Hi team,

CrowdStrike recently announced the deprecation of the Detects API endpoints, and Google shared an advisory explaining the impact and what actions to take if you are using the data feed in SIEM ingestion.

👉 Advisory:  Important Advisory – Decommissioning of CrowdStrike’s Detects API

That part is clear for SIEM data feeds.

But in our case, we use the CrowdStrike Detection Connector in Google SecOps SOAR, which creates cases from detections. Since the Detects API was decommissioned, the connector started failing with this error:

Error executing connector: "Detection Connector". Reason: An error occurred: 404 Client Error: Not Found for url: https://api.us-2.crowdstrike.com/detects/queries/detects/v1?filter=status%3A%27new%27%2Bfirst_behavior%3A%3E%3D%272025-09-29T20%3A48%3A07%27&sort=first_behavior.asc&limit=100 b'{\n "meta": {\n "query_time": 0.00030819,\n "powered_by": "legacy-detects",\n "trace_id": "39d6ade4-b8d1-479d-821f-08849878a2b1"\n },\n "resources": [],\n "errors": [\n {\n "code": 404,\n "message": "API endpoint has been decommissioned as per TA: https://supportportal.crowdstrike.com/s/article/Tech-Alert-Planned-Decommission-Announcement-of-the-DetectionSummaryEvent-and-detects-API"\n }\n ]\n}'

Question:

• Is there an update planned for the CrowdStrike Detection Connector to move away from the deprecated Detects API?
• What is the recommended approach to keep detections flowing into SOAR cases?