Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Retrieve the log events associated with an alert.
External DocumentationTo learn more, visit the Panther documentation.

Parameters

ParameterDescription
Alert IDThe alert ID to list events for.
CursorA token used to specify a results page. This value can be obtained from the endCursor property from a previous response.
Page SizeThe maximum number of events to return in the response. Valid range is 1-50.

Example Output

{
	"data": {
		"alert": {
			"id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
			"events": {
				"edges": [
					{
						"node": {
							"createdAt": "2024-10-17 04:41:13.000000000",
							"entitySnapshot": {
								"cloudProviderURL": "https://ec2-xxx-xxx-xxx-xxx.compute.amazonaws.com:443",
								"externalId": "https://ec2-xxx-xxx-xxx-xxx.compute.amazonaws.com:443/##TLS Handshake##0",
								"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
								"name": "Certificate for example.com",
								"nativeType": "",
								"providerId": "https://ec2-xxx-xxx-xxx-xxx.compute.amazonaws.com:443/##TLS Handshake##0",
								"region": "",
								"resourceGroupExternalId": "",
								"subscriptionExternalId": "",
								"subscriptionName": "",
								"tags": {},
								"type": "SECRET_INSTANCE"
							},
							"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
							"notes": [],
							"p_alert_context": {
								"entity_snapshot": {
									"cloudProviderURL": "https://ec2-xxx-xxx-xxx-xxx.compute.amazonaws.com:443",
									"externalId": "https://ec2-xxx-xxx-xxx-xxx.compute.amazonaws.com:443/##TLS Handshake##0",
									"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
									"name": "Certificate for example.com",
									"nativeType": "",
									"providerId": "https://ec2-xxx-xxx-xxx-xxx.compute.amazonaws.com:443/##TLS Handshake##0",
									"region": "",
									"resourceGroupExternalId": "",
									"subscriptionExternalId": "",
									"subscriptionName": "",
									"tags": {},
									"type": "SECRET_INSTANCE"
								},
								"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
								"mitre_attack_categories": [],
								"type": "TOXIC_COMBINATION"
							},
							"p_alert_creation_time": "2024-10-17 04:47:52.000000000",
							"p_alert_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
							"p_alert_severity": "HIGH",
							"p_alert_update_time": "2024-10-17 04:47:52.000000000",
							"p_event_time": "2024-10-17 04:46:25.000000000",
							"p_log_type": "Wiz.Issues",
							"p_parse_time": "2024-10-17 04:46:25.000000000",
							"p_row_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
							"p_rule_id": "Wiz.Alert.Passthrough",
							"p_rule_severity": "MEDIUM",
							"p_schema_version": 0,
							"p_source_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
							"p_source_label": "Source_Label_Placeholder",
							"p_udm": {},
							"serviceTickets": [],
							"severity": "HIGH",
							"sourceRule": {
								"__typename": "Control",
								"controlDescription": "",
								"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
								"name": "Secrets not stored in a secret container",
								"resolutionRecommendation": "",
								"securitySubCategories": null
							},
							"status": "OPEN",
							"statusChangedAt": "2024-10-17 04:41:05.000000000",
							"type": "TOXIC_COMBINATION",
							"updatedAt": "2024-10-17 04:41:13.000000000"
						}
					}
				],
				"pageInfo": {
					"endCursor": ""
				}
			}
		}
	}
}

Workflow Library Example

List Alert Events with Panther and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop