Get Alert - Blink Documentation

Get the alert matching the specified alert ID.

External DocumentationTo learn more, visit the Microsoft Defender For Cloud Apps documentation.

Parameters

Parameter	Description
Alert ID	The ID of the alert. Can be obtained via the `List Alerts` action.

Example Output

{
	"_id": "603f704aaf7417985bbf3b22",
	"contextId": "206e2965-6533-48a6-ba9e-794364a84bf9",
	"description": "Contoso user performed 11 suspicious activities MITRE Technique used Account Discovery (T1087) and subtechnique used Domain Account (T1087.002)",
	"entities": [
		{
			"entityRole": "Source",
			"entityType": 2,
			"id": "6204bdaf-ad46-4e99-a25d-374a0532c666",
			"inst": 0,
			"label": "user1",
			"pa": "user1@contoso.com",
			"saas": 11161,
			"type": "account"
		}
	]
}

Workflow Library Example

Get Alert with Microsoft Defender for Cloud Apps and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Parameters

​Example Output

​Workflow Library Example

Parameters

Example Output

Workflow Library Example