Get Alerts
Get alert with timestamps within last 24 hours.
Basic Parameters
| Parameter | Description |
|---|---|
| From Date | The starting date from which alerts will be retrieved defined as Unix timestamp in UTC. Ignored if cursor is set. Must be within last 24 hours. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Cursor | Identifier for next item in the list, this value is available in response as next_cursor. Response will default to last 24 hours if cursor is not within last 24 hours. |
| Limit | The maximum number of items to return, default is 200, max is 1000. |
Example Output
{
"has_more": false,
"items": [
{
"created_at": "The date at which the alert was created.",
"customer_id": "The unique identifier of the customer linked with this record.",
"data": {},
"description": "The description of the alert that was generated.",
"event_service_event_id": "The Event Services event id.",
"id": "Identifier for the alert.",
"info": {},
"location": "The location captured for this record.",
"severity": "The severity for this alert.",
"source": "Describes the source from alert was generated.",
"threat": "The name of the threat responsible for the generation of alert.",
"threat_cleanable": false,
"type": "Describes the type of the device on which alert was generated.",
"when": "The date at which the alert was created."
}
],
"next_cursor": "Value of the next cursor. This will be used to make next call of API."
}
Workflow Library Example
Get Alerts with Sophos and Send Results Via Email
Preview this Workflow on desktop