Skip to main content
Retrieve the log events associated with an alert.
External DocumentationTo learn more, visit the Panther documentation.

Parameters

ParameterDescription
Alert IDThe alert ID to list events for.
CursorA token used to specify a results page. This value can be obtained from the endCursor property from a previous response.
Page SizeThe maximum number of events to return in the response. Valid range is 1-50.

Example Output

{
	"data": {
		"alert": {
			"id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
			"events": {
				"edges": [
					{
						"node": {
							"createdAt": "2024-10-17 04:41:13.000000000",
							"entitySnapshot": {
								"cloudProviderURL": "https://ec2-xxx-xxx-xxx-xxx.compute.amazonaws.com:443",
								"externalId": "https://ec2-xxx-xxx-xxx-xxx.compute.amazonaws.com:443/##TLS Handshake##0",
								"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
								"name": "Certificate for example.com",
								"nativeType": "",
								"providerId": "https://ec2-xxx-xxx-xxx-xxx.compute.amazonaws.com:443/##TLS Handshake##0",
								"region": "",
								"resourceGroupExternalId": "",
								"subscriptionExternalId": "",
								"subscriptionName": "",
								"tags": {},
								"type": "SECRET_INSTANCE"
							},
							"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
							"notes": [],
							"p_alert_context": {
								"entity_snapshot": {
									"cloudProviderURL": "https://ec2-xxx-xxx-xxx-xxx.compute.amazonaws.com:443",
									"externalId": "https://ec2-xxx-xxx-xxx-xxx.compute.amazonaws.com:443/##TLS Handshake##0",
									"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
									"name": "Certificate for example.com",
									"nativeType": "",
									"providerId": "https://ec2-xxx-xxx-xxx-xxx.compute.amazonaws.com:443/##TLS Handshake##0",
									"region": "",
									"resourceGroupExternalId": "",
									"subscriptionExternalId": "",
									"subscriptionName": "",
									"tags": {},
									"type": "SECRET_INSTANCE"
								},
								"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
								"mitre_attack_categories": [],
								"type": "TOXIC_COMBINATION"
							},
							"p_alert_creation_time": "2024-10-17 04:47:52.000000000",
							"p_alert_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
							"p_alert_severity": "HIGH",
							"p_alert_update_time": "2024-10-17 04:47:52.000000000",
							"p_event_time": "2024-10-17 04:46:25.000000000",
							"p_log_type": "Wiz.Issues",
							"p_parse_time": "2024-10-17 04:46:25.000000000",
							"p_row_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
							"p_rule_id": "Wiz.Alert.Passthrough",
							"p_rule_severity": "MEDIUM",
							"p_schema_version": 0,
							"p_source_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
							"p_source_label": "Source_Label_Placeholder",
							"p_udm": {},
							"serviceTickets": [],
							"severity": "HIGH",
							"sourceRule": {
								"__typename": "Control",
								"controlDescription": "",
								"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
								"name": "Secrets not stored in a secret container",
								"resolutionRecommendation": "",
								"securitySubCategories": null
							},
							"status": "OPEN",
							"statusChangedAt": "2024-10-17 04:41:05.000000000",
							"type": "TOXIC_COMBINATION",
							"updatedAt": "2024-10-17 04:41:13.000000000"
						}
					}
				],
				"pageInfo": {
					"endCursor": ""
				}
			}
		}
	}
}

Workflow Library Example

List Alert Events with Panther and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop