List Alerts - Blink Documentation

Returns a list of alerts. For a detailed explanation of the best ways to filter alerts using the parameters, refer to Sekoia.io’s Documentation. Note: The following permission is required:

SIC_READ_ALERTS (9ea2b8a3-593f-4bab-92f5-d0af9b563f6f).

External DocumentationTo learn more, visit the Sekoia.io documentation.

Basic Parameters

Parameter	Description
Alert Short ID	A comma separated list of alert shot IDs to filter by. Can be obtained by using the `List Alerts` action.
Alert Titles	A comma separated list of alert titles to filter by.
Alert UUIDs	A comma separated list of alert UUIDs to filter by. Can be obtained by using the `List Alerts` action.
Created At	Filter by the creation date of the alert.
Direction	The direction of the sort.
Node	A comma separated list of either alert sources or alert targets to filter by.
Return All Pages	Automatically fetch all resources, page by page.
Return Total	Select to return the total in the response.
Rule Name	A comma separated list of alert rule names to filter by.
STIX	If set to `True`, the STIX bundle object is also returned.
Sort	Sort alerts by a provided field.
Source	A comma separated list of alert sources to filter by.
Status Names	A comma separated list of alert status names to filter by.
Status UUIDs	A comma separated list of alert status UUIDs to filter by.
Target	A comma separated list of alert targets to filter by.
Updated At	Filter alerts by the update date of the alert.
Urgency	Filter by the urgency of the alert.

Advanced Parameters

Parameter	Description
Alert Detection Type	A comma separated list of alert detection types to filter by.
Asset UUIDs	A comma separated list of asset UUIDs to filter by.
Case Short IDs	A comma separated list of case short IDs to filter by.
Cases	If set to `True`, some information about related cases is also returned.
Community UUIDs	A comma separated list of community UUIDs to filter by.
Entity Names	A comma separated list of alert entity names to filter by.
Entity UUIDs	A comma separated list of alert entity UUIDs to filter by.
Exclude Asset UUIDs	A comma separated list of alert asset UUIDs of to exclude.
Exclude Detection Types	A comma separated list of detection types to exclude.
Exclude Entity UUIDs	A comma separated list of alert entity UUIDs of alerts to exclude.
Exclude Rule Names	A comma separated list of alert rule names to exclude.
Exclude Rule UUIDs	A comma separated list of alert rule UUIDs of alerts to exclude.
Exclude Sources	A comma separated list of alert sources to exclude.
Exclude Specific Threats	A comma separated list of specific threats to exclude.
Exclude Status UUIDs	A comma separated list of alert status UUIDs to exclude.
Exclude Targets	A comma separated list of alert targets to exclude.
Exclude Type Values	A comma separated list of alert type values to exclude.
Exclude Urgency Displays	A comma separated list of alert urgency displays to exclude.
Is Assigned To Case	Filter alerts assigned to a case.
Limit	The number of items to retrieve. The allowed range is 1-100. The default is `20`.
Number Of Similar Occurrences	Filter alerts by the number of similar occurrences.
Offset	The number of items to skip when paginating. Must be bigger or equal to `0`.
Rule UUIDs	A comma separated list of alert rule UUIDs to filter by.
Similar To	Filter alerts similar to the provided alert short ID.
Stix Object	A comma separated list of STIX objects IDs to filter by.
Type Categories	A comma separated list of type categories to filter by.
Type values	A comma separated list of type values to filter by.
Urgency Display	A comma separated list of urgency displays to filter by.
Visible	Filter alerts according to their visibility.

Example Output

{
	"items": [
		{
			"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
			"title": "string",
			"created_at": 0,
			"created_by": "string",
			"created_by_type": "string",
			"updated_at": 0,
			"updated_by": "string",
			"updated_by_type": "string",
			"community_uuid": "e391588b-4c35-45eb-a5af-211fba0cde08",
			"short_id": "string",
			"entity": {
				"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
				"name": "string"
			},
			"urgency": {
				"current_value": 0,
				"value": 0,
				"severity": 0,
				"criticity": 0,
				"display": "string"
			},
			"alert_type": {
				"value": "string",
				"category": "string"
			},
			"status": {
				"uuid": "string",
				"name": "string",
				"description": "string"
			},
			"rule": {
				"uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
				"name": "string",
				"severity": 0,
				"type": "string",
				"pattern": "string"
			},
			"detection_type": "string",
			"source": "string",
			"target": "string",
			"similar": 0,
			"details": "string",
			"ttps": [
				{
					"id": "string",
					"type": "string",
					"name": "string",
					"description": "string"
				}
			],
			"adversaries": [
				{
					"id": "string",
					"type": "string",
					"name": "string",
					"description": "string"
				}
			],
			"stix": {},
			"kill_chain_short_id": "string",
			"number_of_unseen_comments": 0,
			"number_of_total_comments": 0,
			"first_seen_at": "2019-08-24T14:15:22Z",
			"last_seen_at": "2019-08-24T14:15:22Z",
			"assets": [
				"497f6eca-6276-4993-bfeb-53cbbbba6f08"
			],
			"time_to_ingest": 0,
			"time_to_detect": 0,
			"time_to_acknowledge": 0,
			"time_to_respond": 0,
			"time_to_resolve": 0,
			"intake_uuids": [
				"497f6eca-6276-4993-bfeb-53cbbbba6f08"
			],
			"cases": [
				{
					"short_id": "string",
					"name": "string",
					"is_supplied": true,
					"manual": true,
					"status": "string"
				}
			]
		}
	],
	"total": 0,
	"has_more": true
}

Workflow Library Example

List Alerts with Sekoiaio and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Basic Parameters

​Advanced Parameters

​Example Output

​Workflow Library Example

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example