Get Alert

Get the alert matching the specified alert ID.

External Documentation

To learn more, visit the Microsoft Defender For Cloud Apps documentation.

Parameters

Parameter	Description
Alert ID	The ID of the alert. Can be obtained via the `List Alerts` action.

Example Output

{
    "_id": "603f704aaf7417985bbf3b22",
    "contextId": "206e2965-6533-48a6-ba9e-794364a84bf9",
    "description": "Contoso user performed 11 suspicious activities MITRE Technique used Account Discovery (T1087) and subtechnique used Domain Account (T1087.002)",
    "entities": [
        {
            "entityRole": "Source",
            "entityType": 2,
            "id": "6204bdaf-ad46-4e99-a25d-374a0532c666",
            "inst": 0,
            "label": "user1",
            "pa": "user1@contoso.com",
            "saas": 11161,
            "type": "account"
        }
    ]
}

Workflow Library Example

Get Alert with Microsoft Defender for Cloud Apps and Send Results Via Email

Preview this Workflow on desktop

Get Alert

Parameters​

Example Output​

Workflow Library Example​

Parameters

Example Output

Workflow Library Example