Get Alerts

5 min

description retrieve a list of sentinelone alerts to identify potential security threats within a specified scope endpoint url /web/api/v2 1/cloud detection/alerts method get inputs parameters (object) accountids (string) list of account ids to filter by analystverdict (string) filter threats by a analyst verdict containerimagename contains (string) free text filter by the endpoint container image name (supports multiple values) containerlabels contains (string) free text filter by the endpoint container labels (supports multiple values) containername contains (string) free text filter by the endpoint container name (supports multiple values) countonly (boolean) if true, only total number of items will be returned, without any of the actual objects createdat gt (string) created at greater than createdat gte (string) created at greater or equal than createdat lt (string) created at lesser than createdat lte (string) created at lesser or equal than cursor (string) cursor position returned by the last request use to iterate over more than 1000 items disablepagination (boolean) if true, all rules for requested scope will be returned groupids (string) list of group ids to filter by ids (array) a list of alert ids incidentstatus (string) filter threats by a incident status k8scluster contains (string) free text filter by the endpoint kubernetes cluster name (supports multiple values) k8scontrollerlabels contains (string) free text filter by the endpoint kubernetes controller labels (supports multiple values) k8scontrollername contains (string) free text filter by the endpoint kubernetes controller name (supports multiple values) k8snamespacelabels contains (string) free text filter by the endpoint kubernetes namespace labels (supports multiple values) k8snamespacename contains (string) free text filter by the endpoint kubernetes namespace name (supports multiple values) k8snode contains (string) free text filter by the endpoint kubernetes node name (supports multiple values) k8spod contains (string) free text filter by the endpoint kubernetes pod name (supports multiple values) k8spodlabels contains (string) free text filter by the endpoint kubernetes pod labels (supports multiple values) limit (number) limit number of returned items (1 1000) machinetype (string) agent machine type origagentname contains (string) free text filter by agent name origagentosrevision contains (string) free text filter by agent os revision origagentuuid contains (string) free text filter by agent uuid origagentversion contains (string) free text filter by agent os version ostype (string) included os types query (string) full text search for all fields reportedat gt (string) reported at greater than reportedat gte (string) reported at greater or equal than reportedat lt (string) reported at lesser than reportedat lte (string) reported at lesser or equal than rulename contains (string) free text filter by rule name scopes (string) filter results by scope severity (string) severity siteids (string) list of site ids to filter by skip (number) skip first number of items (0 1000) to iterate over more than 1000 items, use "cursor" skipcount (boolean) if true, total number of items will not be calculated, which speeds up execution time sortby (string) the column to sort the results by sortorder (string) sort direction sourceprocesscommandline contains (string) free text filter by source commandline sourceprocessfilehashmd5 contains (string) free text filter by source md5 sourceprocessfilehashsha1 contains (string) free text filter by source sha1 sourceprocessfilehashsha256 contains (string) free text filter by source sha255 sourceprocessfilepath contains (string) free text filter by source file path sourceprocessname contains (string) free text filter by source process name sourceprocessstoryline contains (string) free text filter by source storyline tenant (boolean) indicates a tenant scope request output output parameters status code (number) reason (string) json body (object) data (array) agentdetectioninfo (object) accountid (string) machinetype (object) name (object) osfamily (object) osname (string) osrevision (string) siteid (object) uuid (object) version (object) alertinfo (object) alertid (string) analystverdict (string) createdat (string) dnsrequest (object) dnsresponse (object) dstip (object) dstport (object) dveventid (object) eventtype (object) hittype (string) incidentstatus (string) indicatorcategory (object) indicatordescription (object) indicatorname (object) isedr (boolean) loginaccountdomain (object) loginaccountsid (object) loginisadministratorequivalent (object) loginissuccessful (object) logintype (object) loginsusername (object) modulepath (object) modulesha1 (object) neteventdirection (object) registrykeypath (object) registryoldvalue (object) registryoldvaluetype (object) registrypath (object) registryvalue (object) reportedat (string) source (string) srcip (object) srcmachineip (object) srcport (object) tiindicatorcomparisonmethod (object) tiindicatorsource (object) tiindicatortype (object) tiindicatorvalue (object) updatedat (string) containerinfo (object) id (object) image (object) labels (object) name (object) kubernetesinfo (object) cluster (object) controllerkind (object) controllerlabels (object) controllername (object) namespace (object) namespacelabels (object) node (object) pod (object) podlabels (object) ruleinfo (object) description (object) id (string) name (string) querylang (string) querytype (string) s1ql (string) scopelevel (string) severity (string) treatasthreat (string) sourceparentprocessinfo (object) commandline (object) effectiveuser (object) filehashmd5 (object) filehashsha1 (object) filehashsha256 (object) filepath (object) filesigneridentity (object) integritylevel (string) loginuser (object) name (object) pid (object) pidstarttime (string) realuser (object) storyline (object) subsystem (string) uniqueid (object) user (string) sourceprocessinfo (object) commandline (object) effectiveuser (object) filehashmd5 (object) filehashsha1 (object) filehashsha256 (object) filepath (object) filesigneridentity (object) integritylevel (string) loginuser (object) name (object) pid (object) pidstarttime (string) realuser (object) storyline (object) subsystem (string) uniqueid (object) user (string) targetprocessinfo (object) tgtfilecreatedat (string) tgtfilehashsha1 (object) tgtfilehashsha256 (object) tgtfileid (object) tgtfileissigned (object) tgtfilemodifiedat (string) tgtfileoldpath (object) tgtfilepath (object) tgtproccmdline (object) tgtprocimagepath (object) tgtprocintegritylevel (string) tgtprocname (object) tgtprocpid (object) tgtprocsignedstatus (object) tgtprocstorylineid (object) tgtprocuid (object) tgtprocessstarttime (string) pagination (object) nextcursor (object) totalitems (number) response headers header type server string date string content type string transfer encoding string connection string x rqid string access control allow origin string access control allow credentials string vary string strict transport security string x frame options string x content type options string content security policy string cache control string pragma string expires string content encoding string

Get Agents

Get Blocklist Items