Skip to main content
Get alert details by its RRN.
External DocumentationTo learn more, visit the Rapid7 InsightIDR documentation.

Parameters

ParameterDescription
Alert RRNThe unique identifier of the alert to get details on, can be obtained using List Alerts action.

Example Output

{
	"rrn": "string",
	"version": 0,
	"created_at": "2019-08-24T14:15:22Z",
	"updated_at": "2019-08-24T14:15:22Z",
	"alerted_at": "2019-08-24T14:15:22Z",
	"ingested_at": "2019-08-24T14:15:22Z",
	"external_source": "string",
	"external_id": "string",
	"organization": {
		"id": "string",
		"name": "string",
		"region": "string",
		"product_token": "string",
		"customer_id": "string",
		"customer_name": "string",
		"customer_code": "string",
		"customer_group": "string",
		"flags": [
			"string"
		]
	},
	"title": "string",
	"type": "string",
	"rule": {
		"rrn": "string",
		"name": "string",
		"mitre_tcodes": [
			"string"
		],
		"version_rrn": "string"
	},
	"rule_matching_keys": [
		{
			"key": "string",
			"values": [
				"string"
			]
		}
	],
	"rule_keys_of_interest": [
		{
			"key": "string",
			"values": [
				"string"
			]
		}
	],
	"responsibility": "UNMAPPED",
	"monitored": true,
	"assignee": {
		"at": "2019-08-24T14:15:22Z",
		"id": "string",
		"email": "string",
		"first_name": "string",
		"last_name": "string"
	},
	"priority": "UNMAPPED",
	"status": "UNMAPPED",
	"status_transitions": {
		"seconds_to_first_investigating": 0,
		"seconds_to_first_closed": 0,
		"first_closed_at": "2019-08-24T14:15:22Z"
	},
	"disposition": "UNMAPPED",
	"investigation_rrn": "string",
	"tags": [
		"string"
	],
	"permissions": {
		"canEdit": true
	},
	"fields": [
		{
			"id": "string",
			"values": [
				"string"
			]
		}
	],
	"analytics": {
		"analytics_is_novel": true,
		"analytics_novel_score": 0.1,
		"analytics_cluster_malicious": 0.1,
		"analytics_cluster_testing": 0.1,
		"analytics_pac": "string"
	},
	"due_date": "2019-08-24T14:15:22Z",
	"first_closed_at": "2019-08-24T14:15:22Z",
	"log_details": [
		{
			"log_id": "string",
			"logset_id": "string",
			"log_timestamp": 0,
			"log_entry_id": "string"
		}
	],
	"ai_suggested_disposition": "UNMAPPED",
	"prediction_metadata": {
		"property1": {},
		"property2": {}
	},
	"prediction_data": {
		"property1": {},
		"property2": {}
	}
}

Workflow Library Example

Get Alert Details with Rapid7 Insightidr and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop