Hosts
Accessing and managing CrowdStrike Falcon hosts/devices
API Scopes
Section titled “API Scopes”Hosts:read
falcon_get_host_details
Section titled “falcon_get_host_details”Required scopes: Hosts:read
Retrieve detailed information for one or more host device IDs.
Use when you already have specific device IDs from search results, the Falcon console, or the Streaming API. For discovering hosts by criteria, use falcon_search_hosts instead. Returns comprehensive host details.
Example prompts:
- “Get the full details for host device abc123”
falcon_search_hosts
Section titled “falcon_search_hosts”Required scopes: Hosts:read
Search for hosts in your CrowdStrike environment.
Use this to find devices by hostname, platform, IP, sensor version, or other attributes. Consult falcon://hosts/search/fql-guide before constructing filter expressions. Returns full host details including device info, OS, and network context.
Example prompts:
- “Find all Windows hosts in my environment”
- “Show me hosts last seen in the past 24 hours”
Resources
Section titled “Resources”falcon://hosts/search/fql-guide: Contains the guide for thefilterparam of thefalcon_search_hoststool.