Get Triggered Alert
Get information about a triggered alert by the alert ID.
External Documentation
To learn more, visit the Devo documentation.
Parameters
| Parameter | Description |
|---|---|
| ID | The Alert ID. Can be retrieved using the List Triggered Alerts action. |
Example Output
{
"id": 123456,
"domain": "myDomain",
"priority": 4,
"context": "my.alert.demo.AWSConsoleLoginFailure",
"category": "my.context",
"srcPort": null,
"srcIp": null,
"srcHost": null,
"dstIp": null,
"dstPort": null,
"dstHost": null,
"protocol": null,
"username": "user@devo.com",
"application": null,
"engine": "pilot-8-pro-cloud-custom-aws-us-east-1",
"extraData": "{\"userIdentity_principalId\":\"AIDA3Y41I57DEUQSSBD1ZE\",\"mfaUsed\":\"No\",\"loginResponse\":\"Failure\",\"userIdentity_type\":\"IAMUser\",\"count\":\"1\",\"userName\":\"jason.green\",\"eventdate\":\"2023-04-03+13%3A39%3A00.0\"}",
"alertDate": null,
"status": 0,
"ack_status_date": null,
"createDate": 1680529252000,
"updateDate": null,
"scaled": false,
"digest": "5ad6c04d1f29125dfae0de480584f9c39362f4f3",
"uniquedigest": "f8ca95e3ed3c853b7f39dd39c099b8547c9e2f7b",
"postAlertAction": null,
"contextLabel": null,
"contextSubscription": null,
"shouldSend": false,
"alertOwner": null,
"fullExtraData": null,
"alertType": null,
"alertMitreTactics": null,
"alertMitreTechniques": null,
"alertPriority": null,
"alertDefinition": null,
"allExtraDataFields": null,
"tags": null,
"entities": null,
"commentsList": [],
"integrations": null,
"contexto": null
}
Workflow Library Example
Get Triggered Alert with Devo and Send Results Via Email
Preview this Workflow on desktop