Prisma Cloud: How to download alerts by alert status updated and not by the alert status opened time via API

Prisma Cloud: How to download alerts by alert status updated and not by the alert status opened time via API

641
Created On 04/04/25 16:21 PM - Last Modified 06/23/25 18:48 PM


Objective


When alert status goes from opened to resolved the alerts have different times the data is pulled by. 

GUI Path: Alerts > Overview > Time Range Type: Alert Status Updated

Environment


  • Prisma Cloud
  • API

Procedure


Alert status updated filter as seen in the UI.

This is the API call :

{
"detailed": false,
"filters": [
{
"name": "alert.status",
"operator": "=",
"value": "resolved"
},
{
"name": "account.group",
"operator": "=",
"value": "Default Account Group"
},
{
"name": "timeRange.type",
"operator": "=",
"value": "ALERT_STATUS_UPDATED"
}
],
"timeRange": {
"relativeTimeType": "BACKWARD",
"type": "relative",
"value": {
"amount": 1,
"unit": "week"
}
},
"limit": 1000,
"webClient": true,
"pageToken": ""
}


Additional Information


View our developer documentation here on this alert API call.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000PRSjCAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail