List Alerts
Returns a list of alerts that match the constraints specified in the action's parameters.
Parameters
| Parameter | Description |
|---|---|
| Alert ID | Specify this field to filter alerts only to those with a specific ID. |
| Alert Rule Name | Specify this field to filter alerts only to those with a specific alert rule name. |
| Alert Status | Specify this field to filter alerts only to those with a specific status. |
| Cloud Account | Specify this field to filter alerts only to those from a specific cloud account. |
| Cloud Account ID | Specify this field to filter alerts only to those with a specific cloud account ID. |
| Cloud Region | Specify this field to filter alerts only to those from a specific region. |
| Cloud Service | Specify this field to filter alerts only to those of a specific service. |
| Detailed | Whether the returned results should include additional description fields. |
| End Time | End of time to retrieve alerts from. |
| Fields | Comma-separated list of specific fields to retrieve. Allowed values: alert.id, alert.status, alert.time, cloud.accountId, cloud.account, cloud.region, resource.id, resource.name, policy.name, policy.type, policy.severity. |
| Group | Specify this field to filter alerts only to those from a specific group. |
| Page Token | Token that identifies the required page of data. When there are multiple pages of data in the response, set pageToken to the nextPageToken value from the previous API response to retrieve the next page of data. |
| Policy Compliance Requirement Name | Specify this field to filter alerts only to those with a specific policy compliance requirement name. |
| Policy Compliance Section ID | Specify this field to filter alerts only to those with a specific policy compliance section ID. |
| Policy Compliance Standard Name | Specify this field to filter alerts only to those with a specific policy compliance standard name. |
| Policy ID | Specify this field to filter alerts only to those with a specific policy ID. |
| Policy Is Remediable | Specify this field to filter alerts only to those of remediable/ non-remediable policy. |
| Policy Label | Specify this field to filter alerts only to those with a specific policy label. |
| Policy Name | Specify this field to filter alerts only to those with a specific policy name. |
| Policy Severity | Specify this field to filter alerts only to those with a specific policy severity. |
| Policy Type | Specify this field to filter alerts only to those with a specific policy type. |
| Resource ID | Specify this field to filter alerts only to those with a specific resource ID. |
| Resource Name | Specify this field to filter alerts only to those with a specific resource name. |
| Resource Type | Specify this field to filter alerts only to those with a specific resource type. |
| Sort By | Response object property by which to sort response list. The valid values are in the response object attribute sortAllowedColumns. The format is property:asc for ascending and property:desc for descending sort. e.g. id:desc / firstseen:asc / lastseen:desc. |
| Start Time | Start of time to retrieve alerts from. |
| Type | Specify this field to filter alerts only to those of a specific type. |
Example Output
{
"totalRows": 2,
"items": [
{
"id": "P-607",
"status": "open",
"reason": "NEW_ALERT",
"firstSeen": 1668608280317,
"lastSeen": 1668608280317,
"alertTime": 1668608280317,
"lastUpdated": 1668983950895,
"policyId": "7913fcbf-b679-5aac-d979-1b6817becb22",
"saveSearchId": "d0658e3d-4d59-4333-b80c-b90e2e28dbaa",
"metadata": {
"saveSearchId": "d0658e3d-4d59-4333-b80c-b90e2e28dbaa"
},
"policy": {
"policyId": "7913fcbf-b679-5aac-d979-1b6817becb22",
"policyType": "config",
"systemDefault": true,
"remediable": false
},
"alertRules": [],
"history": [],
"resource": {
"rrn": "rrn::storageBucket:us-east-1:714946255915:8c8edb1e3cf7434142308714626f88d5a77433f1:dangerousbucketdontuse",
"id": "dangerousbucketdontuse",
"name": "dangerousbucketdontuse",
"account": "AWS Account",
"accountId": "714946255915",
"cloudAccountGroups": [
"Default Account Group"
],
"region": "AWS Virginia",
"regionId": "us-east-1",
"resourceType": "STORAGE_BUCKET",
"resourceApiName": "aws-s3api-get-bucket-acl",
"cloudServiceName": "Amazon S3",
"url": "https://console.aws.amazon.com/s3/buckets/dangerousbucketdontuse/?region=us-east-1#",
"data": {
"owner": {
"displayName": "test+test",
"id": "bc11cfbbfa840bcc92a34989f5cd0f8c6e65e7e6a9a17acef9d15ee1714a0876"
},
"bucketName": "dangerousbucketdontuse",
"denyUnencryptedUploadsPolicies": [],
"accountLevelPublicAccessBlockConfiguration": {
"blockPublicPolicy": false,
"restrictPublicBuckets": false,
"blockPublicAcls": false,
"ignorePublicAcls": false
},
"ownershipControls": {
"rules": [
{
"ownership": "BucketOwnerPreferred"
}
]
},
"acl": {
"grants": [
{
"grantee": {
"identifier": "bc11cfbbfa840bcc92a34989f5cd0f8c6e65e7e6a9a17acef9d15ee1714a0876",
"displayName": "test+test",
"typeIdentifier": "id"
},
"permission": "FullControl"
}
],
"owner": {
"displayName": "test+test",
"id": "bc11cfbbfa840bcc92a34989f5cd0f8c6e65e7e6a9a17acef9d15ee1714a0876"
},
"grantsAsList": [
{
"grantee": {
"identifier": "bc11cfbbfa840bcc92a34989f5cd0f8c6e65e7e6a9a17acef9d15ee1714a0876",
"displayName": "test+test",
"typeIdentifier": "id"
},
"permission": "FullControl"
}
],
"requesterCharged": false
},
"creationDate": "2022-11-16T14:14:41.000Z",
"loggingConfiguration": {
"targetGrants": [
{
"grantee": {
"identifier": "bc11cfbbfa840bcc92a34989f5cd0f8c6e65e7e6a9a17acef9d15ee1714a0876",
"displayName": "test+test",
"typeIdentifier": "id"
},
"permission": "FullControl"
}
]
},
"policyStatus": {
"isPublic": true
},
"sseAlgorithm": "None",
"policyAvailable": true,
"accountId": "714946255915",
"versioningConfiguration": {
"status": "Off"
},
"kmsMasterKeyID": "None",
"policy": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::dangerousbucketdontuse/*",
"Effect": "Allow",
"Principal": "*",
"Sid": "PublicRead"
}
]
},
"tagSets": {
"owner": "test@blinkops.com",
"blink-approval": "f4ae78a5-e358-4dbb-a811-fd212717ab1c"
},
"publicAccessBlockConfiguration": {
"blockPublicPolicy": false,
"restrictPublicBuckets": true,
"blockPublicAcls": false,
"ignorePublicAcls": true
}
},
"additionalInfo": {},
"cloudType": "aws",
"resourceTs": 1668983839066,
"unifiedAssetId": "b54c91355e7235800b5d1598d658e8a9",
"resourceConfigJsonAvailable": true,
"resourceDetailsAvailable": true
},
"alertAdditionalInfo": {
"scannerVersion": "CS_2.0"
}
}
]
}
Workflow Library Example
List Alerts with Prisma Cloud Cspm and Send Results Via Email
Preview this Workflow on desktop