Get Alert Details

This endpoint does not support detection IDs prefixed with ldt.

Parameter	Description
Alert IDs	Comma separated list of alert IDs to get details on. This endpoint does not support detection IDs prefixed with ldt.

Parameter

Description

Alert IDs

Comma separated list of alert IDs to get details on. This endpoint does not support detection IDs prefixed with ldt.

Example Output

{    "meta": {        "query_time": 0.004553092,        "writes": {            "resources_affected": 0        },        "powered_by": "detectsapi",        "trace_id": "e3a17704-d33e-4f70-a769-6a3ddc01844f"    },    "errors": [],    "resources": [        {            "activity_id": "3D14C6B6-XXXX-460EC4FCD27D",            "aggregate_id": "aggind:dca1XXXX1660:097877B9-C71F-42C7-A836-2944D119B6CB",            "cid": "0123456789ABCDEFGHIJKLMNOPQRSTUV-WX",            "composite_id": "28a1xxxxxxxx3914:ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-1930xxxxxxxx9544",            "confidence": 30,            "context_timestamp": "2022-05-15T10:32:00.000Z",            "created_timestamp": "2022-05-15T11:34:56.887790892Z",            "description": "User access from an unusual location",            "display_name": "Unusual user geolocation",            "end_time": "2022-05-15T10:32:00.000Z",            "falcon_host_link": "https://falcon.crowdstrike.com/identity-protection/detections/dca1xxxx1660",            "id": "ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-1930xxxxxxxx9544",            "location_country_code": "US",            "name": "AnomalousGeoLocationAccess",            "objective": "Gain Access",            "okta_application_id": "0oa1xxxxL5d7",            "pattern_id": 51125,            "product": "idp",            "scenario": "machine_learning",            "severity": 31,            "show_in_ui": true,            "source_account_name": "demo.user@example.com",            "source_account_okta_id": "00u4xxxxf5d7",            "source_endpoint_address_ip4": "192.0.2.100",            "source_endpoint_ip_address": "192.0.2.100",            "sso_application_identifier": "Okta Admin Console",            "sso_application_uri": "0oa1xxxxL5d7",            "start_time": "2022-05-15T10:32:00.000Z",            "status": "new",            "tactic": "Initial Access",            "tactic_id": "TA0001",            "technique": "Valid Accounts",            "technique_id": "T1078",            "timestamp": "2022-05-15T10:34:56.509Z",            "type": "idp-session-source-user-endpoint-target-info",            "updated_timestamp": "2022-05-15T11:34:56.887790892Z"        }    ]}

Integrations

Parameters

Example Output

Workflow Library Example

Integrations

Documentation Index

​Parameters​

​Example Output​

​Workflow Library Example​

Parameters

Example Output

Workflow Library Example