Get Alert History
Get alert history by a given alert ID.
Minimal required permissions: org.alerts Read
External Documentation
To learn more, visit the VMware Carbon Black documentation.
Parameters
| Parameter | Description |
|---|---|
| Alert ID | The ID of the alert. Can be obtained by the Search Alerts action. |
Example Output
{
"history": [
{
"type": "USER_WORKFLOW_UPDATE",
"workflow": {
"change_timestamp": "2023-04-14T21:30:40.570Z",
"changed_by_type": "SYSTEM",
"changed_by": "ALERT_CREATION",
"closure_reason": "NO_REASON",
"status": "OPEN"
}
},
{
"type": "USER_DETERMINATION_UPDATE",
"determination": {
"changed_by": "demouser@demoorg.com",
"changed_by_type": "USER",
"change_timestamp": "2023-04-16T23:32:41.182Z",
"value": "TRUE_POSITIVE"
}
},
{
"type": "ALERT_NOTE_ADDED",
"note": {
"author": "demouser@demoorg.com",
"create_timestamp": "2023-04-16T23:35:10.295Z",
"last_update_timestamp": "2023-04-16T23:35:10.295Z",
"id": "eb0c0791-505b-408e-8b03-24562a95a875",
"source": "CUSTOMER",
"note": "A note for API demo",
"parent_id": null,
"read_history": null,
"thread": null
}
}
]
}
Workflow Library Example
Get Alert History with Vmware Carbon Black and Send Results Via Email
Preview this Workflow on desktop