Get Alert Details
Retrieve alert metadata by ID.
External Documentation
To learn more, visit the Proofpoint Threat Response Auto Pull documentation.
Parameters
| Parameter | Description |
|---|---|
| Alert ID | The ID value of alert to retrieve. |
Example Output
Copy
Ask AI
{
"id": 3,
"severity": "Info",
"source": "Abuse Mailbox Monitor",
"state": "Linked",
"attackDirection": "inbound",
"received": "2019-02-25T17:22:48Z",
"emails": [
{
"sender": {
"email": "analyzer@analyzer.featbot.io"
},
"recipient": {
"email": "x-abuse@acme.com"
},
"subject": "FW: Report me!",
"messageId": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"body": "<html dir=\"ltr\">DELETED</html>",
"bodyType": "html",
"headers": {
"Thread-Index": "AdTNIeEpSJX5TD0eRy+DKCAGay+zzgAABtQOAAAiV44AAwUbrg==",
"Received": "from ORION-EXCH.orion.local ([::1]) by orion-exch.orion.local ([::1]) with mapi id 14.03.0123.003; Mon, 25 Feb 2019 09:21:59 -0800",
"X-MS-TNEF-Correlator": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Thread-Topic": "Report me!",
"Message-ID": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Content-Transfer-Encoding": "binary",
"X-MS-Exchange-Organization-AuthAs": "Internal",
"In-Reply-To": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-MS-Exchange-Organization-AuthSource": "orion-exch.orion.local",
"Subject": "FW: Report me!",
"MIME-Version": "1.0",
"Date": "Mon, 25 Feb 2019 09:21:58 -0800",
"X-MS-Exchange-Organization-AuthMechanism": "04",
"X-MS-Exchange-Organization-SCL": "-1",
"References": "<F4F06DB4324F7649A88EA3C014334523166CE43E@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E56@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-Originating-IP": "[10.23.160.157]",
"Accept-Language": "en-US",
"X-MS-Has-Attach": "yes",
"Content-Language": "en-US",
"Content-Type": "application/ms-tnef",
"X-PhishAlarm-Clear-Id": "876724f6-2b0c-4c4b-8d85-3813298527a1",
"X-PhishAlarm-Clear-Timeout": 45,
"X-PhishAlarm-Format": "PhishAlarm for Gmail; MethodOfDetermination=\"Guessing\"",
"X-PhishAlarm-Overcast-Trace-Token": "ZG-AEQ=ZHMACg=R9pKjo-6JX_EdjS2h7Mo",
"X-PhishAlarm-Reporter": "test-user-1@clear-gmail-testing.page",
"X-PhishAlarm-SES-key": "725d98a1-2d08-4350-97af-d22a6e57d152"
},
"urls": [
"http://www.google.com"
],
"attachments": [
{
"timestamp": "2019-01-28T09:43:87Z",
"safename": "62aeae6f18dbe28939babe759c095c7b.pdf",
"realnamePII": {
"secret": "Hanhart Pioneer Valjoux 23 Flyback.pdf"
},
"size": 404674,
"contentType": "application/pdf",
"md5": "e64e6f2d9a148e948aafe4081e4f4f03",
"sha256": "dda637869121ac6bede4e8127c8333375901940d6a5e87da4eb3ab250a1ad518"
}
],
"abuseCopy": true
},
{
"sender": {
"email": "badguy@whatever.com"
},
"recipient": {
"email": "employee@acme.com"
},
"subject": "FW: Report me!",
"messageId": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"body": "<html dir=\"ltr\">removed</html>",
"bodyType": "html",
"headers": {
"Thread-Index": "AdTNIeEpSJX5TD0eRy+DKCAGay+zzgAABtQOAAAiV44AAwUbrg==",
"Received": "from ORION-EXCH.orion.local ([::1]) by orion-exch.orion.local ([::1]) with mapi id 14.03.0123.003; Mon, 25 Feb 2019 09:21:59 -0800",
"X-MS-TNEF-Correlator": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Thread-Topic": "Report me!",
"Message-ID": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Content-Transfer-Encoding": "binary",
"X-MS-Exchange-Organization-AuthAs": "Internal",
"In-Reply-To": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-MS-Exchange-Organization-AuthSource": "orion-exch.orion.local",
"Subject": "FW: Report me!",
"MIME-Version": "1.0",
"Date": "Mon, 25 Feb 2019 09:21:58 -0800",
"X-MS-Exchange-Organization-AuthMechanism": "04",
"X-MS-Exchange-Organization-SCL": "-1",
"References": "<F4F06DB4324F7649A88EA3C014334523166CE43E@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E56@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-Originating-IP": "[10.23.160.157]",
"Accept-Language": "en-US",
"X-MS-Has-Attach": "yes",
"Content-Language": "en-US",
"Content-Type": "application/ms-tnef"
},
"urls": [
"http://www.google.com"
],
"attachments": [
{
"timestamp": "2019-01-28T09:43:87Z",
"safename": "62aeae6f18dbe28939babe759c095c7b.pdf",
"realnamePII": {
"secret": "Hanhart Pioneer Valjoux 23 Flyback.pdf"
},
"size": 404674,
"contentType": "application/pdf",
"md5": "e64e6f2d9a148e948aafe4081e4f4f03",
"sha256": "dda637869121ac6bede4e8127c8333375901940d6a5e87da4eb3ab250a1ad518"
}
],
"mimeContent": "removed",
"abuseCopy": false
}
]
}
Workflow Library Example
Get Alert Details with Proofpoint Threat Response Auto Pull and Send Results Via Email
Preview this Workflow on desktop
Assistant
Responses are generated using AI and may contain mistakes.
Was this page helpful?
On this page
Case Management
Automated Case Management
Case Management Dashboard
Case Management Interface
- Managing Cases
- Cases
- Observables
- Alerts
- Attachments
- Tasks
Triggers & Actions
- Actions
- Triggers
Case Management Settings
Get Alert Details
Retrieve alert metadata by ID.
External Documentation
To learn more, visit the Proofpoint Threat Response Auto Pull documentation.
Parameters
| Parameter | Description |
|---|---|
| Alert ID | The ID value of alert to retrieve. |
Example Output
Copy
Ask AI
{
"id": 3,
"severity": "Info",
"source": "Abuse Mailbox Monitor",
"state": "Linked",
"attackDirection": "inbound",
"received": "2019-02-25T17:22:48Z",
"emails": [
{
"sender": {
"email": "analyzer@analyzer.featbot.io"
},
"recipient": {
"email": "x-abuse@acme.com"
},
"subject": "FW: Report me!",
"messageId": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"body": "<html dir=\"ltr\">DELETED</html>",
"bodyType": "html",
"headers": {
"Thread-Index": "AdTNIeEpSJX5TD0eRy+DKCAGay+zzgAABtQOAAAiV44AAwUbrg==",
"Received": "from ORION-EXCH.orion.local ([::1]) by orion-exch.orion.local ([::1]) with mapi id 14.03.0123.003; Mon, 25 Feb 2019 09:21:59 -0800",
"X-MS-TNEF-Correlator": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Thread-Topic": "Report me!",
"Message-ID": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Content-Transfer-Encoding": "binary",
"X-MS-Exchange-Organization-AuthAs": "Internal",
"In-Reply-To": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-MS-Exchange-Organization-AuthSource": "orion-exch.orion.local",
"Subject": "FW: Report me!",
"MIME-Version": "1.0",
"Date": "Mon, 25 Feb 2019 09:21:58 -0800",
"X-MS-Exchange-Organization-AuthMechanism": "04",
"X-MS-Exchange-Organization-SCL": "-1",
"References": "<F4F06DB4324F7649A88EA3C014334523166CE43E@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E56@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-Originating-IP": "[10.23.160.157]",
"Accept-Language": "en-US",
"X-MS-Has-Attach": "yes",
"Content-Language": "en-US",
"Content-Type": "application/ms-tnef",
"X-PhishAlarm-Clear-Id": "876724f6-2b0c-4c4b-8d85-3813298527a1",
"X-PhishAlarm-Clear-Timeout": 45,
"X-PhishAlarm-Format": "PhishAlarm for Gmail; MethodOfDetermination=\"Guessing\"",
"X-PhishAlarm-Overcast-Trace-Token": "ZG-AEQ=ZHMACg=R9pKjo-6JX_EdjS2h7Mo",
"X-PhishAlarm-Reporter": "test-user-1@clear-gmail-testing.page",
"X-PhishAlarm-SES-key": "725d98a1-2d08-4350-97af-d22a6e57d152"
},
"urls": [
"http://www.google.com"
],
"attachments": [
{
"timestamp": "2019-01-28T09:43:87Z",
"safename": "62aeae6f18dbe28939babe759c095c7b.pdf",
"realnamePII": {
"secret": "Hanhart Pioneer Valjoux 23 Flyback.pdf"
},
"size": 404674,
"contentType": "application/pdf",
"md5": "e64e6f2d9a148e948aafe4081e4f4f03",
"sha256": "dda637869121ac6bede4e8127c8333375901940d6a5e87da4eb3ab250a1ad518"
}
],
"abuseCopy": true
},
{
"sender": {
"email": "badguy@whatever.com"
},
"recipient": {
"email": "employee@acme.com"
},
"subject": "FW: Report me!",
"messageId": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"body": "<html dir=\"ltr\">removed</html>",
"bodyType": "html",
"headers": {
"Thread-Index": "AdTNIeEpSJX5TD0eRy+DKCAGay+zzgAABtQOAAAiV44AAwUbrg==",
"Received": "from ORION-EXCH.orion.local ([::1]) by orion-exch.orion.local ([::1]) with mapi id 14.03.0123.003; Mon, 25 Feb 2019 09:21:59 -0800",
"X-MS-TNEF-Correlator": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Thread-Topic": "Report me!",
"Message-ID": "<BE095FD07C20C5419BF398E428D3AAD416664E78@orion-exch.orion.local>",
"Content-Transfer-Encoding": "binary",
"X-MS-Exchange-Organization-AuthAs": "Internal",
"In-Reply-To": "<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-MS-Exchange-Organization-AuthSource": "orion-exch.orion.local",
"Subject": "FW: Report me!",
"MIME-Version": "1.0",
"Date": "Mon, 25 Feb 2019 09:21:58 -0800",
"X-MS-Exchange-Organization-AuthMechanism": "04",
"X-MS-Exchange-Organization-SCL": "-1",
"References": "<F4F06DB4324F7649A88EA3C014334523166CE43E@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E56@orion-exch.orion.local>,<BE095FD07C20C5419BF398E428D3AAD416664E63@orion-exch.orion.local>",
"X-Originating-IP": "[10.23.160.157]",
"Accept-Language": "en-US",
"X-MS-Has-Attach": "yes",
"Content-Language": "en-US",
"Content-Type": "application/ms-tnef"
},
"urls": [
"http://www.google.com"
],
"attachments": [
{
"timestamp": "2019-01-28T09:43:87Z",
"safename": "62aeae6f18dbe28939babe759c095c7b.pdf",
"realnamePII": {
"secret": "Hanhart Pioneer Valjoux 23 Flyback.pdf"
},
"size": 404674,
"contentType": "application/pdf",
"md5": "e64e6f2d9a148e948aafe4081e4f4f03",
"sha256": "dda637869121ac6bede4e8127c8333375901940d6a5e87da4eb3ab250a1ad518"
}
],
"mimeContent": "removed",
"abuseCopy": false
}
]
}
Workflow Library Example
Get Alert Details with Proofpoint Threat Response Auto Pull and Send Results Via Email
Preview this Workflow on desktop
Assistant
Responses are generated using AI and may contain mistakes.
Was this page helpful?
On this page