Knowledge Base Community Release Notes Request Demo

Alerts

REST API operations for alerts

Overview

The /alerts REST API operations are in open beta starting with Panther version 1.112, and are available to all customers. Please share any bug reports and feature requests with your Panther support team.

Use these API operations to interact with alerts in Panther.

To call the API, see the instructions—including .

Required permissions

For GET operations, your API token must have the Read Alerts permission.
For PATCH operations, your API token must have the Manage Alerts permission.

Operations

PreviousREST API (Beta)NextAlert Comments

Last updated 23 days ago

Was this helpful?

Get an alert

get

Authorizations

Path parameters

idstringRequired

ID of the alert

Responses

application/json

objectOptional

application/json

get

GET /alerts/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "assignee": {
    "id": "user",
    "type": "text"
  },
  "context": null,
  "createdAt": "text",
  "deliveries": [
    {
      "dispatchedAt": "text",
      "label": "text",
      "message": "text",
      "outputId": "text",
      "statusCode": 1,
      "success": true
    }
  ],
  "detection": {
    "id": "text",
    "type": "RULE"
  },
  "eventCount": 1,
  "firstEventOccurredAt": "text",
  "id": "text",
  "lastReceivedEventAt": "text",
  "runbook": "text",
  "severity": "CRITICAL",
  "status": "OPEN",
  "systemError": {
    "detection": {
      "id": "text",
      "type": "RULE"
    },
    "sourceId": "text",
    "sourceType": "text",
    "type": "text"
  },
  "title": "text",
  "type": "text",
  "updatedBy": {
    "id": "user",
    "type": "text"
  }
}

List alerts

get

Authorizations

Query parameters

typestring · enumOptionalDefault: ALERTAvailable options:

sub-typestring · enum[]Optional

The sub-type of the alert

cursorstringOptional

the pagination token

limitinteger · int64 · max: 50Optional

the maximum results to return

Default: 25

created-afterstringOptional

The date and time after which the alerts were created. If empty we default to 30 days ago

Example: 1672531200

created-beforestringOptional

The date and time before which the alerts were created. If empty we default to the current time

Example: 1672531200

detection-idstringOptional

The detection ID to filter alerts by

sort-dirstring · enumOptional

The sort direction of the results

Default: descAvailable options:

name-containsstringOptional

A string to search for in the alert name

log-sourcestring[]Optional

The log source of the alert

log-typestring[]Optional

The log type of the alert

resource-typestring[]Optional

The resource type of the alert

statusstring · enum[]Optional

The status of the alert

severitystring · enum[]Optional

The severity of the alert

assigneestring[]Optional

The assignee of the alert. This should be a user id

event-count-mininteger · int64Optional

The minimum number of events in the alert

event-count-maxinteger · int64Optional

The maximum number of events in the alert

Responses

application/json

objectOptional

application/json

get

GET /alerts HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "next": "text",
  "results": [
    {
      "assignee": {
        "id": "user",
        "type": "text"
      },
      "context": null,
      "createdAt": "text",
      "deliveries": [
        {
          "dispatchedAt": "text",
          "label": "text",
          "message": "text",
          "outputId": "text",
          "statusCode": 1,
          "success": true
        }
      ],
      "detection": {
        "id": "text",
        "type": "RULE"
      },
      "eventCount": 1,
      "firstEventOccurredAt": "text",
      "id": "text",
      "lastReceivedEventAt": "text",
      "runbook": "text",
      "severity": "CRITICAL",
      "status": "OPEN",
      "systemError": {
        "detection": {
          "id": "text",
          "type": "RULE"
        },
        "sourceId": "text",
        "sourceType": "text",
        "type": "text"
      },
      "title": "text",
      "type": "text",
      "updatedBy": {
        "id": "user",
        "type": "text"
      }
    }
  ]
}

List alert events

get

Authorizations

Path parameters

idstringRequired

The alert id

Query parameters

cursorstringOptional

the pagination token

limitinteger · int64 · max: 50Optional

the maximum results to return

Default: 25

Responses

application/json

objectOptional

application/json

get

GET /alerts/{id}/events HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Accept: */*

{
  "next": "text",
  "results": []
}

Update the status or assignee of an alert

patch

Authorizations

Path parameters

idstringRequired

ID of the alert

Body

assigneestringOptional

The ID of the assignee for this alert

statusstring · enumOptional

The status of this Alert

Available options:

Responses

application/json

patch

PATCH /alerts/{id} HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 35

{
  "assignee": "text",
  "status": "OPEN"
}

No content

Update the status or assignee of multiple alerts

patch

Authorizations

Body

assigneestringOptional

The ID of the assignee for this alert

idsstring[]Required

The IDs of the alerts to patch

statusstring · enumOptional

The status of this Alert

Available options:

Responses

application/json

patch

PATCH /alerts HTTP/1.1
Host: your-api-host
X-API-Key: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 50

{
  "assignee": "text",
  "ids": [
    "text"
  ],
  "status": "OPEN"
}

No content