get https://api.picussecurity.com/v1/simulations//run/latest/threats//actions//integrations//alerts
Includes Action Name, Log Source and Alert Time.
Default limit: 100, Default offset: 0
Max limit: 1000
Same action can be used multiple times under the scope of threat where these actions are distinguished by node_id
node_id parameter can be used optionally. For the case it is not provided, first node is returned.
About
If the simulation is enriched with SIEM / EDR integrations and if any integrations contains alert configuration enabled, Integration based Alert Details for Actions endpoint returns alert list.
Example
curl --request GET \
--url https://api.picussecurity.com/v1/simulations/6068/run/latest/threats/4241/actions/21178/integrations/134/alerts \
--header 'Accept: application/json' \
--header 'Authorization: Bearer access_token'
{
"alerts": [
{
"alert_id": 10004,
"name": "notepadSpawn.lnk",
"action": "",
"time": 1654793074718,
"source": "PUA"
}
],
"pages": {
"total_count": 1,
"limit": 100,
"offset": 0
}
}
Pagination
Default Limit: 100, Max Limit: 1000