Get alert with timestamps within last 24 hours.

Basic Parameters

ParameterDescription
From DateThe starting date from which alerts will be retrieved defined as Unix timestamp in UTC. Ignored if cursor is set. Must be within last 24 hours.

Advanced Parameters

ParameterDescription
CursorIdentifier for next item in the list, this value is available in response as next_cursor. Response will default to last 24 hours if cursor is not within last 24 hours.
LimitThe maximum number of items to return, default is 200, max is 1000.

Example Output

{
	"has_more": false,
	"items": [
		{
			"created_at": "The date at which the alert was created.",
			"customer_id": "The unique identifier of the customer linked with this record.",
			"data": {},
			"description": "The description of the alert that was generated.",
			"event_service_event_id": "The Event Services event id.",
			"id": "Identifier for the alert.",
			"info": {},
			"location": "The location captured for this record.",
			"severity": "The severity for this alert.",
			"source": "Describes the source from alert was generated.",
			"threat": "The name of the threat responsible for the generation of alert.",
			"threat_cleanable": false,
			"type": "Describes the type of the device on which alert was generated.",
			"when": "The date at which the alert was created."
		}
	],
	"next_cursor": "Value of the next cursor. This will be used to make next call of API."
}

Workflow Library Example

Get Alerts with Sophos and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop