Minimal required permissions: org.alerts Read

To learn more, visit the VMware Carbon Black documentation.

Parameters

ParameterDescription
Alert IDThe ID of the alert. Can be obtained by the Search Alerts action.

Example Output

{    "history": [        {            "type": "USER_WORKFLOW_UPDATE",            "workflow": {                "change_timestamp": "2023-04-14T21:30:40.570Z",                "changed_by_type": "SYSTEM",                "changed_by": "ALERT_CREATION",                "closure_reason": "NO_REASON",                "status": "OPEN"            }        },        {            "type": "USER_DETERMINATION_UPDATE",            "determination": {                "changed_by": "demouser@demoorg.com",                "changed_by_type": "USER",                "change_timestamp": "2023-04-16T23:32:41.182Z",                "value": "TRUE_POSITIVE"            }        },        {            "type": "ALERT_NOTE_ADDED",            "note": {                "author": "demouser@demoorg.com",                "create_timestamp": "2023-04-16T23:35:10.295Z",                "last_update_timestamp": "2023-04-16T23:35:10.295Z",                "id": "eb0c0791-505b-408e-8b03-24562a95a875",                "source": "CUSTOMER",                "note": "A note for API demo",                "parent_id": null,                "read_history": null,                "thread": null            }        }    ]}

Workflow Library Example

Get Alert History with Vmware Carbon Black and Send Results Via Email

Preview this Workflow on desktop