List Triggered Alerts
Get a list of triggered alerts in your domain.
External Documentation
To learn more, visit the Devo documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| From | Filters all alerts triggered after this date. |
| Limit | Maximum number of elements returned in the response. |
| Offset | Position of the first element in the returned list. You will retrieve a subset of records starting with the offset value. |
| To | Filters all alerts triggered before this date. |
Advanced Parameters
| Parameter | Description |
|---|---|
| ASC Order | Select to retrieve the alert list in ascending order. |
| Order By | Order the alerts by a specific field. |
| Show All | Select to retrieve all the triggered alerts, including the ones with false positive and closed status. |
Example Output
{
"id": 123456,
"domain": "myDomain",
"priority": 4,
"context": "my.alert.demo.AWSConsoleLoginFailure",
"category": "my.context",
"srcPort": null,
"srcIp": null,
"srcHost": null,
"dstIp": null,
"dstPort": null,
"dstHost": null,
"protocol": null,
"username": "user@devo.com",
"application": null,
"engine": "pilot-8-pro-cloud-custom-aws-us-east-1",
"extraData": "{\"userIdentity_principalId\":\"AIDA3Y41I57DEUQSSBD1ZE\",\"mfaUsed\":\"No\",\"loginResponse\":\"Failure\",\"userIdentity_type\":\"IAMUser\",\"count\":\"1\",\"userName\":\"jason.green\",\"eventdate\":\"2023-04-03+13%3A39%3A00.0\"}",
"alertDate": null,
"status": 0,
"ack_status_date": null,
"createDate": 1680529252000,
"updateDate": null,
"scaled": false,
"digest": "5ad6c04d1f29125dfae0de480584f9c39362f4f3",
"uniquedigest": "f8ca95e3ed3c853b7f39dd39c099b8547c9e2f7b",
"postAlertAction": null,
"contextLabel": null,
"contextSubscription": null,
"shouldSend": false,
"alertOwner": null,
"fullExtraData": null,
"alertType": null,
"alertMitreTactics": null,
"alertMitreTechniques": null,
"alertPriority": null,
"alertDefinition": null,
"allExtraDataFields": null,
"tags": null,
"entities": null,
"commentsList": [],
"integrations": null,
"contexto": null
}
Workflow Library Example
List Triggered Alerts with Devo and Send Results Via Email
Preview this Workflow on desktop