Alert Body

(Daniel) #1


is there a way to get alert bodies via the API?
When I query the api for incidents/{incident-id}/alerts/{alert-id} I get back JSON with a body key, like so:

"body": {
      "contexts": [],
      "details": {},
      "cef_details": null,
      "type": "alert_body"

Notice that there is no information here. However the alert itself came from an email and has a rich text body. Is there a way to lift that information via the API?


(John Coleman) #2

Hi Daniel,

Thank you for this community comment. I did some research, and I have gathered that we currently do not offer this functionality. The type of data that you are looking for would likely be accessible through the log_entries/:id endpoint in the response data: Currently, we only provide the, which is mapped to the alert.summary from the endpoint that you have referenced (i.e. incidents/{incident-id}/alerts/{alert-id}).

Since we don’t have this functionality, it appears that this seems like a feature request. I will pass along your feedback to our Product team.


(system) #3