Skip to main content

search_alerts

Search alerts with filters on status, severity, source, tags, and time range.

Parameters

ParameterTypeRequiredDescription
statusstringNoFilter by status: Open, Triaging, Escalated, Closed
severitystringNoFilter by severity: Informational, Low, Medium, High, Critical
source_namestringNoFilter by alert source
tagsstring[]NoFilter by tags (alerts must match any tag)
sincestringNoISO 8601 timestamp — only alerts after this time
limitintegerNoMaximum results (default: 20)
At least one parameter must be provided.

Example

{
  "status": "Open",
  "severity": "High",
  "since": "2025-01-14T00:00:00Z",
  "limit": 10
}

Return Value

[
  {
    "uuid": "9f2a-b3c1-...",
    "title": "Impossible Travel Detected",
    "severity": "High",
    "status": "Open",
    "source_name": "sentinel",
    "occurred_at": "2025-01-15T10:28:00Z",
    "indicator_count": 3
  }
]

Required Scope

alerts:read