Skip to main content

List Alerts

Returns a list of alerts that match the constraints specified in the action's parameters.

Parameters

ParameterDescription
Alert IDSpecify this field to filter alerts only to those with a specific ID.
Alert Rule NameSpecify this field to filter alerts only to those with a specific alert rule name.
Alert StatusSpecify this field to filter alerts only to those with a specific status.
Cloud AccountSpecify this field to filter alerts only to those from a specific cloud account.
Cloud Account IDSpecify this field to filter alerts only to those with a specific cloud account ID.
Cloud RegionSpecify this field to filter alerts only to those from a specific region.
Cloud ServiceSpecify this field to filter alerts only to those of a specific service.
DetailedWhether the returned results should include additional description fields.
End TimeEnd of time to retrieve alerts from.
FieldsComma-separated list of specific fields to retrieve.
Allowed values: alert.id, alert.status, alert.time, cloud.accountId, cloud.account, cloud.region, resource.id, resource.name, policy.name, policy.type, policy.severity.
GroupSpecify this field to filter alerts only to those from a specific group.
Page TokenToken that identifies the required page of data. When there are multiple pages of data in the response, set pageToken to the nextPageToken value from the previous API response to retrieve the next page of data.
Policy Compliance Requirement NameSpecify this field to filter alerts only to those with a specific policy compliance requirement name.
Policy Compliance Section IDSpecify this field to filter alerts only to those with a specific policy compliance section ID.
Policy Compliance Standard NameSpecify this field to filter alerts only to those with a specific policy compliance standard name.
Policy IDSpecify this field to filter alerts only to those with a specific policy ID.
Policy Is RemediableSpecify this field to filter alerts only to those of remediable/ non-remediable policy.
Policy LabelSpecify this field to filter alerts only to those with a specific policy label.
Policy NameSpecify this field to filter alerts only to those with a specific policy name.
Policy SeveritySpecify this field to filter alerts only to those with a specific policy severity.
Policy TypeSpecify this field to filter alerts only to those with a specific policy type.
Resource IDSpecify this field to filter alerts only to those with a specific resource ID.
Resource NameSpecify this field to filter alerts only to those with a specific resource name.
Resource TypeSpecify this field to filter alerts only to those with a specific resource type.
Sort ByResponse object property by which to sort response list. The valid values are in the response object attribute sortAllowedColumns. The format is property:asc for ascending and property:desc for descending sort.
e.g. id:desc / firstseen:asc / lastseen:desc.
Start TimeStart of time to retrieve alerts from.
TypeSpecify this field to filter alerts only to those of a specific type.

Example Output

{
"totalRows": 2,
"items": [
{
"id": "P-607",
"status": "open",
"reason": "NEW_ALERT",
"firstSeen": 1668608280317,
"lastSeen": 1668608280317,
"alertTime": 1668608280317,
"lastUpdated": 1668983950895,
"policyId": "7913fcbf-b679-5aac-d979-1b6817becb22",
"saveSearchId": "d0658e3d-4d59-4333-b80c-b90e2e28dbaa",
"metadata": {
"saveSearchId": "d0658e3d-4d59-4333-b80c-b90e2e28dbaa"
},
"policy": {
"policyId": "7913fcbf-b679-5aac-d979-1b6817becb22",
"policyType": "config",
"systemDefault": true,
"remediable": false
},
"alertRules": [],
"history": [],
"resource": {
"rrn": "rrn::storageBucket:us-east-1:714946255915:8c8edb1e3cf7434142308714626f88d5a77433f1:dangerousbucketdontuse",
"id": "dangerousbucketdontuse",
"name": "dangerousbucketdontuse",
"account": "AWS Account",
"accountId": "714946255915",
"cloudAccountGroups": [
"Default Account Group"
],
"region": "AWS Virginia",
"regionId": "us-east-1",
"resourceType": "STORAGE_BUCKET",
"resourceApiName": "aws-s3api-get-bucket-acl",
"cloudServiceName": "Amazon S3",
"url": "https://console.aws.amazon.com/s3/buckets/dangerousbucketdontuse/?region=us-east-1#",
"data": {
"owner": {
"displayName": "test+test",
"id": "bc11cfbbfa840bcc92a34989f5cd0f8c6e65e7e6a9a17acef9d15ee1714a0876"
},
"bucketName": "dangerousbucketdontuse",
"denyUnencryptedUploadsPolicies": [],
"accountLevelPublicAccessBlockConfiguration": {
"blockPublicPolicy": false,
"restrictPublicBuckets": false,
"blockPublicAcls": false,
"ignorePublicAcls": false
},
"ownershipControls": {
"rules": [
{
"ownership": "BucketOwnerPreferred"
}
]
},
"acl": {
"grants": [
{
"grantee": {
"identifier": "bc11cfbbfa840bcc92a34989f5cd0f8c6e65e7e6a9a17acef9d15ee1714a0876",
"displayName": "test+test",
"typeIdentifier": "id"
},
"permission": "FullControl"
}
],
"owner": {
"displayName": "test+test",
"id": "bc11cfbbfa840bcc92a34989f5cd0f8c6e65e7e6a9a17acef9d15ee1714a0876"
},
"grantsAsList": [
{
"grantee": {
"identifier": "bc11cfbbfa840bcc92a34989f5cd0f8c6e65e7e6a9a17acef9d15ee1714a0876",
"displayName": "test+test",
"typeIdentifier": "id"
},
"permission": "FullControl"
}
],
"requesterCharged": false
},
"creationDate": "2022-11-16T14:14:41.000Z",
"loggingConfiguration": {
"targetGrants": [
{
"grantee": {
"identifier": "bc11cfbbfa840bcc92a34989f5cd0f8c6e65e7e6a9a17acef9d15ee1714a0876",
"displayName": "test+test",
"typeIdentifier": "id"
},
"permission": "FullControl"
}
]
},
"policyStatus": {
"isPublic": true
},
"sseAlgorithm": "None",
"policyAvailable": true,
"accountId": "714946255915",
"versioningConfiguration": {
"status": "Off"
},
"kmsMasterKeyID": "None",
"policy": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::dangerousbucketdontuse/*",
"Effect": "Allow",
"Principal": "*",
"Sid": "PublicRead"
}
]
},
"tagSets": {
"owner": "test@blinkops.com",
"blink-approval": "f4ae78a5-e358-4dbb-a811-fd212717ab1c"
},
"publicAccessBlockConfiguration": {
"blockPublicPolicy": false,
"restrictPublicBuckets": true,
"blockPublicAcls": false,
"ignorePublicAcls": true
}
},
"additionalInfo": {},
"cloudType": "aws",
"resourceTs": 1668983839066,
"unifiedAssetId": "b54c91355e7235800b5d1598d658e8a9",
"resourceConfigJsonAvailable": true,
"resourceDetailsAvailable": true
},
"alertAdditionalInfo": {
"scannerVersion": "CS_2.0"
}
}
]
}

Workflow Library Example

List Alerts with Prisma Cloud Cspm and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop