List Alerts - Blink Documentation

Integrations

Integrations
1Password
Abnormal
Absolute
AbuseIPDB
Adaptive Shield
Adobe Cloud
ADP
Agari Phishing Response
Airlock
Airlock Digital
Akamai Identity Cloud Social
Alert Logic
AlgoSec Firewall Analyzer
AlienVault OTX
AlienVault USM
Anodot
Ansible
Anvilogic
Any Run
Apex One
ArcSight ESM
Area 1
Asana
Asset Panda
Atlassian User Management
Atlassian User Provisioning
auth0
Authentik
Authomize
Automox
AWS
AWS IAM Identity Center
Axonius
Azure
Azure Data Explorer
Azure DevOps
Azure Log Analytics
Azure Storage
BambooHR
Big Fix
BigPanda
Bitbucket
Bitdefender
Bitsight
Bitwarden
Black Duck
Black Kite
Blink
BMC Remedy
Box
Brinqa
Cato Networks
Censys
Check Point Harmony
Check Point Infinity Events
Check Point XDR-XPR
Check Point Management
Checkmarx One
Checkmarx SAST
Chorus
Chronicle
Cisco Advanced Phishing Protection
Cisco Domain Protection
Cisco Meraki
Cisco Talos
Cisco Umbrella
Cisco Webex
Claroty xDome
ClearPass
ClickHouse
ClickUp
Cloud Custodian
Cloudflare
Cobalt
Compass
Confluence
Confluence Data Center
Coralogix
Coralogix Incident Management
Cortex XDR
Cortex Xpanse
CredStash
Cribl
CrowdStrike
CyberArk
Cybersixgill
CyCognito
Cyera
Cylance
Cyware CTIX
Darktrace
Dasera
Databricks
Datadog
DataSet
Delighted
Delinea
Devo
Discord
Docusign
Domo
Drata
Dropbox
Dropbox Business
Druva
Duo
Duo Auth
Dynatrace
EasyVista
EchoTrail
Egnyte
Egnyte Secure Govern
Elasticsearch
Entro
Ermetic
Exabeam
Exchange Online
Expel
F5 BIG IP
Falcon LogScale
Falcon Surface
Flare.io
Forcepoint DLP
Forescout
FortiGate
Freshservice
GCP
Ghostwriter
Git
GitHub
GitLab
Glean
Gmail
Google Calendar
Google Chat
Google Docs
Google Drive
Google Forms
Google Looker
Google Meet
Google Sheets
Google Workspace
Grafana
Grip Security
GYTPOL
Have I Been Pwned
HiBob
HubSpot
Hunters
Hybrid Analysis
Hyperproof
IBM Cloud
IBM NS1 Connect
IBM X Force
Imperva
incident.io
Infoblox Cloud Services Portal
Integrations
Intercom
Intezer
IP API
IPinfo
IPWHOIS
Ironscales
Ivanti RiskSense
Jamf
JetBrains
JFrog
Jira
Jira Data Center
Joe Sandbox
JumpCloud
Kandji
Keeper Secrets Manager
Kenna Security
KnowBe4
KnowBe4 Events
Kubernetes
Lacework
LaunchDarkly
Linear
Litmos
LogicMonitor
LogRhythm
Manage Engine ServiceDesk Plus
Mattermost
Maven
Microsoft Defender For Cloud
Microsoft Defender For Cloud Apps
Microsoft Defender For Endpoints
Microsoft Defender XDR
Microsoft E-Discovery
Microsoft Entra ID
Microsoft Graph
Microsoft Intune
Microsoft Office 365 Management Activity
Microsoft Outlook
Microsoft Purview
Microsoft Sentinel
Microsoft SQL Server
Microsoft Teams
Mimecast
MISP
Monday
MongoDB Atlas
MxToolbox
Neo4j
NetBox
Netography
Netskope
New Relic
Nightfall AI
NinjaOne
Notion
Nozomi Networks
Nuclei
Nucleus
Nutanix Hypervisor
Obsidian
Okta
OneDrive
OneLogin
OneTrust
OpenAI
OpenCTI
Opsgenie
OPSWAT
Oracle Cloud
Oracle HCM
Orca Security
OWASP ZAP
PagerDuty
Palo Alto Cloud NGFW
Palo Alto Firewall
Panther
Pentera
Perception Point
PhishLabs
PhishLabs Incident Data
PhishLabs Open Web Monitoring
Pingdom
PingID
PingOne
PlexTrac
PortSwigger
Postman
Postman SCIM
Power BI
PowerShell
Prisma Access
Prisma Cloud CSPM
Prisma Cloud CWP
Prometheus
Proofpoint
Proofpoint ITM
Proofpoint Protection Server
Proofpoint Security Awareness Training
Proofpoint TAP
Proofpoint Threat Response Auto Pull
Pub-Sub
QRadar
Qualys
Rapid7
Rapid7 InsightIDR
Rapid7 InsightVM Cloud
Rapid7 Threat Command
Reco
Recorded Future
Red Hat IdM
Rippling
runZero
SafeBase
Sage HR
SailPoint
SailPoint IdentityIQ
Salesforce
SAP Ariba
ScienceLogic
Securin
Securin VI
SecurityScorecard
Securonix
SemGrep
SentinelOne
ServiceNow
SharePoint
Shodan
Shopify
Silverfort
Slack
Smartsheet
Snipe-IT
Snowflake
Snyk
SolarWinds Service Desk
SonarQube
Sophos
Split
Splunk
Splunk Observability
Splunk SOAR
Spur
StrongDM
Sumo Logic
Symantec EDR
Sysdig
Tableau
Tanium
TeamCity
TeamViewer
Telegram
Tenable
Tenable Security Center
Terraform
Terraform Cloud
TheHive
Thinkst Canary
ThreatQuotient
Trellix Email Security
Trello
Trend Vision One
Twilio
UKG HR
Uptycs
URLScan
Vault
Veracode
Verkada
Vertica
VirusTotal
VMware Carbon Black
VMware vSphere
WeChat
WhatsApp
Whois
WildFire
Wiz
Workday
Workspace ONE UEM
YesWeHack
Zendesk
Zero Networks
Zoom
Zscaler Internet Access
Zscaler Private Access

SIC_READ_ALERTS (9ea2b8a3-593f-4bab-92f5-d0af9b563f6f).

To learn more, visit the Sekoia.io documentation.

Basic Parameters

Parameter	Description
Alert Short ID	A comma separated list of alert shot IDs to filter by. Can be obtained by using the `List Alerts` action.
Alert Titles	A comma separated list of alert titles to filter by.
Alert UUIDs	A comma separated list of alert UUIDs to filter by. Can be obtained by using the `List Alerts` action.
Created At	Filter by the creation date of the alert.
Direction	The direction of the sort.
Node	A comma separated list of either alert sources or alert targets to filter by.
Return All Pages	Automatically fetch all resources, page by page.
Return Total	Select to return the total in the response.
Rule Name	A comma separated list of alert rule names to filter by.
STIX	If set to `True`, the STIX bundle object is also returned.
Sort	Sort alerts by a provided field.
Source	A comma separated list of alert sources to filter by.
Status Names	A comma separated list of alert status names to filter by.
Status UUIDs	A comma separated list of alert status UUIDs to filter by.
Target	A comma separated list of alert targets to filter by.
Updated At	Filter alerts by the update date of the alert.
Urgency	Filter by the urgency of the alert.

Advanced Parameters

Parameter	Description
Alert Detection Type	A comma separated list of alert detection types to filter by.
Asset UUIDs	A comma separated list of asset UUIDs to filter by.
Case Short IDs	A comma separated list of case short IDs to filter by.
Cases	If set to `True`, some information about related cases is also returned.
Community UUIDs	A comma separated list of community UUIDs to filter by.
Entity Names	A comma separated list of alert entity names to filter by.
Entity UUIDs	A comma separated list of alert entity UUIDs to filter by.
Exclude Asset UUIDs	A comma separated list of alert asset UUIDs of to exclude.
Exclude Detection Types	A comma separated list of detection types to exclude.
Exclude Entity UUIDs	A comma separated list of alert entity UUIDs of alerts to exclude.
Exclude Rule Names	A comma separated list of alert rule names to exclude.
Exclude Rule UUIDs	A comma separated list of alert rule UUIDs of alerts to exclude.
Exclude Sources	A comma separated list of alert sources to exclude.
Exclude Specific Threats	A comma separated list of specific threats to exclude.
Exclude Status UUIDs	A comma separated list of alert status UUIDs to exclude.
Exclude Targets	A comma separated list of alert targets to exclude.
Exclude Type Values	A comma separated list of alert type values to exclude.
Exclude Urgency Displays	A comma separated list of alert urgency displays to exclude.
Is Assigned To Case	Filter alerts assigned to a case.
Limit	The number of items to retrieve. The allowed range is 1-100. The default is `20`.
Number Of Similar Occurrences	Filter alerts by the number of similar occurrences.
Offset	The number of items to skip when paginating. Must be bigger or equal to `0`.
Rule UUIDs	A comma separated list of alert rule UUIDs to filter by.
Similar To	Filter alerts similar to the provided alert short ID.
Stix Object	A comma separated list of STIX objects IDs to filter by.
Type Categories	A comma separated list of type categories to filter by.
Type values	A comma separated list of type values to filter by.
Urgency Display	A comma separated list of urgency displays to filter by.
Visible	Filter alerts according to their visibility.

Example Output

{    "items": [        {            "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",            "title": "string",            "created_at": 0,            "created_by": "string",            "created_by_type": "string",            "updated_at": 0,            "updated_by": "string",            "updated_by_type": "string",            "community_uuid": "e391588b-4c35-45eb-a5af-211fba0cde08",            "short_id": "string",            "entity": {                "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",                "name": "string"            },            "urgency": {                "current_value": 0,                "value": 0,                "severity": 0,                "criticity": 0,                "display": "string"            },            "alert_type": {                "value": "string",                "category": "string"            },            "status": {                "uuid": "string",                "name": "string",                "description": "string"            },            "rule": {                "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",                "name": "string",                "severity": 0,                "type": "string",                "pattern": "string"            },            "detection_type": "string",            "source": "string",            "target": "string",            "similar": 0,            "details": "string",            "ttps": [                {                    "id": "string",                    "type": "string",                    "name": "string",                    "description": "string"                }            ],            "adversaries": [                {                    "id": "string",                    "type": "string",                    "name": "string",                    "description": "string"                }            ],            "stix": {},            "kill_chain_short_id": "string",            "number_of_unseen_comments": 0,            "number_of_total_comments": 0,            "first_seen_at": "2019-08-24T14:15:22Z",            "last_seen_at": "2019-08-24T14:15:22Z",            "assets": [                "497f6eca-6276-4993-bfeb-53cbbbba6f08"            ],            "time_to_ingest": 0,            "time_to_detect": 0,            "time_to_acknowledge": 0,            "time_to_respond": 0,            "time_to_resolve": 0,            "intake_uuids": [                "497f6eca-6276-4993-bfeb-53cbbbba6f08"            ],            "cases": [                {                    "short_id": "string",                    "name": "string",                    "is_supplied": true,                    "manual": true,                    "status": "string"                }            ]        }    ],    "total": 0,    "has_more": true}

Workflow Library Example

List Alerts with Sekoiaio and Send Results Via Email

Preview this Workflow on desktop

Was this page helpful?

On this page

Basic Parameters
Advanced Parameters
Example Output
Workflow Library Example

Integrations

​Basic Parameters​

​Advanced Parameters​

​Example Output​

​Workflow Library Example​

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example