Alerts

REST API operations for alerts

Overview

Use these API operations to interact with alerts in Panther.

To call the API, see the How to use the Panther REST API instructions—including directions for how to invoke it directly from this documentation page.

Required permissions

For GET operations, your API token must have the Read Alerts permission.
For PATCH operations, your API token must have the Manage Alerts permission.

Operations

Get an alert

get

Authorizations

X-API-KeystringRequired

Path parameters

idstringRequired

ID of the alert

Responses

200

OK response.

application/json

contextanyOptional

The context of this alert

contextTagsstring[] · max: 10Optional

the context tags for the alert

createdAtstringOptional

Date and time when the alert got created

eventCountinteger · int64Optional

The number of events that have been received for this alert

firstEventOccurredAtstringOptional

Date and time of this alert's first event

idstringRequired

The unique identifier of this alert

lastReceivedEventAtstringOptional

Date and time that the last event related to this alert was received

qualitystring · enumOptional

The quality of this Alert

Possible values:

runbookstringOptional

The runbook for this Alert, as extracted from its origin

severitystring · enumOptional

The severity of this Alert

Possible values:

statusstring · enumRequired

The status of this Alert

Possible values:

titlestringOptional

The title of this alert

typestringRequired

The type of this alert

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

get

/alerts/{id}

GET /alerts/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "assignee": {
    "id": "user",
    "type": "text"
  },
  "context": null,
  "contextTags": [
    "text"
  ],
  "createdAt": "text",
  "deliveries": [
    {
      "dispatchedAt": "text",
      "label": "text",
      "message": "text",
      "outputId": "text",
      "statusCode": 1,
      "success": true
    }
  ],
  "detection": {
    "id": "text",
    "type": "RULE"
  },
  "eventCount": 1,
  "firstEventOccurredAt": "text",
  "id": "text",
  "lastReceivedEventAt": "text",
  "quality": "NOISE",
  "runbook": "text",
  "severity": "CRITICAL",
  "status": "OPEN",
  "systemError": {
    "detection": {
      "id": "text",
      "type": "RULE"
    },
    "sourceId": "text",
    "sourceType": "text",
    "type": "text"
  },
  "title": "text",
  "type": "text",
  "updatedBy": {
    "id": "user",
    "type": "text"
  }
}

Update the status, assignee, quality or contextTags of an alert

patch

Authorizations

X-API-KeystringRequired

Path parameters

idstringRequired

ID of the alert

Body

assigneestringOptional

The ID of the assignee for this alert

contextTagsstring[] · max: 10Optional

the context tags for the alert

qualitystring · enumOptional

The quality of this Alert

Possible values:

statusstring · enumOptional

The status of this Alert

Possible values:

Responses

200

OK response.

No content

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

patch

/alerts/{id}

PATCH /alerts/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 76

{
  "assignee": "text",
  "contextTags": [
    "text"
  ],
  "quality": "NOISE",
  "status": "OPEN"
}

No content

List alerts

get

Authorizations

X-API-KeystringRequired

Query parameters

typestring · enumOptionalDefault: ALERTPossible values:

cursorstringOptional

the pagination token

limitinteger · int64 · max: 50Optional

the maximum results to return

Default: 25

created-afterstringOptional

The date and time after which the alerts were created. If empty we default to 30 days ago

Example: 1672531200

created-beforestringOptional

The date and time before which the alerts were created. If empty we default to the current time

Example: 1672531200

detection-idstringOptional

The detection ID to filter alerts by

sort-dirstring · enumOptional

The sort direction of the results

Default: descPossible values:

name-containsstringOptional

A string to search for in the alert name

log-sourcestring[]Optional

The log source of the alert

log-typestring[]Optional

The log type of the alert

resource-typestring[]Optional

The resource type of the alert

assigneestring[]Optional

The assignee of the alert. This should be a user id

event-count-mininteger · int64Optional

The minimum number of events in the alert

event-count-maxinteger · int64Optional

The maximum number of events in the alert

context-tagstring[]Optional

Filter by context tags applied to alerts

Responses

200

OK response.

application/json

nextstringOptional

Pagination token for the next page of results

400

bad_request: Bad Request response.

application/json

get

/alerts

GET /alerts HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "next": "text",
  "results": [
    {
      "assignee": {
        "id": "user",
        "type": "text"
      },
      "context": null,
      "contextTags": [
        "text"
      ],
      "createdAt": "text",
      "deliveries": [
        {
          "dispatchedAt": "text",
          "label": "text",
          "message": "text",
          "outputId": "text",
          "statusCode": 1,
          "success": true
        }
      ],
      "detection": {
        "id": "text",
        "type": "RULE"
      },
      "eventCount": 1,
      "firstEventOccurredAt": "text",
      "id": "text",
      "lastReceivedEventAt": "text",
      "quality": "NOISE",
      "runbook": "text",
      "severity": "CRITICAL",
      "status": "OPEN",
      "systemError": {
        "detection": {
          "id": "text",
          "type": "RULE"
        },
        "sourceId": "text",
        "sourceType": "text",
        "type": "text"
      },
      "title": "text",
      "type": "text",
      "updatedBy": {
        "id": "user",
        "type": "text"
      }
    }
  ]
}

Update the status, assignee, quality or contextTags of multiple alerts

patch

Authorizations

X-API-KeystringRequired

Body

assigneestringOptional

The ID of the assignee for this alert

contextTagsstring[] · max: 10Optional

the context tags for the alert

idsstring[]Required

The IDs of the alerts to patch

qualitystring · enumOptional

The quality of this Alert

Possible values:

statusstring · enumOptional

The status of this Alert

Possible values:

Responses

204

No Content response.

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

patch

/alerts

PATCH /alerts HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 91

{
  "assignee": "text",
  "contextTags": [
    "text"
  ],
  "ids": [
    "text"
  ],
  "quality": "NOISE",
  "status": "OPEN"
}

No content

List alert events

get

Authorizations

X-API-KeystringRequired

Path parameters

idstringRequired

The alert id

Query parameters

cursorstringOptional

the pagination token

limitinteger · int64 · max: 50Optional

the maximum results to return

Default: 25

Responses

200

OK response.

application/json

nextstringOptional

Pagination token for the next page of results

400

bad_request: Bad Request response.

application/json

404

not_found: Not Found response.

application/json

get

/alerts/{id}/events

GET /alerts/{id}/events HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "next": "text",
  "results": []
}

PreviousREST API NextAlert Comments

Last updated 26 days ago

Was this helpful?

hashtagOverview

hashtagRequired permissions

hashtagOperations

hashtagGet an alert

hashtagUpdate the status, assignee, quality or contextTags of an alert

hashtagList alerts

hashtagUpdate the status, assignee, quality or contextTags of multiple alerts

hashtagList alert events

Overview

Required permissions

Operations

Get an alert

Update the status, assignee, quality or contextTags of an alert

List alerts

Update the status, assignee, quality or contextTags of multiple alerts

List alert events