Skip to main content
Gets a specific alert.

Parameters

ParameterDescription
Alert IDThe ID of the alert to be fetched. Alert IDs can be obtained by running the List Alerts action.

Example Output

{
	"body": {
		"Assets": [
			{
				"Type": "Domains",
				"Value": "example.com"
			}
		],
		"Assignees": [],
		"Closed": {
			"IsClosed": false
		},
		"Details": {
			"Description": "Dark Web - A total of 2 company website login credentials were \n                gathered from an infected machine by an information-stealing malware. \n                The collected data includes the machine’s IP address, leak date, \n                and the website where the credentials were used.\n                All of the collected data is displayed in the attached CSV file. | Recommendations:  Notify the targeted users that their credentials were compromised. Enforce a change of the leaked credentials that were used in the company website.",
			"Images": [
				"1234567890abcdef12345678"
			],
			"Severity": "High",
			"Source": {
				"Date": "2023-01-15T10:00:00.000Z",
				"LeakName": "Botnets-101",
				"NetworkType": "DarkWeb",
				"Type": "Leaked Database",
				"URL": null
			},
			"SubType": "CredentialsLeakage",
			"Tags": [],
			"Title": "Dark Web - A total of 2 company website login credentials, including clear text passwords, were gathered from an infected machine",
			"Type": "DataLeakage"
		},
		"FoundDate": "2023-08-01T09:30:00.000Z",
		"IsFlagged": true,
		"RelatedIocs": [],
		"RelatedThreatIDs": [
			"abcdef1234567890abcdef12"
		],
		"TakedownStatus": "Pending",
		"UpdateDate": "2023-08-01T09:30:00.000Z",
		"_id": "abcdef1234567890abcdef13"
	}
}

Workflow Library Example

Get Alert with Rapid7 Threat Command and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop