List alerts

🚧

The unit21_id field is being deprecated for Entities, Events, and Instruments after September 30, 2023. Requests that use unit21_id for associated_entities, associated_events, and associated_instruments for this endpoint will fail. entity_id, event_id and instrument_id should be used instead. More information.

Returns an array of top-level information about alerts in your environment.

Because the response is paginated, the request body has a limit and offset field. At least one must be filled.

  • limit indicates how many objects the request returns (the page maximum is 50)
  • offset indicates the offset for pagination. An offset value of 1 starts with the environment's first record.

To narrow down your alert search, we provide filter parameters to this endpoint. Note that all list inputs function as an "or" filter, as in any one of the values must match the selected alert(s):

FieldTypeDescription
case_idNumericOnly alerts with the associated case ID will be shown.
typesString[]Must be list of alert types: tm, kyc, chainalysis, car, or manual`
created_afterNumericAlerts created on or after this unix timestamp
created_beforeNumericAlerts created before this unix timestamp
dispositionsString[]List of alert disposition states (defined on an integration basis)
dispositioned_afterNumericAlerts with a disposition most recently updated after this unix timestamp
dispositioned_beforeNumericAlerts with a disposition most recently updated before this unix timestamp
dispositioned_byString[]List of agent emails. Returns alerts with a disposition most recently changed by agents in the list
rulesNumeric[]List of Unit21 rule ids that are associated with the alert
associated_entitiesString[]List of entity ids associated with this alert
associated_eventsString[]List of event ids associated with this alert
associated_instrumentsString[]List of instrument ids associated with this alert
sourcesString[]Must be list of alert sources: INTERNAL, EXTERNAL
statusesString[]Must be list of alert statuses: OPEN, CLOSED
tag_filtersString[]List of string tags (key:value) or keys to associate this alert with (e.g. alert_type:high_velocity or alert_type). If only the key is provided, we will match against all tags with that key
limitNumericA limit on the number of objects to be returned. Limit can range between 1 and 50, and the default is 10
offsetNumericThe offset for pagination. Default is 1
optionsObjectOptions for the data included in the returned alerts. Removing unneeded options can improve response speed

The total_count field contains the total number of alerts where the response_count field contains the number of alerts included in the response.

Follow the links for more information:

Language
Authorization
Header
URL
Click Try It! to start a request and see the response here!