List Devices Affected By An Alert

This action returns similar data to the List Devices action, except that only affected devices are returned. There is also an additional device field indicating if the alert is resolved for the device.

External DocumentationTo learn more, visit the Claroty xDome documentation.

Parameters

Parameter	Description
Alert ID	Alert ID, as indicated in the id field of an alert.
Fields	Specify which fields to return for each item.

Example Output

{
	"devices": [
		{
			"is_resolved": false,
			"asset_id": "<string>",
			"device_subcategory": "<string>",
			"device_type": "<string>",
			"network_list": [
				"<string>"
			],
			"device_category": "<string>",
			"mac_list": [
				"<string>"
			],
			"uid": "<string>",
			"ip_list": [
				"<string>"
			],
			"risk_score_points": 27,
			"risk_score": "<string>"
		},
		{
			"is_resolved": false,
			"asset_id": "<string>",
			"device_subcategory": "<string>",
			"device_type": "<string>",
			"network_list": [
				"<string>"
			],
			"device_category": "<string>",
			"mac_list": [
				"<string>"
			],
			"uid": "<string>",
			"ip_list": [
				"<string>"
			],
			"risk_score_points": 69,
			"risk_score": "<string>"
		}
	]
}

Workflow Library Example

List Devices Affected by an Alert with Claroty Xdome and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Parameters

​Example Output

​Workflow Library Example

Parameters

Example Output

Workflow Library Example