This action returns similar data to the List Devices action, except that only affected devices are returned. There is also an additional device field indicating if the alert is resolved for the device.
External DocumentationTo learn more, visit the Claroty xDome documentation.

Parameters

ParameterDescription
Alert IDAlert ID, as indicated in the id field of an alert.
FieldsSpecify which fields to return for each item.

Example Output

{
	"devices": [
		{
			"is_resolved": false,
			"asset_id": "<string>",
			"device_subcategory": "<string>",
			"device_type": "<string>",
			"network_list": [
				"<string>"
			],
			"device_category": "<string>",
			"mac_list": [
				"<string>"
			],
			"uid": "<string>",
			"ip_list": [
				"<string>"
			],
			"risk_score_points": 27,
			"risk_score": "<string>"
		},
		{
			"is_resolved": false,
			"asset_id": "<string>",
			"device_subcategory": "<string>",
			"device_type": "<string>",
			"network_list": [
				"<string>"
			],
			"device_category": "<string>",
			"mac_list": [
				"<string>"
			],
			"uid": "<string>",
			"ip_list": [
				"<string>"
			],
			"risk_score_points": 69,
			"risk_score": "<string>"
		}
	]
}

Workflow Library Example

List Devices Affected by an Alert with Claroty Xdome and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop