Get a list of alerts with multiple events. - The response is concatenated using AND condition (OR is not supported). - The maximum result set size is 100. - Offset is the zero-based number of alerts from the start of the result set.
Cortex XDR displays in the API response whether a PAN NGFW type alert contains a PCAP triggering packet. Use the Retrieve PCAP Packet API to retrieve a list of alert IDs and their associated PCAP data.
Note: You can send a request to retrieve either all or filtered results.
Required license: Cortex XDR Prevent, Cortex XDR Pro per Endpoint, or Cortex XDR Pro per GB
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v2/alerts/get_alerts_multi_events" \
-d '{
"request_data" : { }
}'
{"request_data":{"filters":[{"field":"severity","operator":"in","value":["medium","high"]}]}}
A dictionary containing the API request fields.
An empty dictionary returns all results.
OK
Bad Request. Got an invalid JSON.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Unauthorized access. User does not have the required license type to run this API.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Internal server error. A unified status for API communication type errors.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}