Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Get alert details by its RRN.
External DocumentationTo learn more, visit the Rapid7 InsightIDR documentation.

Parameters

ParameterDescription
Alert RRNThe unique identifier of the alert to get details on, can be obtained using List Alerts action.

Example Output

{
	"rrn": "string",
	"version": 0,
	"created_at": "2019-08-24T14:15:22Z",
	"updated_at": "2019-08-24T14:15:22Z",
	"alerted_at": "2019-08-24T14:15:22Z",
	"ingested_at": "2019-08-24T14:15:22Z",
	"external_source": "string",
	"external_id": "string",
	"organization": {
		"id": "string",
		"name": "string",
		"region": "string",
		"product_token": "string",
		"customer_id": "string",
		"customer_name": "string",
		"customer_code": "string",
		"customer_group": "string",
		"flags": [
			"string"
		]
	},
	"title": "string",
	"type": "string",
	"rule": {
		"rrn": "string",
		"name": "string",
		"mitre_tcodes": [
			"string"
		],
		"version_rrn": "string"
	},
	"rule_matching_keys": [
		{
			"key": "string",
			"values": [
				"string"
			]
		}
	],
	"rule_keys_of_interest": [
		{
			"key": "string",
			"values": [
				"string"
			]
		}
	],
	"responsibility": "UNMAPPED",
	"monitored": true,
	"assignee": {
		"at": "2019-08-24T14:15:22Z",
		"id": "string",
		"email": "string",
		"first_name": "string",
		"last_name": "string"
	},
	"priority": "UNMAPPED",
	"status": "UNMAPPED",
	"status_transitions": {
		"seconds_to_first_investigating": 0,
		"seconds_to_first_closed": 0,
		"first_closed_at": "2019-08-24T14:15:22Z"
	},
	"disposition": "UNMAPPED",
	"investigation_rrn": "string",
	"tags": [
		"string"
	],
	"permissions": {
		"canEdit": true
	},
	"fields": [
		{
			"id": "string",
			"values": [
				"string"
			]
		}
	],
	"analytics": {
		"analytics_is_novel": true,
		"analytics_novel_score": 0.1,
		"analytics_cluster_malicious": 0.1,
		"analytics_cluster_testing": 0.1,
		"analytics_pac": "string"
	},
	"due_date": "2019-08-24T14:15:22Z",
	"first_closed_at": "2019-08-24T14:15:22Z",
	"log_details": [
		{
			"log_id": "string",
			"logset_id": "string",
			"log_timestamp": 0,
			"log_entry_id": "string"
		}
	],
	"ai_suggested_disposition": "UNMAPPED",
	"prediction_metadata": {
		"property1": {},
		"property2": {}
	},
	"prediction_data": {
		"property1": {},
		"property2": {}
	}
}

Workflow Library Example

Get Alert Details with Rapid7 Insightidr and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop