The unit21_id field is being deprecated for Entities, Events, and Instruments after September 30, 2023. Requests that use unit21_id for associated_entities, associated_events, and associated_instruments for this endpoint will fail. entity_id, event_id and instrument_id should be used instead. More information.
Returns an array of top-level information about alerts in your environment.
Because the response is paginated, the request body has a limit and offset field. At least one must be filled.
limit indicates how many objects the request returns (the page maximum is 50)
offset indicates the offset for pagination. An offset value of 1 starts with the environment's first record.
To narrow down your alert search, we provide filter parameters to this endpoint. Note that all list inputs function as an "or" filter, as in any one of the values must match the selected alert(s):
Only alerts with the associated case ID will be shown.
Must be list of alert types: tm, kyc, chainalysis, car, or manual`
Alerts created on or after this unix timestamp
Alerts created before this unix timestamp
List of alert disposition states (defined on an integration basis)
Alerts with a disposition most recently updated after this unix timestamp
Alerts with a disposition most recently updated before this unix timestamp
List of agent emails. Returns alerts with a disposition most recently changed by agents in the list
List of Unit21 rule ids that are associated with the alert
List of entity ids associated with this alert
List of event ids associated with this alert
List of instrument ids associated with this alert
Must be list of alert sources: INTERNAL, EXTERNAL
Must be list of alert statuses: OPEN, CLOSED
List of string tags (key:value) or keys to associate this alert with (e.g. alert_type:high_velocity or alert_type). If only the key is provided, we will match against all tags with that key
A limit on the number of objects to be returned. Limit can range between 1 and 50, and the default is 10
The offset for pagination. Default is 1
Options for the data included in the returned alerts. Removing unneeded options can improve response speed
The total_count field contains the total number of alerts where the response_count field contains the number of alerts included in the response.