API Documentation
VMS
Identity Provider (IDP)
Provisioning
Connectors
Enrichments
List Alerts
List all the EDR alerts for a given connection.
Datetime filter, only return items updated since this datetime. Example format: 2021-01-01T00:00:00+00:00
Limit size (page size)
Offset index (starting index of page)
Skips returning the total rows, total is set to null when true
Include device groups in the devices attached to the vulnerability
Query Parameters
Datetime filter, only return items updated since this datetime. Example format: 2021-01-01T00:00:00+00:00
Limit size (page size)
x > 0Offset index (starting index of page)
x > 0Skips returning the total rows, total is set to null when true
Include device groups in the devices attached to the vulnerability
Response
Number of items return in the response
List of items returned in the response
Vendor's ID of the alert
Title of the alert, provided by the upstream vendor
Description of alert, provided by the upstream vendor
Assigned user
Alert severity
none, low, medium, high, critical, info Vendor's severity
Alert status
unknown, new, in_progress, unresolved, resolved Vendor's status
First event time
Last event time
Resolved time
Source vendor
crowdstrike, ms_defender_endpoint, sentinelone Process ID
Process created at
Process filename
Process command line
Process filepath
Process SHA1
Process SHA256
Process MD5
Parent process ID
User name
Windows SID
Active Directory user ID
Active Directory domain
Device attached to the alert, include device groups with includeDeviceGroups query parameter
active, offline, quarantined mac, windows, linux, unknown CloudMetadata, currently only AWS is supported
aws Vendor specific pass through data, values can vary based on vendor
MITRE Tactics associated with the alert
Tactic name
Tactic ID
Tactic source
Total number of items that can be returned