Get Alerts by Id

GET /v1/alerts

List and filter Detection and Response (DDR) alerts to triage and prioritize real-time data security threats. This call returns a list of alerts with the necessary data to triage and assign for investigation

Request

Query Parameters

detectionTime.equals date-time

detectionTime.greaterThanOrEqual date-time

detectionTime.greaterThan date-time

detectionTime.lessThanOrEqual date-time

detectionTime.lessThan date-time

policyName.in string[]

policyName.equals string

assetName.in string[]

assetName.equals string

cloudProvider.in string[]

Possible values: [AWS, AZURE, GCP, SNOWFLAKE, FILE_SHARE, O365]

cloudProvider.equals string

Possible values: [AWS, AZURE, GCP, SNOWFLAKE, FILE_SHARE, O365]

destinationProjectVendorName.in string[]

destinationProjectVendorName.equals string

cloudEnvironment.in string[]

Possible values: [UNKNOWN, DEVELOPMENT, STAGING, TESTING, PRODUCTION]

cloudEnvironment.equals string

Possible values: [UNKNOWN, DEVELOPMENT, STAGING, TESTING, PRODUCTION]

policySeverity.in string[]

Possible values: [HIGH, MEDIUM, LOW]

policySeverity.equals string

Possible values: [HIGH, MEDIUM, LOW]

categoryType.in string[]

Possible values: [FIRST_MOVE, ATTACK, COMPLIANCE, ASSET_AT_RISK, RECONNAISSANCE]

categoryType.equals string

Possible values: [FIRST_MOVE, ATTACK, COMPLIANCE, ASSET_AT_RISK, RECONNAISSANCE]

status.in string[]

Possible values: [OPEN, UNIMPORTANT, WRONG, HANDLED, INVESTIGATING]

status.equals string

Possible values: [OPEN, UNIMPORTANT, WRONG, HANDLED, INVESTIGATING]

sort string

Sorting criteria in the format: property,(asc|desc). Default sort order is ascending. Multiple sort criteria are supported.

page string

Default value: 0

size integer

Possible values: <= 50

Default value: 20

Header Parameters

dig-api-key stringrequired

Dig token header

Responses

Returns a list of alerts

Response Headers

X-Total-Count integer
The total number of items in the page

application/json

Schema
Example (from schema)

Schema

Array [

id string

detectionTime date-time

policyName string

assetName string

assetLabels object[]

Array [

label object

id int64

name string

description string

color string

prettyName string

connectedBy string

Possible values: [SYSTEM, USER]

]

cloudProvider string

Possible values: [AWS, AZURE, GCP, SNOWFLAKE, FILE_SHARE, O365]

destinationProjects object

property name* string

cloudEnvironment string

Possible values: [UNKNOWN, DEVELOPMENT, STAGING, TESTING, PRODUCTION]

policySeverity string

Possible values: [HIGH, MEDIUM, LOW]

policyCategoryType string

Possible values: [FIRST_MOVE, ATTACK, COMPLIANCE, ASSET_AT_RISK, RECONNAISSANCE]

status string

Possible values: [OPEN, UNIMPORTANT, WRONG, HANDLED, INVESTIGATING]

eventActor string

eventUserAgent string

eventActionMedium string

Possible values: [CONSOLE, SDK, CLI, SYSTEM]

eventSource string

policyFrameWorks string[]

eventRawData string

]

[
  {
    "id": "string",
    "detectionTime": "2024-07-29T15:51:28.071Z",
    "policyName": "string",
    "assetName": "string",
    "assetLabels": [
      {
        "label": {
          "id": 0,
          "name": "string",
          "description": "string",
          "color": "string",
          "prettyName": "string"
        },
        "connectedBy": "SYSTEM"
      }
    ],
    "cloudProvider": "AWS",
    "destinationProjects": {},
    "cloudEnvironment": "UNKNOWN",
    "policySeverity": "HIGH",
    "policyCategoryType": "FIRST_MOVE",
    "status": "OPEN",
    "eventActor": "string",
    "eventUserAgent": "string",
    "eventActionMedium": "CONSOLE",
    "eventSource": "string",
    "policyFrameWorks": [
      "string"
    ],
    "eventRawData": "string"
  }
]

Get Alerts by Id

/v1/alerts

Request​

Query Parameters

Header Parameters

Responses​

Request

Responses