Get alert by ID. Retrieves detailed information for a specific advanced threat alert. If Advanced Threat Intel (ATI) information is available for the alert, it will be returned. Alerts more than 90 days old are not available.

Basic Parameters

ParameterDescription
Alert IDThe ID of the alert, can be obtained by the List Alerts action.

Advanced Parameters

ParameterDescription
Traffic TypeTraffic type defaults to inbound. To handle outbound traffic, set the to outbound.

Example Output

{ 
  "data":
  [ 
    { 
      "attributes": {
        "meta": {
          "read": false,
          "last_modified_on": "2022-11-22T11:33:52.037",
          "legacy_id": 85534366,
          "acknowledged": false,
          "alert_type": "yara"
          }, 
        "ati": {}, 
        "alert": { 
          "product": "ETP",
          "alert_type": [ "at" ],
          "severity": "majr", 
          "ack": "no",
          "malware_md5": "b2255f656c300f3e00e51b6d0e62a7bb",
          "explanation": {
            "analysis": "binary",
            "protocol": "",
            "anomaly": "",
            "timestamp": "2022-11-22T11:32:50.000000",
            "malware_detected": {
              "malware": [ {
                "name": "yara|yara_simple_eg.yara|AsciiExample_1 and 1 more",
                "stype": "yara",
                "type": "ehdr",
                "original_name": "yara|yara_simple_eg.yara|AsciiExample_1 and 1 more",
                "original": "yara|yara_simple_eg.yara|AsciiExample_1 and 1 more",
                "downloaded_at": "2022-11-22T11:32:50.154835",
                "md5sum": "b2255f656c300f3e00e51b6d0e62a7bb", 
                "submitted_at": "2022-11-22T11:32:48.665004", 
                "sha256": "94e617d9cfb98fcc0abc4010e1e4f030cdd5c0820be31c06259081cf4869561",
                "executed_at": "2022-11-22T11:32:50.154835" }
          ] }, 
        "os_changes": null, 
        "cnc_services": { 
        "cnc_service": null 
      } 
    }, "timestamp": "2022-11-22T11:33:52.036", 
      "action": "notified", 
      "name": "malware-object" "sha256":"94e617d9cfb98fcc0abc4010e1e4f030cdd5c0820be31c06259081cf48695261" 
    }, 
  "email": { 
    "status": "quarantined",
    "source_ip": "96.47.26.93", 
    "smtp": { 
      "rcpt_to": "userc@musubi2.etp-testdomain5.com",
      "mail_from": "bounce-cn1-zh_cnn_i_news_ndban112220227630041-h-ee3d2699f7=2@newsletters.cnn.com" 
    }, 
  "etp_message_id": "3yINFWA-1111152-7B1209271853BC7365d49e4a8", 
  "headers": { 
    "cc": "", 
    "to": "userc@musubi2.etptestdomain5.com", 
    "from": "CNN's 5 Things <5things@newsletters.cnn.com>", 
    "subject": "Test mail" },
"attachment": "yara|yara_simple_eg.yara|AsciiExample_1 and 1 more", 
"timestamp": { 
  "accepted":"2022-11-22T11:32:41" 
  }, "source_country": "us" } }, 
"id": "3yINFWA-1111152-8784f526-be90-45ed-8867-ec1fcf066dd8" } ], 
"meta": { 
  "total": 1, 
  "copyright": "Copyright 2022 FireEye Security Holdings US LLC" },
"type": "alerts" 
}

Workflow Library Example

Get Alert with Trellix Email Security and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop