (max: 100). Find ecosystem subsidiary IDs with GET `/fem/entities/ecosystem...
`version_id`	string	No	The version ID of the ecosystem subsidiaries data, represented as a hash string. This parameter i...

Example:

{
  "ids": ["<ids>"],
  "version_id": "<version_id>"
}

Get External Assets

SDK: exposure_management.GetExternalAssets

Parameters:

Name	Type	Required	Description
`ids`	array	No	One or more asset IDs (max: 100). Find asset IDs with GET `/fem/queries/external-assets/v1`

Example:

{
  "ids": ["<ids>"]
}

List Ecosystem Subsidiaries

SDK: exposure_management.QueryEcosystemSubsidiaries

Parameters:

Name	Type	Required	Description
`filter`	string	No	Filter ecosystem subsidiaries
`limit`	number	No	The maximum number of IDs to return in the response. Default: 100
`offset`	number	No	Starting index of result set from which to return subsidiaries
`sort`	string	No	The field by which to sort the list of IDs. Possible values:<ul><li>name</li><li>primary_...
`version_id`	string	No	The version ID of the ecosystem subsidiaries data, represented as a hash string. This parameter i...

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>",
  "version_id": "<version_id>"
}

List External Assets

SDK: exposure_management.QueryExternalAssets

Parameters:

Name	Type	Required	Description
`filter`	string	No	Filter assets using an FQL query. Common filter options include:<ul><li>asset_type:'ip'</li...
`limit`	number	No	Number of IDs to return.
`offset`	string	No	Starting index of result set from which to return IDs.
`sort`	string	No	Order by fields.

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": "<offset>",
  "sort": "<sort>"
}

List External Assets V2

SDK: exposure_management.QueryExternalAssetsV2

Parameters:

Name	Type	Required	Description
`after`	string	No	A pagination token used with the `limit` parameter to manage pagination of results. On your first...
`filter`	string	No	Filter assets using an FQL query. Common filter options include:<ul><li>asset_type:'ip'</li...
`limit`	number	No	number of IDs to return.
`sort`	string	No	Order by fields.

Example:

{
  "after": "<after>",
  "filter": "<filter>",
  "limit": 10,
  "sort": "<sort>"
}

Post External Assets Inventory

SDK: exposure_management.PostExternalAssetsInventoryV1

Parameters:

Name	Type	Required	Description
`data`	object	Yes	Data is the list of assets to be added

Example:

{
  "data": {}
}

Update External Assets

SDK: exposure_management.PatchExternalAssets

Parameters:

Name	Type	Required	Description
`assets`	object	Yes	List of asset patches

Example:

{
  "assets": {}
}

Spotlight Evaluation Logic

Operations for Spotlight Evaluation Logic

Operations

Operation	Name	Description
`get_evaluation_logic`	Get Evaluation Logic	SDK: spotlight_evaluation_logic.GetEvaluationLogic
`list_combined_evaluation_logic`	List Combined Evaluation Logic	SDK: spotlight_evaluation_logic.CombinedQueryEvaluationLogic
`list_evaluation_logic`	List Evaluation Logic	SDK: spotlight_evaluation_logic.QueryEvaluationLogic

Get Evaluation Logic

SDK: spotlight_evaluation_logic.GetEvaluationLogic

Parameters:

Name	Type	Required	Description
`ids`	array	No	One or more evaluation logic IDs.

Example:

{
  "ids": ["<ids>"]
}

List Combined Evaluation Logic

SDK: spotlight_evaluation_logic.CombinedQueryEvaluationLogic

Parameters:

Name	Type	Required	Description
`after`	string	No	A pagination token used with the `limit` parameter to manage pagination of results. On your first...
`filter`	string	No	FQL query specifying the filter parameters.
`limit`	number	No	Maximum number of entities to return.
`sort`	string	No	Sort evaluation logic by their properties.

Example:

{
  "after": "<after>",
  "filter": "<filter>",
  "limit": 10,
  "sort": "<sort>"
}

List Evaluation Logic

SDK: spotlight_evaluation_logic.QueryEvaluationLogic

Parameters:

Name	Type	Required	Description
`after`	string	No	A pagination token used with the `limit` parameter to manage pagination of results. On your first...
`filter`	string	No	FQL query specifying the filter parameters.
`limit`	number	No	Maximum number of entities to return.
`sort`	string	No	Sort evaluation logic by their properties.

Example:

{
  "after": "<after>",
  "filter": "<filter>",
  "limit": 10,
  "sort": "<sort>"
}

Spotlight Vulnerabilities

Operations for Spotlight Vulnerabilities

Operations

Operation	Name	Description
`get_remediations_v2`	Get Remediations V2	SDK: spotlight_vulnerabilities.GetRemediationsV2
`get_vulnerabilities`	Get Vulnerabilities	SDK: spotlight_vulnerabilities.GetVulnerabilities
`list_combined_vulnerabilities`	List Combined Vulnerabilities	SDK: spotlight_vulnerabilities.CombinedQueryVulnerabilities
`list_vulnerabilities`	List Vulnerabilities	SDK: spotlight_vulnerabilities.QueryVulnerabilities

Get Remediations V2

SDK: spotlight_vulnerabilities.GetRemediationsV2

Parameters:

Name	Type	Required	Description
`ids`	array	No	One or more remediation IDs

Example:

{
  "ids": ["<ids>"]
}

Get Vulnerabilities

SDK: spotlight_vulnerabilities.GetVulnerabilities

Parameters:

Name	Type	Required	Description
`ids`	array	No	One or more vulnerability IDs (max: 400). Find vulnerability IDs with GET /spotlight/queries/vuln...

Example:

{
  "ids": ["<ids>"]
}

List Combined Vulnerabilities

SDK: spotlight_vulnerabilities.CombinedQueryVulnerabilities

Parameters:

Name	Type	Required	Description
`after`	string	No	A pagination token used with the `limit` parameter to manage pagination of results. On your first...
`facet`	array	No	Select various details blocks to be returned for each vulnerability entity. Supported values: <u...
`filter`	string	No	Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values ar...
`limit`	number	No	The number of items to return in this response (default: 100, max: 5000). Use with the after para...
`sort`	string	No	Sort vulnerabilities by their properties. Common sort options include: <ul><li>updated_timest...

Example:

{
  "after": "<after>",
  "facet": ["<facet>"],
  "filter": "<filter>",
  "limit": 10,
  "sort": "<sort>"
}

List Vulnerabilities

SDK: spotlight_vulnerabilities.QueryVulnerabilities

Parameters:

Name	Type	Required	Description
`after`	string	No	A pagination token used with the `limit` parameter to manage pagination of results. On your first...
`filter`	string	No	Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values ar...
`limit`	number	No	The number of items to return in this response (default: 100, max: 400). Use with the after param...
`sort`	string	No	Sort vulnerabilities by their properties. Available sort options: <ul><li>updated_timestamp

Example:

{
  "after": "<after>",
  "filter": "<filter>",
  "limit": 10,
  "sort": "<sort>"
}

Spotlight Vulnerability Metadata

Operations for Spotlight Vulnerability Metadata

Operations

Operation	Name	Description
`combine_vuln_metadata_ext`	Combine Vuln Metadata Ext	SDK: spotlight_vulnerability_metadata.CombineVulnMetadataExt

Combine Vuln Metadata Ext

SDK: spotlight_vulnerability_metadata.CombineVulnMetadataExt

Parameters:

Name	Type	Required	Description
`after`	string	No	A pagination token used with the `limit` parameter to manage pagination of results. On your first...
`filter`	string	No	Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values ar...
`limit`	number	No	The number of items to return in this response (default: 100, max: 10000). Use with the after par...
`offset`	string	No	Starting index of overall result set from which to return ids.
`sort`	string	No	Sort vulnerabilities by their properties. Available sort options: <ul><li>created_timestamp

Example:

{
  "after": "<after>",
  "filter": "<filter>",
  "limit": 10,
  "offset": "<offset>",
  "sort": "<sort>"
}

Best Practices

Use Appropriate Filters: Leverage FQL (Falcon Query Language) filters to narrow down results and improve performance.
Implement Pagination: For operations returning large datasets, use limit and offset parameters to paginate results.
Handle Rate Limits: CrowdStrike APIs have rate limits. Implement appropriate delays and retry logic in your workflows.
Secure Credentials: Never log or expose API credentials. Use NINA's credential management for secure storage.
Use Specific Scopes: When creating API clients, only request the minimum required API scopes.
Monitor API Usage: Track your API usage to avoid hitting rate limits during critical operations.
Validate IDs: Always validate resource IDs before using them in update or delete operations.
Error Handling: Implement comprehensive error handling for API failures and unexpected responses.

Troubleshooting

Issue	Possible Solution
401 Unauthorized	Verify Client ID and Client Secret are correct; check if credentials have expired
403 Forbidden	Ensure API client has required scopes for the operation
404 Not Found	Verify the resource ID exists and is accessible with your credentials
429 Too Many Requests	Rate limit exceeded; implement delays between requests
Invalid Filter	Check FQL syntax; refer to CrowdStrike FQL documentation
Connection Timeout	Verify network connectivity and correct Base URL for your region
Empty Results	Verify filter criteria; check if resources exist in your environment

Support

For issues with this integration, please contact support with:

The operation you were attempting
Any error messages received
The parameters used (excluding sensitive data)
Your CrowdStrike cloud region

For CrowdStrike API documentation, visit: CrowdStrike Developer Portal

Updated: 2026-02-05

Overview​

Capabilities​

Credential Configuration​

Authentication Method​

How It Works​

CrowdStrike Cloud Regions​

How to Obtain API Credentials​

Required API Scopes​

Creating a CrowdStrike Credential in NINA​

Supported Resources​

Resource Details​

Configuration Assessment​

Operations​

Get Rule Details​

List Combined Assessments​

Configuration Assessment Evaluation Logic​

Operations​

Get Evaluation Logic Mixin0​

Discover​

Operations​

Combined Applications​

Combined Hosts​

Get Accounts​

Get Applications​

Get Hosts​

Get Logins​

List Accounts​

List Applications​

List Hosts​

List Logins​

Discover Iot​

Operations​

Get Iot Hosts​

List Iot Hosts​

List Iot Hosts V2​

Drift Indicators​

Operations​

Get Drift Indicators Values By Date​

Read Drift Indicator Entities​

Read Drift Indicators Count​

Search And Read Drift Indicator Entities​

Search Drift Indicators​

Exposure Management​

Operations​

Aggregate External Assets​

Blob Download External Assets​

Blob Preview External Assets​

Combined Ecosystem Subsidiaries​

Delete External Assets​

Get Ecosystem Subsidiaries​

Get External Assets​

List Ecosystem Subsidiaries​

List External Assets​

List External Assets V2​

Post External Assets Inventory​

Update External Assets​

Spotlight Evaluation Logic​

Operations​

Get Evaluation Logic​

List Combined Evaluation Logic​

List Evaluation Logic​

Spotlight Vulnerabilities​

Operations​

Get Remediations V2​

Get Vulnerabilities​

List Combined Vulnerabilities​

List Vulnerabilities​

Spotlight Vulnerability Metadata​

Operations​

Combine Vuln Metadata Ext​

Best Practices​

Troubleshooting​

Support​

Overview

Capabilities

Credential Configuration

Authentication Method

How It Works

CrowdStrike Cloud Regions

How to Obtain API Credentials

Required API Scopes

Creating a CrowdStrike Credential in NINA

Supported Resources

Resource Details

Configuration Assessment

Operations

Get Rule Details

List Combined Assessments

Configuration Assessment Evaluation Logic

Operations

Get Evaluation Logic Mixin0

Discover

Operations

Combined Applications

Combined Hosts

Get Accounts

Get Applications

Get Hosts

Get Logins

List Accounts

List Applications

List Hosts

List Logins

Discover Iot

Operations

Get Iot Hosts

List Iot Hosts

List Iot Hosts V2

Drift Indicators

Operations

Get Drift Indicators Values By Date

Read Drift Indicator Entities

Read Drift Indicators Count

Search And Read Drift Indicator Entities

Search Drift Indicators

Exposure Management

Operations

Aggregate External Assets

Blob Download External Assets

Blob Preview External Assets

Combined Ecosystem Subsidiaries

Delete External Assets

Get Ecosystem Subsidiaries

Get External Assets

List Ecosystem Subsidiaries

List External Assets

List External Assets V2

Post External Assets Inventory

Update External Assets

Spotlight Evaluation Logic

Operations

Get Evaluation Logic

List Combined Evaluation Logic

List Evaluation Logic

Spotlight Vulnerabilities

Operations

Get Remediations V2

Get Vulnerabilities

List Combined Vulnerabilities

List Vulnerabilities

Spotlight Vulnerability Metadata

Operations

Combine Vuln Metadata Ext

Best Practices

Troubleshooting

Support