Crowdstrike connector : Many actions use deprecated API endpoints
- October 20, 2025
- 2 replies
- 1293 views
Hello,
A little surprise today while I was creating my playbook, it seems that the following actions are still using the CrowdStrike API endpoints that were decommissioned on September 30th.
- detection_search : use /detects/queries/detects/v1
- detection_aggregates : use /detects/aggregates/detects/GET/v1
- update_detection : use /detects/entities/detects/v2
- get_detection_details : use /detects/entities/summaries/GET/v1
In accordance with the CrowdStrike documentation, it appears that these API endpoints have been merged into the Alerts section. The documentation say "Detections are no longer stored in their legacy format."
Could we please, in the next update, either remove these actions or update them to use the correct endpoints (for example, the ones already used in the update_alert action) ?