Skip to main content

Hi Team,

We are currently using these endpoints to get the data into SOAR and we are pushing it back to SecOps Siem.

 

CROWDSTRIKE_ENDPOINTS = {

    "GENERATE_TOKEN": "{}/oauth2/token",

    "GET_DETECTION_IDS": "{}/alerts/queries/alerts/v1",

    "GET_DETECTION_DETAILS": "{}/alerts/entities/alerts/v1",

    "GET_COMBINED_GRAPHQL": "{}/identity-protection/combined/graphql/v1"

}

will there be any impact for my environment and should i need to create  the new api client  with the Alerts read permission

I assume this query is related to the upcoming decommissioning of Crowdstikes Detects API.  It would likely be best to confirm that none of the above endpoints are part of the Detects API by contacting Crowdstrike support.  But since you have active feeds for CrowdStrike Detection Monitoring I would follow the steps to create a new API client 

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.