Troubleshooting Tip: How to resolve FortiSOAR connector action or data ingestion playbook issues after CrowdStrike API endpoint deprecation

The following API Endpoints are going to be deprecated by CrowdStrike, which will impact the FortiSOAR connector actions or Data ingestion playbooks:

• /detects/aggregates/detects/GET/v1
• /detects/entities/detects/v2
• /detects/entities/summaries/GET/v1
• /detects/queries/detects/v1

FortiSOAR CrowdStrike connector v3.0.0 already includes the new API endpoints. The existing actions can be switched to the new available actions as follows:

1. Detection Aggregates -> Alert Aggregates:
   /detects/aggregates/detects/GET/v1 -> /alerts/aggregates/alerts/v2

2. Update Detection -> Update Alert:
   

   /detects/entities/detects/v2 -> /alerts/entities/alerts/v3

    

3. Get Detection Details -> Get Alert Details:
   

   /detects/entities/summaries/GET/v1 -> /alerts/entities/alerts/v2

    

4. Detection Search -> Alert Search:
   /detects/queries/detects/v1 → /alerts/queries/alerts/v2

If Data Ingestion is configured with Detections -> Edit and changes are made to Alerts:

Note: For backward compatibility, both the old and new actions are currently available in the connector. However, the deprecated (old) actions will be removed in a future connector release.