n8n-nodes-crowdstrike

n8n community node for the CrowdStrike Falcon API.

Installation

In n8n: Settings → Community Nodes → Install → enter n8n-nodes-crowdstrike.

Credentials

Create an API client in the Falcon console (Support and Resources → API Clients & Keys) and grant the scopes you need (Hosts: Read, Alerts: Read/Write, etc.). Then in n8n configure a CrowdStrike Falcon API credential with your Client ID, Client Secret, and Cloud Region (US-1 / US-2 / EU-1 / US-GOV-1).

Resources & operations

• Host — Get, Get Many, Search, Online State, Login History, Network History
• Alert — Get, Get Many, Update (status / comment / assignee)
• Detection (legacy, decommissioned on most tenants — use Alerts)
• Incident — Get, Get Many, Perform Action, Behaviors, CrowdScore
• Host Group — Get, Get Many, Get Members
• Prevention Policy — Get, Get Many, Get Members
• IOC — Get, Get Many, Devices Count / Ran On, Processes Ran On
• Spotlight Vulnerability — Get, Query, Remediations
• Intel — Actors, Indicators, Reports
• Real Time Response — Init Session, Execute Command, Status, List/Delete Sessions, List Files
• Event Stream — List Available, Refresh
• User Management — Get User, Get Many, Get Roles

All list operations support FQL filtering, sorting, and "Return All" auto-pagination.

License

MIT