Get a list of alerts for a given scope.

Basic Parameters

ParameterDescription
Alert IDsFilter by a list of alert IDs.
Analyst VerdictFilter alerts by an analyst verdict.
Options:
FALSE_POSITIVE
SUSPICIOUS
TRUE_POSITIVE
UNDEFINED
Count OnlyIf true, only total number of items will be returned, without any of the actual objects.
Created AfterCreated after a specified timestamp.
Created BeforeCreated before a specified timestamp.
CursorCursor position returned by the last request. Use to iterate over more than 1000 items. Example: “YWdlbnRfaWQ6NTgwMjkzODE=”.
Incident StatusFilter alerts by a incident status.
Options:
IN_PROGRESS
RESOLVED
UNRESOLVED
LimitLimit number of returned items (1-1000). Example: 10.
Return All PagesAutomatically fetch all resources, page by page.
Sort ByThe column to sort the results by.

Advanced Parameters

ParameterDescription
Account IDsList of account IDs to filter by. Example: 225494730938493804,225494730938493915.

Example Output

{
  "data": [
    {
      "agentDetectionInfo": {
        "accountId": "<string>",
        "machineType": "<string>",
        "name": "<string>",
        "osFamily": "<string>",
        "osName": "<string>",
        "osRevision": "<string>",
        "siteId": "<string>",
        "uuid": "<string>",
        "version": "<string>"
      },
      "agentRealtimeInfo": {
        "id": "<string>",
        "infected": false,
        "isActive": false,
        "isDecommissioned": true,
        "machineType": "<string>",
        "name": "<string>",
        "os": "<string>",
        "uuid": "<string>"
      },
      "alertInfo": {
        "alertId": "<string>",
        "analystVerdict": "<string>",
        "createdAt": "2025-01-01T15:56:21.535999Z",
        "dnsRequest": null,
        "dnsResponse": null,
        "dstIp": null,
        "dstPort": null,
        "dvEventId": "<string>",
        "eventType": "<string>",
        "hitType": "<string>",
        "incidentStatus": "<string>",
        "indicatorCategory": null,
        "indicatorDescription": null,
        "indicatorName": null,
        "isEdr": true,
        "loginAccountDomain": "<string>",
        "loginAccountSid": "<string>",
        "loginIsAdministratorEquivalent": "<string>",
        "loginIsSuccessful": "<string>",
        "loginType": "<string>",
        "loginsUserName": "<string>",
        "modulePath": null,
        "moduleSha1": null,
        "netEventDirection": null,
        "registryKeyPath": null,
        "registryOldValue": null,
        "registryOldValueType": null,
        "registryPath": null,
        "registryValue": null,
        "reportedAt": "2025-01-01T15:56:21.535999Z",
        "source": "<string>",
        "srcIp": null,
        "srcMachineIp": "<string>",
        "srcPort": null,
        "tiIndicatorComparisonMethod": null,
        "tiIndicatorSource": null,
        "tiIndicatorType": null,
        "tiIndicatorValue": null,
        "updatedAt": "2025-01-01T15:56:21.535999Z",
      },
      "containerInfo": {
        "id": null,
        "image": null,
        "labels": null,
        "name": null
      },
      "kubernetesInfo": {
        "cluster": null,
        "controllerKind": null,
        "controllerLabels": null,
        "controllerName": null,
        "namespace": null,
        "namespaceLabels": null,
        "node": null,
        "pod": null,
        "podLabels": null
      },
      "ruleInfo": {
        "description": null,
        "id": "<string>",
        "name": "<string>",
        "queryLang": "<string>",
        "queryType": "<string>",
        "s1ql": "<string>",
        "scopeLevel": "<string>",
        "severity": "<string>",
        "treatAsThreat": "<string>"
      },
      "sourceParentProcessInfo": {
        "commandline": "<string>",
        "effectiveUser": null,
        "fileHashMd5": "<string>",
        "fileHashSha1": "<string>",
        "fileHashSha256": "<string>",
        "filePath": "<string>",
        "fileSignerIdentity": "<string>",
        "integrityLevel": "<string>",
        "loginUser": null,
        "name": "<string>",
        "pid": "<string>",
        "pidStarttime": "2025-04-17T01:15:48.111000Z",
        "realUser": null,
        "storyline": "<string>",
        "subsystem": "<string>",
        "uniqueId": "<string>",
        "user": "<string>"
      },
      "sourceProcessInfo": {
        "commandline": "<string>",
        "effectiveUser": null,
        "fileHashMd5": "<string>",
        "fileHashSha1": "<string>",
        "fileHashSha256": "<string>",
        "filePath": "<string>",
        "fileSignerIdentity": "<string>",
        "integrityLevel": "<string>",
        "loginUser": null,
        "name": "<string>",
        "pid": "<string>",
        "pidStarttime": "2025-04-17T01:15:48.111000Z",
        "realUser": null,
        "storyline": "<string>",
        "subsystem": "<string>",
        "uniqueId": "<string>",
        "user": "<string>"
      },
      "targetProcessInfo": {
        "tgtFileCreatedAt": "2025-01-01T15:56:21.535999Z",
        "tgtFileHashSha1": null,
        "tgtFileHashSha256": null,
        "tgtFileId": null,
        "tgtFileIsSigned": "<string>",
        "tgtFileModifiedAt": "2025-01-01T15:56:21.535999Z",
        "tgtFileOldPath": null,
        "tgtFilePath": null,
        "tgtProcCmdLine": null,
        "tgtProcImagePath": null,
        "tgtProcIntegrityLevel": "<string>",
        "tgtProcName": null,
        "tgtProcPid": null,
        "tgtProcSignedStatus": null,
        "tgtProcStorylineId": null,
        "tgtProcUid": null,
        "tgtProcessStartTime": "2025-04-17T01:15:48.111000Z"
      }
    },
    {
      "agentDetectionInfo": {
        "accountId": "<string>",
        "machineType": "<string>",
        "name": "<string>",
        "osFamily": "<string>",
        "osName": "<string>",
        "osRevision": "<string>",
        "siteId": "<string>",
        "uuid": "<string>",
        "version": "<string>"
      },
      "agentRealtimeInfo": {
        "id": "<string>",
        "infected": false,
        "isActive": false,
        "isDecommissioned": true,
        "machineType": "<string>",
        "name": "<string>",
        "os": "<string>",
        "uuid": "<string>"
      },
      "alertInfo": {
        "alertId": "<string>",
        "analystVerdict": "<string>",
        "createdAt": "2025-01-01T15:56:21.535999Z",
        "dnsRequest": null,
        "dnsResponse": null,
        "dstIp": null,
        "dstPort": null,
        "dvEventId": "<string>",
        "eventType": "<string>",
        "hitType": "<string>",
        "incidentStatus": "<string>",
        "indicatorCategory": null,
        "indicatorDescription": null,
        "indicatorName": null,
        "isEdr": true,
        "loginAccountDomain": "<string>",
        "loginAccountSid": "<string>",
        "loginIsAdministratorEquivalent": "<string>",
        "loginIsSuccessful": "<string>",
        "loginType": "<string>",
        "loginsUserName": "<string>",
        "modulePath": null,
        "moduleSha1": null,
        "netEventDirection": null,
        "registryKeyPath": null,
        "registryOldValue": null,
        "registryOldValueType": null,
        "registryPath": null,
        "registryValue": null,
        "reportedAt": "2025-01-01T15:56:21.535999Z",
        "source": "<string>",
        "srcIp": null,
        "srcMachineIp": null,
        "srcPort": null,
        "tiIndicatorComparisonMethod": null,
        "tiIndicatorSource": null,
        "tiIndicatorType": null,
        "tiIndicatorValue": null,
        "updatedAt": "2025-01-01T15:56:21.535999Z",
      },
      "containerInfo": {
        "id": null,
        "image": null,
        "labels": null,
        "name": null
      },
      "kubernetesInfo": {
        "cluster": null,
        "controllerKind": null,
        "controllerLabels": null,
        "controllerName": null,
        "namespace": null,
        "namespaceLabels": null,
        "node": null,
        "pod": null,
        "podLabels": null
      },
      "ruleInfo": {
        "description": null,
        "id": "<string>",
        "name": "<string>",
        "queryLang": "<string>",
        "queryType": "<string>",
        "s1ql": "<string>",
        "scopeLevel": "<string>",
        "severity": "<string>",
        "treatAsThreat": "<string>"
      },
      "sourceParentProcessInfo": {
        "commandline": "<string>",
        "effectiveUser": null,
        "fileHashMd5": "<string>",
        "fileHashSha1": "<string>",
        "fileHashSha256": "<string>",
        "filePath": "<string>",
        "fileSignerIdentity": "<string>",
        "integrityLevel": "<string>",
        "loginUser": null,
        "name": "<string>",
        "pid": "<string>",
        "pidStarttime": "2025-04-17T01:15:48.111000Z",
        "realUser": null,
        "storyline": "<string>",
        "subsystem": "<string>",
        "uniqueId": "<string>",
        "user": "<string>"
      },
      "sourceProcessInfo": {
        "commandline": "<string>",
        "effectiveUser": null,
        "fileHashMd5": "<string>",
        "fileHashSha1": "<string>",
        "fileHashSha256": "<string>",
        "filePath": "<string>",
        "fileSignerIdentity": "<string>",
        "integrityLevel": "<string>",
        "loginUser": null,
        "name": "<string>",
        "pid": "<string>",
        "pidStarttime": "2025-04-17T01:15:48.111000Z",
        "realUser": null,
        "storyline": "<string>",
        "subsystem": "<string>",
        "uniqueId": "<string>",
        "user": "<string>"
      },
      "targetProcessInfo": {
        "tgtFileCreatedAt": "2025-01-01T15:56:21.535999Z",
        "tgtFileHashSha1": null,
        "tgtFileHashSha256": null,
        "tgtFileId": null,
        "tgtFileIsSigned": "<string>",
        "tgtFileModifiedAt": "2025-01-01T15:56:21.535999Z",
        "tgtFileOldPath": null,
        "tgtFilePath": null,
        "tgtProcCmdLine": null,
        "tgtProcImagePath": null,
        "tgtProcIntegrityLevel": "<string>",
        "tgtProcName": null,
        "tgtProcPid": null,
        "tgtProcSignedStatus": null,
        "tgtProcStorylineId": null,
        "tgtProcUid": null,
        "tgtProcessStartTime": "2025-04-17T01:15:48.111000Z"
      }
    }
  ],
  "pagination": {
    "nextCursor": null,
    "totalItems": 23
  }
}

Workflow Library Example

Get Alerts with Sentinelone and Send Results Via Email

Preview this Workflow on desktop