Skip to main content

Get Alert History

Get alert history by a given alert ID.

Minimal required permissions: org.alerts Read

External Documentation

To learn more, visit the VMware Carbon Black documentation.

Parameters

ParameterDescription
Alert IDThe ID of the alert. Can be obtained by the Search Alerts action.

Example Output

{
    "history": [
        {
            "type": "USER_WORKFLOW_UPDATE",
            "workflow": {
                "change_timestamp": "2023-04-14T21:30:40.570Z",
                "changed_by_type": "SYSTEM",
                "changed_by": "ALERT_CREATION",
                "closure_reason": "NO_REASON",
                "status": "OPEN"
            }
        },
        {
            "type": "USER_DETERMINATION_UPDATE",
            "determination": {
                "changed_by": "demouser@demoorg.com",
                "changed_by_type": "USER",
                "change_timestamp": "2023-04-16T23:32:41.182Z",
                "value": "TRUE_POSITIVE"
            }
        },
        {
            "type": "ALERT_NOTE_ADDED",
            "note": {
                "author": "demouser@demoorg.com",
                "create_timestamp": "2023-04-16T23:35:10.295Z",
                "last_update_timestamp": "2023-04-16T23:35:10.295Z",
                "id": "eb0c0791-505b-408e-8b03-24562a95a875",
                "source": "CUSTOMER",
                "note": "A note for API demo",
                "parent_id": null,
                "read_history": null,
                "thread": null
            }
        }
    ]
}

Workflow Library Example

Get Alert History with Vmware Carbon Black and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop