Viewing a list of alerts
GET /xdr/api/v1/alerts
Returns a list of alerts for the specified tenants.
Query parameters
Name | Data type | Mandatory | Description | Value example |
page | number | No | The page number. Starts with 1. The page size is 100 entries. If the value is not specified or set to a value below 1, the 1 value is used. | 1 |
id | string | No | The alert id. If multiple values are specified, a list is formed to which the OR logical operator is applied. If no alert with a specified id is found, this id value is ignored. If no id value is specified, all alerts for the specified tenants are returned. | 00000000-0000-0000-0000-000000000000 |
tenantID | string | Yes | The tenant id. If multiple values are specified, a list is formed to which the OR logical operator is applied. If the user does not have the Read right for any of the specified tenants, the query fails. | 00000000-0000-0000-0000-000000000000 |
timestampField | string | No | The alert data field used to filter the list of alerts. Use the from and to values to specify the time interval. | createdAt updatedAt statusChangedAt |
from | string | No | The start of the time interval used to filter the list of alerts, in RFC3339 format. Use the timestampField value to specify the alert data field. | 2021-09-06T00:00:00Z 2021-09-06T00:00:00.000Z 2021-09-06T00:00:00Z+00:00 |
to | string | No | The end of the time interval used to filter the list of alerts, in RFC3339 format. Use the timestampField value to specify the alert data field. | 2021-09-06T00:00:00Z 2021-09-06T00:00:00.000Z 2021-09-06T00:00:00Z+00:00 |
status | string | No | The alert status. If multiple values are specified, a list is formed to which the OR logical operator is applied. | new inProgress inIncident closed |
withEvents | bool | No | Specifies whether to include normalized events from KUMA.
| /api/v1/alerts?withEvents |
withAffected | bool | No | Specifies whether to include detailed data about assets and accounts related to the alerts. | /xdr/api/v1/alerts?withAffected /xdr/api/v1/alerts?withAffected=123 |
withHistory | bool | No | Specifies whether to include data about changes made to the alerts. | /xdr/api/v1/alerts?withHistory /xdr/api/v1/alerts?withHistory=123 |
Response
HTTP code: 200
Format: JSON
Example:
|
Possible errors
HTTP code | Description |
|
|
400 | The timestampField value is invalid. | invalid timestamp field |
|
400 | The from value is invalid. | cannot parse from | variable |
400 | The to value is invalid. | cannot parse to | variable |
400 | The id value is not in the UUID format. |
|
|
400 | The status value is invalid. | invalid status |
|
403 | The user does not have the required right in the Alerts and incidents functional area in any of the specified tenants. | access denied |
|
500 | Any other internal errors. | variable | variable |