GET
/
edr
/
alerts
/
{alert_id}

Authorizations

X-CONNECTION-ID
string
header
required
X-API-KEY
string
header
required

Path Parameters

alert_id
string
required

Response

200 - application/json
active_directory_domain
string | null
required

Active Directory domain

active_directory_user_id
string | null
required

Active Directory user ID

assigned_user
string | null
required

Assigned user

description
string | null
required

Description of alert, provided by the upstream vendor

device
object
required

Device attached to the alert, include device groups with includeDeviceGroups query parameter

first_event_time
string | null
required

First event time

last_event_time
string | null
required

Last event time

mitre
object[]
required

MITRE Tactics associated with the alert

parent_pid
string | null
required

Parent process ID

pid
string | null
required

Process ID

process_command_line
string | null
required

Process command line

process_created_at
string | null
required

Process created at

process_filename
string | null
required

Process filename

process_filepath
string | null
required

Process filepath

process_md5
string | null
required

Process MD5

process_sha1
string | null
required

Process SHA1

process_sha256
string | null
required

Process SHA256

resolved_time
string | null
required

Resolved time

title
string | null
required

Title of the alert, provided by the upstream vendor

user_name
string | null
required

User name

vendor
enum<string>
required

Source vendor

Available options:
crowdstrike,
ms_defender_endpoint,
sentinelone
vendor_id
string | null
required

Vendor's ID of the alert

vendor_severity
string | null
required

Vendor's severity

vendor_status
string | null
required

Vendor's status

windows_sid
string | null
required

Windows SID

id
string | null
observables
object[] | null

Observable data associated with the alert

severity
enum<string>
default:
none

Alert severity

Available options:
none,
low,
medium,
high,
critical,
info
status
enum<string>
default:
unknown

Alert status

Available options:
unknown,
new,
in_progress,
unresolved,
resolved
List AlertsList Policies