Get Alert History - Blink Documentation

Get alert history by a given alert ID. Minimal required permissions: org.alerts Read

External DocumentationTo learn more, visit the VMware Carbon Black documentation.

Parameters

Parameter	Description
Alert ID	The ID of the alert. Can be obtained by the `Search Alerts` action.

Example Output

{
	"history": [
		{
			"type": "USER_WORKFLOW_UPDATE",
			"workflow": {
				"change_timestamp": "2023-04-14T21:30:40.570Z",
				"changed_by_type": "SYSTEM",
				"changed_by": "ALERT_CREATION",
				"closure_reason": "NO_REASON",
				"status": "OPEN"
			}
		},
		{
			"type": "USER_DETERMINATION_UPDATE",
			"determination": {
				"changed_by": "demouser@demoorg.com",
				"changed_by_type": "USER",
				"change_timestamp": "2023-04-16T23:32:41.182Z",
				"value": "TRUE_POSITIVE"
			}
		},
		{
			"type": "ALERT_NOTE_ADDED",
			"note": {
				"author": "demouser@demoorg.com",
				"create_timestamp": "2023-04-16T23:35:10.295Z",
				"last_update_timestamp": "2023-04-16T23:35:10.295Z",
				"id": "eb0c0791-505b-408e-8b03-24562a95a875",
				"source": "CUSTOMER",
				"note": "A note for API demo",
				"parent_id": null,
				"read_history": null,
				"thread": null
			}
		}
	]
}

Workflow Library Example

Get Alert History with Vmware Carbon Black and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Parameters

​Example Output

​Workflow Library Example

Parameters

Example Output

Workflow Library Example