Get specific device(s) affected by an alert. This action returns similar data to the Get Device action, except that only affected devices are returned. There is also an additional device field indicating if the alert is resolved for the device.
External DocumentationTo learn more, visit the Claroty xDome documentation.

Parameters

ParameterDescription
Alert IDAlert ID, as indicated in the id field of an alert.
FieldSpecify the field by which to search for device(s).
FieldsSpecify which fields to return for each item.
ValueSpecify the search value. It can be either a single value or multiple values separated by commas.

Example Output

{
  "devices": [
    {
      "asset_id": "xxxxxxx",
      "risk_score": "xxxxx",
      "os_category": "xxxx",
      "labels": [],
      "device_type_family": "xxxxxxx",
      "vlan_list": [x],
      "mac_list": ["xxxxxxxxxxxx"],
      "device_subcategory": "xxxxxxxxxxxxxx",
      "retired": xxxx,
      "assignees": [],
      "uid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
      "network_list": ["xxxxxxxxx"],
      "model": "xxxxxxxxxxxxxxx",
      "device_type": "xxxxxxxx",
      "device_category": "xxx",
      "ip_list": ["xxx.xxx.xxx.xxx"],
      "is_resolved": "xxxx"
    }
  ]
}

Workflow Library Example

Get Device Affected by an Alert with Claroty Xdome and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop