List Alerts
Returns a list of alerts. For a detailed explanation of the best ways to filter alerts using the parameters, refer to Sekoia.io's Documentation. Note: The following permission is required:
SIC_READ_ALERTS(9ea2b8a3-593f-4bab-92f5-d0af9b563f6f).
External Documentation
To learn more, visit the Sekoia.io documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Alert Short ID | A comma separated list of alert shot IDs to filter by. Can be obtained by using the List Alerts action. |
| Alert Titles | A comma separated list of alert titles to filter by. |
| Alert UUIDs | A comma separated list of alert UUIDs to filter by. Can be obtained by using the List Alerts action. |
| Created At | Filter by the creation date of the alert. |
| Direction | The direction of the sort. |
| Node | A comma separated list of either alert sources or alert targets to filter by. |
| Return All Pages | Automatically fetch all resources, page by page. |
| Return Total | Select to return the total in the response. |
| Rule Name | A comma separated list of alert rule names to filter by. |
| STIX | If set to True, the STIX bundle object is also returned. |
| Sort | Sort alerts by a provided field. |
| Source | A comma separated list of alert sources to filter by. |
| Status Names | A comma separated list of alert status names to filter by. |
| Status UUIDs | A comma separated list of alert status UUIDs to filter by. |
| Target | A comma separated list of alert targets to filter by. |
| Updated At | Filter alerts by the update date of the alert. |
| Urgency | Filter by the urgency of the alert. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Alert Detection Type | A comma separated list of alert detection types to filter by. |
| Asset UUIDs | A comma separated list of asset UUIDs to filter by. |
| Case Short IDs | A comma separated list of case short IDs to filter by. |
| Cases | If set to True, some information about related cases is also returned. |
| Community UUIDs | A comma separated list of community UUIDs to filter by. |
| Entity Names | A comma separated list of alert entity names to filter by. |
| Entity UUIDs | A comma separated list of alert entity UUIDs to filter by. |
| Exclude Asset UUIDs | A comma separated list of alert asset UUIDs of to exclude. |
| Exclude Detection Types | A comma separated list of detection types to exclude. |
| Exclude Entity UUIDs | A comma separated list of alert entity UUIDs of alerts to exclude. |
| Exclude Rule Names | A comma separated list of alert rule names to exclude. |
| Exclude Rule UUIDs | A comma separated list of alert rule UUIDs of alerts to exclude. |
| Exclude Sources | A comma separated list of alert sources to exclude. |
| Exclude Specific Threats | A comma separated list of specific threats to exclude. |
| Exclude Status UUIDs | A comma separated list of alert status UUIDs to exclude. |
| Exclude Targets | A comma separated list of alert targets to exclude. |
| Exclude Type Values | A comma separated list of alert type values to exclude. |
| Exclude Urgency Displays | A comma separated list of alert urgency displays to exclude. |
| Is Assigned To Case | Filter alerts assigned to a case. |
| Limit | The number of items to retrieve. The allowed range is 1-100. The default is 20. |
| Number Of Similar Occurrences | Filter alerts by the number of similar occurrences. |
| Offset | The number of items to skip when paginating. Must be bigger or equal to 0. |
| Rule UUIDs | A comma separated list of alert rule UUIDs to filter by. |
| Similar To | Filter alerts similar to the provided alert short ID. |
| Stix Object | A comma separated list of STIX objects IDs to filter by. |
| Type Categories | A comma separated list of type categories to filter by. |
| Type values | A comma separated list of type values to filter by. |
| Urgency Display | A comma separated list of urgency displays to filter by. |
| Visible | Filter alerts according to their visibility. |
Example Output
{
"items": [
{
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
"title": "string",
"created_at": 0,
"created_by": "string",
"created_by_type": "string",
"updated_at": 0,
"updated_by": "string",
"updated_by_type": "string",
"community_uuid": "e391588b-4c35-45eb-a5af-211fba0cde08",
"short_id": "string",
"entity": {
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
"name": "string"
},
"urgency": {
"current_value": 0,
"value": 0,
"severity": 0,
"criticity": 0,
"display": "string"
},
"alert_type": {
"value": "string",
"category": "string"
},
"status": {
"uuid": "string",
"name": "string",
"description": "string"
},
"rule": {
"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
"name": "string",
"severity": 0,
"type": "string",
"pattern": "string"
},
"detection_type": "string",
"source": "string",
"target": "string",
"similar": 0,
"details": "string",
"ttps": [
{
"id": "string",
"type": "string",
"name": "string",
"description": "string"
}
],
"adversaries": [
{
"id": "string",
"type": "string",
"name": "string",
"description": "string"
}
],
"stix": {},
"kill_chain_short_id": "string",
"number_of_unseen_comments": 0,
"number_of_total_comments": 0,
"first_seen_at": "2019-08-24T14:15:22Z",
"last_seen_at": "2019-08-24T14:15:22Z",
"assets": [
"497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"time_to_ingest": 0,
"time_to_detect": 0,
"time_to_acknowledge": 0,
"time_to_respond": 0,
"time_to_resolve": 0,
"intake_uuids": [
"497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"cases": [
{
"short_id": "string",
"name": "string",
"is_supplied": true,
"manual": true,
"status": "string"
}
]
}
],
"total": 0,
"has_more": true
}
Workflow Library Example
List Alerts with Sekoiaio and Send Results Via Email
Preview this Workflow on desktop