Get Device Affected By An Alert
Get specific device(s) affected by an alert.
This action returns similar data to the Get Device action,
except that only affected devices are returned.
There is also an additional device field indicating if the alert is resolved for the device.
External Documentation
To learn more, visit the Claroty xDome documentation.
Parameters
| Parameter | Description |
|---|---|
| Alert ID | Alert ID, as indicated in the id field of an alert. |
| Field | Specify the field by which to search for device(s). |
| Fields | Specify which fields to return for each item. |
| Value | Specify the search value. It can be either a single value or multiple values separated by commas. |
Example Output
{
"devices": [
{
"asset_id": "xxxxxxx",
"risk_score": "xxxxx",
"os_category": "xxxx",
"labels": [],
"device_type_family": "xxxxxxx",
"vlan_list": [x],
"mac_list": ["xxxxxxxxxxxx"],
"device_subcategory": "xxxxxxxxxxxxxx",
"retired": xxxx,
"assignees": [],
"uid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"network_list": ["xxxxxxxxx"],
"model": "xxxxxxxxxxxxxxx",
"device_type": "xxxxxxxx",
"device_category": "xxx",
"ip_list": ["xxx.xxx.xxx.xxx"],
"is_resolved": xxxx
}
]
}
Workflow Library Example
Get Device Affected by an Alert with Claroty Xdome and Send Results Via Email
Preview this Workflow on desktop