List Devices Affected By An Alert
This action returns similar data to the List Devices action,
except that only affected devices are returned.
There is also an additional device field indicating if the alert is resolved for the device.
External Documentation
To learn more, visit the Claroty xDome documentation.
Parameters
| Parameter | Description |
|---|---|
| Alert ID | Alert ID, as indicated in the id field of an alert. |
| Fields | Specify which fields to return for each item. |
Example Output
{
"devices": [
{
"asset_id": "xxxxxxx",
"risk_score": "xxxxx",
"os_category": "xxxx",
"labels": [],
"device_type_family": "xxxxxxx",
"vlan_list": [x],
"mac_list": ["xxxxxxxxxxxx"],
"device_subcategory": "xxxxxxxxxxxxxx",
"retired": xxxx,
"assignees": [],
"uid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"network_list": ["xxxxxxxxx"],
"model": "xxxxxxxxxxxxxxx",
"device_type": "xxxxxxxx",
"device_category": "xxx",
"ip_list": ["xxx.xxx.xxx.xxx"],
"is_resolved": xxxx
}
]
}
Workflow Library Example
List Devices Affected by an Alert with Claroty Xdome and Send Results Via Email
Preview this Workflow on desktop