> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Alerts By Alert IDs

Returns alerts that match the given alert ids.

<Note>
  External Documentation

  To learn more, visit the [Intezer documentation](https://analyze.intezer.com/api-docs.html#/paths/alerts-search/post).
</Note>

## Parameters

<div className="integrations-table">
  | Parameter    | Description                                        |
  | ------------ | -------------------------------------------------- |
  | Alert IDs    | List of comma separated alert ids to search for.   |
  | Environments | List of comma separated environments to search in. |
</div>

## Example Output

```json theme={"dark"}
{
	"result": {
		"alert_count": 1,
		"alerts": [
			{
				"alert_id": "ed638299999999862495_-1864999299",
				"intezer_alert_url": "https://analyze.intezer.com/alerts/ed638299999999862495_-1864999299",
				"note": "🟦 Intezer Automated Triage🧨 \n===================================\n Confirmed Threat - Generic Threat - CoinMiner\n===================================\nRecommended actions: Kill, Quarantine\nTTPs: Defense Evasion, Execution\nIOCs: 2 indicators\n\nView alert: 👉 https://analyze.intezer.com/alerts/ed638299999999862495_-1864999299",
				"alert": {
					"alert_id": "ed638299999999862495_-1864999299",
					"creation_time": "2023-06-28T07:06:38.228013",
					"creation_time_display": "28 Jun 23 | 06:38 UTC",
					"alert_title": "MyThreatName.exe",
					"severity": "high",
					"severity_display": "High",
					"alert_url": "https://falcon.crowdstrike.com/activity/detections/detail/9999c9999af9999d84d999c2ee7131bb/999994989665",
					"descriptions": [
						"This file meets the File Analysis ML algorithm's low-confidence threshold for malware."
					],
					"external_account_name": "MyAccountName",
					"site_name": "MySiteName",
					"is_mitigated": false,
					"mitigation_status_display": "Not Mitigated",
					"device": {
						"id": "9999c9999af9999d84d999c2ee7131bb",
						"hostname": "MyHostName",
						"os_type": "windows",
						"os_name": "Windows 10"
					}
				},
				"triage_result": {
					"alert_verdict": "confirmed_threat",
					"alert_verdict_display": "Confirmed Threat",
					"risk_level": "high",
					"risk_level_display": "High",
					"risk_category": "generic_threat",
					"risk_category_display": "Generic Threat",
					"families": {
						"family_id": "0b13c0d4-7779-4c06-98fa-4d33ca98f8a9",
						"family_name": "HopperTick"
					},
					"threat_name": "MyThreatName.exe",
					"risk_score": 20,
					"ttps": [
						{
							"tactic_id": "TA0002",
							"technique": "Command and Scripting Interpreter: Unix Shell",
							"technique_id": "T1059.004",
							"source": "analysis",
							"tactic": "Execution"
						}
					]
				},
				"alert_sub_types": [
					"file_based"
				],
				"raw_alert": {},
				"sender": "cs",
				"scans": [
					{
						"is_main_analysis": true,
						"file_analysis": {
							"family_id": "0b13c0d4-7779-4c06-98fa-4d33ca98f8a9",
							"sha256": "4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356",
							"ttps": [
								{
									"tactic_id": "TA0002",
									"technique": "Command and Scripting Interpreter: Unix Shell",
									"technique_id": "T1059.004",
									"tactic": "Execution"
								}
							],
							"file_name": "MyFileName.exe",
							"verdict": "malicious",
							"sub_verdict": "malicious",
							"iocs": {
								"files": [
									{
										"path": "/path/to/MyFileName.exe",
										"sha256": "4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356",
										"verdict": "malicious",
										"family": null,
										"type": "main_file"
									}
								],
								"network": [
									{
										"source": [
											"Network communication"
										],
										"ioc": "10.0.0.1",
										"type": "ip"
									}
								]
							},
							"analysis_time": "2022-05-28T07:09:58",
							"analysis_url": "https://analyze.intezer.com/analyses/0833e33b-2dcd-4d48-a853-8b4822675911",
							"family_name": "Emotet",
							"analysis_id": "0833e33b-2dcd-4d48-a853-8b4822675911"
						},
						"collection_status": "collected",
						"scan_type": "file"
					}
				],
				"response": {
					"automated_response_actions": [
						{
							"action_name": "Endpoint scan performed",
							"action_key": "endpoint_scan_performed",
							"status": "suggested"
						}
					],
					"user_recommended_actions": [
						{
							"action_name": "Kill Process (RTR)",
							"action_key": "kill_process"
						}
					],
					"user_recommended_actions_display": "Kill Process (RTR)",
					"iocs": {
						"files": [
							{
								"path": "/path/to/MyFileName.exe",
								"sha256": "4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356",
								"verdict": "malicious",
								"family": null,
								"type": "main_file"
							}
						],
						"network": [
							{
								"ioc": "10.0.0.1",
								"source": [
									"Network communication"
								],
								"type": "ip"
							}
						]
					},
					"status": "follow_up_required",
					"status_display": "Follow Up Required"
				},
				"source": "cs",
				"source_display": "CrowdStrike",
				"source_type": "edr"
			}
		]
	}
}
```

## Workflow Library Example

[Get Alerts by Alert Ids with Intezer and Send Results Via Email](https://library.blinkops.com/workflows/get-alerts-by-alert-ids-with-intezer-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/get-alerts-by-alert-ids-with-intezer-and-send-results-via-email/canvas" />
</div>