Skip to main content
Retrieve a filtered list of alerts.
External DocumentationTo learn more, visit the Panther documentation.

Basic Parameters

ParameterDescription
AssigneeFilter alerts by the assignee by its ID.
Created AfterThe timeframe after which alerts were created. When omitted, defaults to 30 days ago.
Created BeforeThe timeframe before which alerts were created. When omitted, defaults to current time.
CursorA token used to specify a results page. This value can be obtained from the endCursor property from a previous response.
Detection IDFilter alerts by the detection ID.
LimitThe maximum number of results to return in the response. Valid range is 1-50.
NameFilter alerts by name, entering a partial or full string.
Return All PagesAutomatically fetch all resources, page by page.
SeverityFilter alerts by the severity.
Sort DirectionThe sort direction of the results.
StatusFilter alerts by the status.
Sub TypeFilter alerts by the sub-type of the alert.
TypeFilter alerts by the type of the alert.

Advanced Parameters

ParameterDescription
Log SourceA comma-separated list of log sources of alerts to filter the results by.
Log TypeA comma-separated list of log types to filter the results by.
Maximum eventsFilter alerts by the maximum number of events in each retrieved alert.
Minimum eventsFilter alerts by the minimum number of events in each retrieved alert.
Resource TypeA comma-separated list of resource types to filter the results by.

Example Output

{
	"next": "text",
	"results": [
		{
			"assignee": {
				"id": "user",
				"type": "text"
			},
			"context": null,
			"createdAt": "text",
			"deliveries": [
				{
					"dispatchedAt": "text",
					"label": "text",
					"message": "text",
					"outputId": "text",
					"statusCode": 1,
					"success": true
				}
			],
			"detection": {
				"id": "text",
				"type": "RULE"
			},
			"eventCount": 1,
			"firstEventOccurredAt": "text",
			"id": "text",
			"lastReceivedEventAt": "text",
			"runbook": "text",
			"severity": "CRITICAL",
			"status": "OPEN",
			"systemError": {
				"detection": {
					"id": "text",
					"type": "RULE"
				},
				"sourceId": "text",
				"sourceType": "text",
				"type": "text"
			},
			"title": "text",
			"type": "text",
			"updatedBy": {
				"id": "user",
				"type": "text"
			}
		}
	]
}

Workflow Library Example

List Alert with Panther and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop