Skip to main content
Question

Crowdstrike Detects API deprecation

  • September 25, 2025
  • 1 reply
  • 141 views
Nagarjuna11
Forum|alt.badge.img+5

Hi Team,

We are currently using these endpoints to get the data into SOAR and we are pushing it back to SecOps Siem.

 

CROWDSTRIKE_ENDPOINTS = {

    "GENERATE_TOKEN": "{}/oauth2/token",

    "GET_DETECTION_IDS": "{}/alerts/queries/alerts/v1",

    "GET_DETECTION_DETAILS": "{}/alerts/entities/alerts/v1",

    "GET_COMBINED_GRAPHQL": "{}/identity-protection/combined/graphql/v1"

}

will there be any impact for my environment and should i need to create  the new api client  with the Alerts read permission

1 reply

kentphelps
Staff
Forum|alt.badge.img+11
  • kentphelps
  • Staff
  • September 25, 2025

I assume this query is related to the upcoming decommissioning of Crowdstikes Detects API.  It would likely be best to confirm that none of the above endpoints are part of the Detects API by contacting Crowdstrike support.  But since you have active feeds for CrowdStrike Detection Monitoring I would follow the steps to create a new API client 

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.