Retrieve alert metadata by ID.

External Documentation

To learn more, visit the Proofpoint Threat Response Auto Pull documentation.

Parameters

ParameterDescription
Alert IDThe ID value of alert to retrieve.

Example Output

{
	"id": 3,
	"severity": "Info",
	"source": "Abuse Mailbox Monitor",
	"state": "Linked",
	"attackDirection": "inbound",
	"received": "2019-02-25T17:22:48Z",
	"emails": [
		{
			"sender": {
				"email": "analyzer@analyzer.featbot.io"
			},
			"recipient": {
				"email": "x-abuse@acme.com"
			},
			"subject": "FW: Report me!",
			"messageId": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
			"body": "<html dir=\"ltr\">DELETED</html>",
			"bodyType": "html",
			"headers": {
				"Thread-Index": "AdTNIeEpSJX5TD0eRy+DKCAGay+zzgAABtQOAAAiV44AAwUbrg==",
				"Received": "from ORION-EXCH.orion.local ([::1]) by orion-exch.orion.local ([::1]) with mapi id 14.03.0123.003; Mon, 25 Feb 2019 09:21:59 -0800",
				"X-MS-TNEF-Correlator": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
				"Thread-Topic": "Report me!",
				"Message-ID": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
				"Content-Transfer-Encoding": "binary",
				"X-MS-Exchange-Organization-AuthAs": "Internal",
				"In-Reply-To": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
				"X-MS-Exchange-Organization-AuthSource": "orion-exch.orion.local",
				"Subject": "FW: Report me!",
				"MIME-Version": "1.0",
				"Date": "Mon, 25 Feb 2019 09:21:58 -0800",
				"X-MS-Exchange-Organization-AuthMechanism": "04",
				"X-MS-Exchange-Organization-SCL": "-1",
				"References": "<F4F06DB4324F7649A88EA3C014334523166CE43E@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E56@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
				"X-Originating-IP": "[10.23.160.157]",
				"Accept-Language": "en-US",
				"X-MS-Has-Attach": "yes",
				"Content-Language": "en-US",
				"Content-Type": "application/ms-tnef",
				"X-PhishAlarm-Clear-Id": "876724f6-2b0c-4c4b-8d85-3813298527a1",
				"X-PhishAlarm-Clear-Timeout": 45,
				"X-PhishAlarm-Format": "PhishAlarm for Gmail; MethodOfDetermination=\"Guessing\"",
				"X-PhishAlarm-Overcast-Trace-Token": "ZG-AEQ=ZHMACg=R9pKjo-6JX_EdjS2h7Mo",
				"X-PhishAlarm-Reporter": "test-user-1@clear-gmail-testing.page",
				"X-PhishAlarm-SES-key": "725d98a1-2d08-4350-97af-d22a6e57d152"
			},
			"urls": [
				"http://www.google.com"
			],
			"attachments": [
				{
					"timestamp": "2019-01-28T09:43:87Z",
					"safename": "62aeae6f18dbe28939babe759c095c7b.pdf",
					"realnamePII": {
						"secret": "Hanhart Pioneer Valjoux 23 Flyback.pdf"
					},
					"size": 404674,
					"contentType": "application/pdf",
					"md5": "e64e6f2d9a148e948aafe4081e4f4f03",
					"sha256": "dda637869121ac6bede4e8127c8333375901940d6a5e87da4eb3ab250a1ad518"
				}
			],
			"abuseCopy": true
		},
		{
			"sender": {
				"email": "badguy@whatever.com"
			},
			"recipient": {
				"email": "employee@acme.com"
			},
			"subject": "FW: Report me!",
			"messageId": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
			"body": "<html dir=\"ltr\">removed</html>",
			"bodyType": "html",
			"headers": {
				"Thread-Index": "AdTNIeEpSJX5TD0eRy+DKCAGay+zzgAABtQOAAAiV44AAwUbrg==",
				"Received": "from ORION-EXCH.orion.local ([::1]) by orion-exch.orion.local ([::1]) with mapi id 14.03.0123.003; Mon, 25 Feb 2019 09:21:59 -0800",
				"X-MS-TNEF-Correlator": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
				"Thread-Topic": "Report me!",
				"Message-ID": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
				"Content-Transfer-Encoding": "binary",
				"X-MS-Exchange-Organization-AuthAs": "Internal",
				"In-Reply-To": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
				"X-MS-Exchange-Organization-AuthSource": "orion-exch.orion.local",
				"Subject": "FW: Report me!",
				"MIME-Version": "1.0",
				"Date": "Mon, 25 Feb 2019 09:21:58 -0800",
				"X-MS-Exchange-Organization-AuthMechanism": "04",
				"X-MS-Exchange-Organization-SCL": "-1",
				"References": "<F4F06DB4324F7649A88EA3C014334523166CE43E@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E56@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
				"X-Originating-IP": "[10.23.160.157]",
				"Accept-Language": "en-US",
				"X-MS-Has-Attach": "yes",
				"Content-Language": "en-US",
				"Content-Type": "application/ms-tnef"
			},
			"urls": [
				"http://www.google.com"
			],
			"attachments": [
				{
					"timestamp": "2019-01-28T09:43:87Z",
					"safename": "62aeae6f18dbe28939babe759c095c7b.pdf",
					"realnamePII": {
						"secret": "Hanhart Pioneer Valjoux 23 Flyback.pdf"
					},
					"size": 404674,
					"contentType": "application/pdf",
					"md5": "e64e6f2d9a148e948aafe4081e4f4f03",
					"sha256": "dda637869121ac6bede4e8127c8333375901940d6a5e87da4eb3ab250a1ad518"
				}
			],
			"mimeContent": "removed",
			"abuseCopy": false
		}
	]
}

Workflow Library Example

Get Alert Details with Proofpoint Threat Response Auto Pull and Send Results Via Email

Preview this Workflow on desktop

Retrieve alert metadata by ID.

External Documentation

To learn more, visit the Proofpoint Threat Response Auto Pull documentation.

Parameters

ParameterDescription
Alert IDThe ID value of alert to retrieve.

Example Output

{
	"id": 3,
	"severity": "Info",
	"source": "Abuse Mailbox Monitor",
	"state": "Linked",
	"attackDirection": "inbound",
	"received": "2019-02-25T17:22:48Z",
	"emails": [
		{
			"sender": {
				"email": "analyzer@analyzer.featbot.io"
			},
			"recipient": {
				"email": "x-abuse@acme.com"
			},
			"subject": "FW: Report me!",
			"messageId": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
			"body": "<html dir=\"ltr\">DELETED</html>",
			"bodyType": "html",
			"headers": {
				"Thread-Index": "AdTNIeEpSJX5TD0eRy+DKCAGay+zzgAABtQOAAAiV44AAwUbrg==",
				"Received": "from ORION-EXCH.orion.local ([::1]) by orion-exch.orion.local ([::1]) with mapi id 14.03.0123.003; Mon, 25 Feb 2019 09:21:59 -0800",
				"X-MS-TNEF-Correlator": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
				"Thread-Topic": "Report me!",
				"Message-ID": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
				"Content-Transfer-Encoding": "binary",
				"X-MS-Exchange-Organization-AuthAs": "Internal",
				"In-Reply-To": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
				"X-MS-Exchange-Organization-AuthSource": "orion-exch.orion.local",
				"Subject": "FW: Report me!",
				"MIME-Version": "1.0",
				"Date": "Mon, 25 Feb 2019 09:21:58 -0800",
				"X-MS-Exchange-Organization-AuthMechanism": "04",
				"X-MS-Exchange-Organization-SCL": "-1",
				"References": "<F4F06DB4324F7649A88EA3C014334523166CE43E@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E56@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
				"X-Originating-IP": "[10.23.160.157]",
				"Accept-Language": "en-US",
				"X-MS-Has-Attach": "yes",
				"Content-Language": "en-US",
				"Content-Type": "application/ms-tnef",
				"X-PhishAlarm-Clear-Id": "876724f6-2b0c-4c4b-8d85-3813298527a1",
				"X-PhishAlarm-Clear-Timeout": 45,
				"X-PhishAlarm-Format": "PhishAlarm for Gmail; MethodOfDetermination=\"Guessing\"",
				"X-PhishAlarm-Overcast-Trace-Token": "ZG-AEQ=ZHMACg=R9pKjo-6JX_EdjS2h7Mo",
				"X-PhishAlarm-Reporter": "test-user-1@clear-gmail-testing.page",
				"X-PhishAlarm-SES-key": "725d98a1-2d08-4350-97af-d22a6e57d152"
			},
			"urls": [
				"http://www.google.com"
			],
			"attachments": [
				{
					"timestamp": "2019-01-28T09:43:87Z",
					"safename": "62aeae6f18dbe28939babe759c095c7b.pdf",
					"realnamePII": {
						"secret": "Hanhart Pioneer Valjoux 23 Flyback.pdf"
					},
					"size": 404674,
					"contentType": "application/pdf",
					"md5": "e64e6f2d9a148e948aafe4081e4f4f03",
					"sha256": "dda637869121ac6bede4e8127c8333375901940d6a5e87da4eb3ab250a1ad518"
				}
			],
			"abuseCopy": true
		},
		{
			"sender": {
				"email": "badguy@whatever.com"
			},
			"recipient": {
				"email": "employee@acme.com"
			},
			"subject": "FW: Report me!",
			"messageId": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
			"body": "<html dir=\"ltr\">removed</html>",
			"bodyType": "html",
			"headers": {
				"Thread-Index": "AdTNIeEpSJX5TD0eRy+DKCAGay+zzgAABtQOAAAiV44AAwUbrg==",
				"Received": "from ORION-EXCH.orion.local ([::1]) by orion-exch.orion.local ([::1]) with mapi id 14.03.0123.003; Mon, 25 Feb 2019 09:21:59 -0800",
				"X-MS-TNEF-Correlator": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
				"Thread-Topic": "Report me!",
				"Message-ID": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
				"Content-Transfer-Encoding": "binary",
				"X-MS-Exchange-Organization-AuthAs": "Internal",
				"In-Reply-To": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
				"X-MS-Exchange-Organization-AuthSource": "orion-exch.orion.local",
				"Subject": "FW: Report me!",
				"MIME-Version": "1.0",
				"Date": "Mon, 25 Feb 2019 09:21:58 -0800",
				"X-MS-Exchange-Organization-AuthMechanism": "04",
				"X-MS-Exchange-Organization-SCL": "-1",
				"References": "<F4F06DB4324F7649A88EA3C014334523166CE43E@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E56@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
				"X-Originating-IP": "[10.23.160.157]",
				"Accept-Language": "en-US",
				"X-MS-Has-Attach": "yes",
				"Content-Language": "en-US",
				"Content-Type": "application/ms-tnef"
			},
			"urls": [
				"http://www.google.com"
			],
			"attachments": [
				{
					"timestamp": "2019-01-28T09:43:87Z",
					"safename": "62aeae6f18dbe28939babe759c095c7b.pdf",
					"realnamePII": {
						"secret": "Hanhart Pioneer Valjoux 23 Flyback.pdf"
					},
					"size": 404674,
					"contentType": "application/pdf",
					"md5": "e64e6f2d9a148e948aafe4081e4f4f03",
					"sha256": "dda637869121ac6bede4e8127c8333375901940d6a5e87da4eb3ab250a1ad518"
				}
			],
			"mimeContent": "removed",
			"abuseCopy": false
		}
	]
}

Workflow Library Example

Get Alert Details with Proofpoint Threat Response Auto Pull and Send Results Via Email

Preview this Workflow on desktop