Get Alert

Get alert by ID. Retrieves detailed information for a specific advanced threat alert. If Advanced Threat Intel (ATI) information is available for the alert, it will be returned. Alerts more than 90 days old are not available.

Basic Parameters

Parameter	Description
Alert ID	The ID of the alert, can be obtained by the List Alerts action.

Advanced Parameters

Parameter	Description
Traffic Type	Traffic type defaults to inbound. To handle outbound traffic, set the to outbound.

Example Output

{ 
  "data":
  [ 
    { 
      "attributes": {
        "meta": {
          "read": false,
          "last_modified_on": "2022-11-22T11:33:52.037",
          "legacy_id": 85534366,
          "acknowledged": false,
          "alert_type": "yara"
          }, 
        "ati": {}, 
        "alert": { 
          "product": "ETP",
          "alert_type": [ "at" ],
          "severity": "majr", 
          "ack": "no",
          "malware_md5": "b2255f656c300f3e00e51b6d0e62a7bb",
          "explanation": {
            "analysis": "binary",
            "protocol": "",
            "anomaly": "",
            "timestamp": "2022-11-22T11:32:50.000000",
            "malware_detected": {
              "malware": [ {
                "name": "yara|yara_simple_eg.yara|AsciiExample_1 and 1 more",
                "stype": "yara",
                "type": "ehdr",
                "original_name": "yara|yara_simple_eg.yara|AsciiExample_1 and 1 more",
                "original": "yara|yara_simple_eg.yara|AsciiExample_1 and 1 more",
                "downloaded_at": "2022-11-22T11:32:50.154835",
                "md5sum": "b2255f656c300f3e00e51b6d0e62a7bb", 
                "submitted_at": "2022-11-22T11:32:48.665004", 
                "sha256": "94e617d9cfb98fcc0abc4010e1e4f030cdd5c0820be31c06259081cf4869561",
                "executed_at": "2022-11-22T11:32:50.154835" }
          ] }, 
        "os_changes": null, 
        "cnc_services": { 
        "cnc_service": null 
      } 
    }, "timestamp": "2022-11-22T11:33:52.036", 
      "action": "notified", 
      "name": "malware-object" "sha256":"94e617d9cfb98fcc0abc4010e1e4f030cdd5c0820be31c06259081cf48695261" 
    }, 
  "email": { 
    "status": "quarantined",
    "source_ip": "96.47.26.93", 
    "smtp": { 
      "rcpt_to": "userc@musubi2.etp-testdomain5.com",
      "mail_from": "bounce-cn1-zh_cnn_i_news_ndban112220227630041-h-ee3d2699f7=2@newsletters.cnn.com" 
    }, 
  "etp_message_id": "3yINFWA-1111152-7B1209271853BC7365d49e4a8", 
  "headers": { 
    "cc": "", 
    "to": "userc@musubi2.etptestdomain5.com", 
    "from": "CNN's 5 Things <5things@newsletters.cnn.com>", 
    "subject": "Test mail" },
"attachment": "yara|yara_simple_eg.yara|AsciiExample_1 and 1 more", 
"timestamp": { 
  "accepted":"2022-11-22T11:32:41" 
  }, "source_country": "us" } }, 
"id": "3yINFWA-1111152-8784f526-be90-45ed-8867-ec1fcf066dd8" } ], 
"meta": { 
  "total": 1, 
  "copyright": "Copyright 2022 FireEye Security Holdings US LLC" },
"type": "alerts" 
}

Workflow Library Example

Get Alert with Trellix Email Security and Send Results Via Email

Preview this Workflow on desktop