Export Alerts

POST {{cb_url}}/api/alerts/v7/orgs/{{cb_org_key}}/alerts/_export

Export Alerts in csv format. This is an asynchronous request which enables up to 25,000 records to be exported in each request.

  1. Use the Export Alerts endpoint defined here to create a job with required search criteria to limit the results. A job_id is returned.

    1. This job may take up to 5 minutes to complete.
  2. Optionally, use Get Job Progress to check whether the job has completed.

  3. Use the job_id in the Download Job Output endpoint in the Jobs Service to get the results. The Download Job API requires the permission jobs.status - READ.

    1. If more than 25,000 records matched the criteria, the first 25,000 are returned, sorted by backend_timestamp.

See Documentation

RBAC Permissions Required

Permission (.notation name)Operation(s)
org.alertsREAD
jobs.statusREAD

Request Schema

{
  "query": "<string>",
  "time_range": {
    "start": "<dateTime>",
    "end": "<dateTime>",
    "range": "<string>"
  },
  "criteria": {
    "org_key": [
      "<string>"
    ],
    "id": [
      "<string>"
    ],
    "type": [
      "<string>"
    ],
    "backend_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "user_update_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "backend_update_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "detection_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "first_event_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "last_event_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "alert_origin": [
      "<string>"
    ]
    "minimum_severity": <integer>,
    "reason_code": [
      "<string>"
    ],
    "threat_id": [
      "<string>"
    ],
    "primary_event_id": [
      "<string>"
    ],
    "policy_applied": [
      "<string>"
    ],
    "run_state": [
      "<string>"
    ],
    "sensor_action": [
      "<string>"
    ],
    "workflow_status": [
      "<string>"
    ],
    "workflow_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "workflow_changed_by_type": [
      "<string>"
    ],
    "workflow_changed_by_autoclose_rule_id": [
      "<string>"
    ],
    "workflow_closure_reason": [
      "<string>"
    ],
    "determination_value": [
      "<string>"
    ],
    "determination_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "determination_changed_by_type": [
      "<string>"
    ],
    "tags": [
      "<string>"
    ],
    "alert_notes_present": <boolean>,
    "threat_notes_present": <boolean>,
    "device_id": [
      <long>
    ],
    "device_name": [
      "<string>"
    ],
    "device_uem_id": [
      "<string>"
    ],
    "device_policy": [
      "<string>"
    ],
    "device_policy_id": [
      <long>
    ],
    "device_target_value": [
      "<string>"
    ],
    "device_os": [
      "<string>"
    ],
    "device_os_version": [
      "<string>"
    ],
    "device_username": [
      "<string>"
    ],
    "device_location": [
      "<string>"
    ],
    "device_external_ip": [
      "<string>"
    ],
    "device_internal_ip": [
      "<string>"
    ],
    "rule_config_type": [
      "<string>"
    ],
    "rule_config_name": [
      "<string>"
    ],
    "rule_config_id": [
      "<string>"
    ],
    "rule_category_id": [
      "<string>"
    ],
    "rule_id": [
      "<string>"
    ],
    "process_guid": [
      "<string>"
    ],
    "process_pid": [
      <integer>
    ],
    "process_name": [
      "<string>"
    ],
    "process_sha256": [
      "<string>"
    ],
    "process_md5": [
      "<string>"
    ],
    "process_effective_reputation": [
      "<string>"
    ],
    "process_reputation": [
      "<string>"
    ],
    "process_cmdline": [
      "<string>"
    ],
    "process_username": [
      "<string>"
    ],
    "process_signatures_certificate_authority": [
      "<string>"
    ],
    "process_signatures_publisher": [
      "<string>"
    ],
    "parent_guid": [
      "<string>"
    ],
    "parent_pid": [
      <integer>
    ],
    "parent_name": [
      "<string>"
    ],
    "parent_sha256": [
      "<string>"
    ],
    "parent_md5": [
      "<string>"
    ],
    "parent_effective_reputation": [
      "<string>"
    ],
    "parent_reputation": [
      "ADWARE",
      "NOT_SUPPORTED"
    ],
    "parent_cmdline": [
      "<string>"
    ],
    "parent_username": [
      "<string>"
    ],
    "childproc_guid": [
      "<string>"
    ],
    "childproc_name": [
      "<string>"
    ],
    "childproc_sha256": [
      "<string>"
    ],
    "childproc_md5": [
      "<string>"
    ],
    "childproc_effective_reputation": [
      "<string>"
    ],
    "childproc_username": [
      "<string>"
    ],
    "childproc_cmdline": [
      "<string>"
    ],
    "netconn_remote_port": [
      <integer>
    ],
    "netconn_local_port": [
      <integer>
    ],
    "netconn_protocol": [
      "<string>"
    ],
    "netconn_remote_domain": [
      "<string>"
    ],
    "netconn_remote_ip": [
      "<string>"
    ],
    "netconn_local_ip": [
      "<string>"
    ],
    "netconn_remote_ipv4": [
      "<string>"
    ],
    "netconn_local_ipv4": [
      "<string>"
    ],
    "netconn_remote_ipv6": [
      "<string>"
    ],
    "netconn_local_ipv6": [
      "<string>"
    ],
    "threat_category": [
      "<string>"
    ],
    "ttps": [
      "<string>"
    ],
    "attack_tactic": [
      "<string>"
    ],
    "attack_technique": [
      "<string>"
    ],
    "report_id": [
      "<string>"
    ],
    "report_name": [
      "<string>"
    ],
    "report_link": [
      "<string>"
    ],
    "watchlists_id": [
      "<string>"
    ],
    "watchlists_name": [
      "<string>"
    ],
    "k8s_policy_id": [
      "<string>"
    ],
    "k8s_policy": [
      "<string>"
    ],
    "k8s_rule_id": [
      "<string>"
    ],
    "k8s_rule": [
      "<string>"
    ],
    "cluster_name": [
      "<string>"
    ],
    "namespace": [
      "<string>"
    ],
    "workload_kind": [
      "<string>"
    ],
    "workload_name": [
      "<string>"
    ],
    "replica_id": [
      "<string>"
    ],
    "connection_type": [
      "<string>"
    ],
    "egress_group_id": [
      "<string>"
    ],
    "egress_group_name": [
      "<string>"
    ],
    "ip_reputation": [
      <integer>
    ],
    "remote_is_private": <boolean>,
    "remote_namespace": [
      "<string>"
    ],
    "remote_replica_id": [
      "<string>"
    ],
    "remote_workload_kind": [
      "<string>"
    ],
    "remote_workload_name": [
      "<string>"
    ],
    "tms_rule_id": [
      "<string>"
    ],
    "threat_name": [
      "<string>"
    ],
    "vendor_name": [
      "<string>"
    ],
    "vendor_id": [
      "<string>"
    ],
    "product_name": [
      "<string>"
    ],
    "product_id": [
      "<string>"
    ],
    "external_device_friendly_name": [
      "<string>"
    ],
    "serial_number": [
      "<string>"
    ],
    "blocked_name": [
      "<string>"
    ],
    "blocked_sha256": [
      "<string>"
    ],
    "blocked_md5": [
      "<string>"
    ],
    "blocked_effective_reputation": [
      "<string>"
    ],
    "ml_classification_final_verdict": [
      "<string>"
    ],
    "ml_classification_global_prevalence": [
      "<string>"
    ],
    "ml_classification_org_prevalence": [
      "<string>"
    ],
    "mdr_alert": <boolean>,
    "mdr_workflow_status": [
      "<string>"
    ],
    "mdr_workflow_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "mdr_workflow_is_assigned": <boolean>,
    "mdr_determination_value": [
      "<string>"
    ],
    "mdr_determination_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    }
  },
  "exclusions": {
    "org_key": [
      "<string>"
    ],
    "id": [
      "<string>"
    ],
    "type": [
      "<string>"
    ],
    "backend_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "user_update_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "backend_update_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "detection_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "first_event_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "last_event_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "alert_origin": [
      "<string>"
    ]
    "minimum_severity": <integer>,
    "reason_code": [
      "<string>"
    ],
    "threat_id": [
      "<string>"
    ],
    "primary_event_id": [
      "<string>"
    ],
    "policy_applied": [
      "<string>"
    ],
    "run_state": [
      "<string>"
    ],
    "sensor_action": [
      "<string>"
    ],
    "workflow_status": [
      "<string>"
    ],
    "workflow_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "workflow_changed_by_type": [
      "<string>"
    ],
    "workflow_changed_by_autoclose_rule_id": [
      "<string>"
    ],
    "workflow_closure_reason": [
      "<string>"
    ],
    "determination_value": [
      "NONE"
    ],
    "determination_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "determination_changed_by_type": [
      "<string>"
    ],
    "tags": [
      "<string>"
    ],
    "alert_notes_present": <boolean>,
    "threat_notes_present": <boolean>,
    "device_id": [
      <long>
    ],
    "device_name": [
      "<string>"
    ],
    "device_uem_id": [
      "<string>"
    ],
    "device_policy": [
      "<string>"
    ],
    "device_policy_id": [
      <long>
    ],
    "device_target_value": [
      "<string>"
    ],
    "device_os": [
      "<string>"
    ],
    "device_os_version": [
      "<string>"
    ],
    "device_username": [
      "<string>"
    ],
    "device_location": [
      "<string>"
    ],
    "device_external_ip": [
      "<string>"
    ],
    "device_internal_ip": [
      "<string>"
    ],
    "rule_config_type": [
      "<string>"
    ],
    "rule_config_name": [
      "<string>"
    ],
    "rule_config_id": [
      "<string>"
    ],
    "rule_category_id": [
      "<string>"
    ],
    "rule_id": [
      "<string>"
    ],
    "process_guid": [
      "<string>"
    ],
    "process_pid": [
      <integer>
    ],
    "process_name": [
      "<string>"
    ],
    "process_sha256": [
      "<string>"
    ],
    "process_md5": [
      "<string>"
    ],
    "process_effective_reputation": [
      "<string>"
    ],
    "process_reputation": [
      "<string>"
    ],
    "process_cmdline": [
      "<string>"
    ],
    "process_username": [
      "<string>"
    ],
    "process_signatures_certificate_authority": [
      "<string>"
    ],
    "process_signatures_publisher": [
      "<string>"
    ],
    "parent_guid": [
      "<string>"
    ],
    "parent_pid": [
      <integer>
    ],
    "parent_name": [
      "<string>"
    ],
    "parent_sha256": [
      "<string>"
    ],
    "parent_md5": [
      "<string>"
    ],
    "parent_effective_reputation": [
      "<string>"
    ],
    "parent_reputation": [
      "<string>"
    ],
    "parent_cmdline": [
      "<string>"
    ],
    "parent_username": [
      "<string>"
    ],
    "childproc_guid": [
      "<string>"
    ],
    "childproc_name": [
      "<string>"
    ],
    "childproc_sha256": [
      "<string>"
    ],
    "childproc_md5": [
      "<string>"
    ],
    "childproc_effective_reputation": [
      "<string>"
    ],
    "childproc_username": [
      "<string>"
    ],
    "childproc_cmdline": [
      "<string>"
    ],
    "netconn_remote_port": [
      <integer>
    ],
    "netconn_local_port": [
      <integer>
    ],
    "netconn_protocol": [
      "<string>"
    ],
    "netconn_remote_domain": [
      "<string>"
    ],
    "netconn_remote_ip": [
      "<string>"
    ],
    "netconn_local_ip": [
      "<string>"
    ],
    "netconn_remote_ipv4": [
      "<string>"
    ],
    "netconn_local_ipv4": [
      "<string>"
    ],
    "netconn_remote_ipv6": [
      "<string>"
    ],
    "netconn_local_ipv6": [
      "<string>"
    ],
    "threat_category": [
      "<string>"
    ],
    "ttps": [
      "<string>"
    ],
    "attack_tactic": [
      "<string>"
    ],
    "attack_technique": [
      "<string>"
    ],
    "report_id": [
      "<string>"
    ],
    "report_name": [
      "<string>"
    ],
    "report_link": [
      "<string>"
    ],
    "watchlists_id": [
      "<string>"
    ],
    "watchlists_name": [
      "<string>"
    ],
    "k8s_policy_id": [
      "<string>"
    ],
    "k8s_policy": [
      "<string>"
    ],
    "k8s_rule_id": [
      "<string>"
    ],
    "k8s_rule": [
      "<string>"
    ],
    "cluster_name": [
      "<string>"
    ],
    "namespace": [
      "<string>"
    ],
    "workload_kind": [
      "<string>"
    ],
    "workload_name": [
      "<string>"
    ],
    "replica_id": [
      "<string>"
    ],
    "connection_type": [
      "<string>"
    ],
    "egress_group_id": [
      "<string>"
    ],
    "egress_group_name": [
      "<string>"
    ],
    "ip_reputation": [
      <integer>
    ],
    "remote_is_private": <boolean>,
    "remote_namespace": [
      "<string>"
    ],
    "remote_replica_id": [
      "<string>"
    ],
    "remote_workload_kind": [
      "<string>"
    ],
    "remote_workload_name": [
      "<string>"
    ],
    "tms_rule_id": [
      "<string>"
    ],
    "threat_name": [
      "<string>"
    ],
    "vendor_name": [
      "<string>"
    ],
    "vendor_id": [
      "<string>"
    ],
    "product_name": [
      "<string>"
    ],
    "product_id": [
      "<string>"
    ],
    "external_device_friendly_name": [
      "<string>"
    ],
    "serial_number": [
      "<string>"
    ],
    "blocked_name": [
      "<string>"
    ],
    "blocked_sha256": [
      "<string>"
    ],
    "blocked_md5": [
      "<string>"
    ],
    "blocked_effective_reputation": [
      "<string>"
    ],
    "ml_classification_final_verdict": [
      "<string>"
    ],
    "ml_classification_global_prevalence": [
      "<string>"
    ],
    "ml_classification_org_prevalence": [
      "<string>"
    ],
    "mdr_alert": <boolean>,
    "mdr_workflow_status": [
      "<string>"
    ],
    "mdr_workflow_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    },
    "mdr_workflow_is_assigned": <boolean>,
    "mdr_determination_value": [
      "<string>"
    ],
    "mdr_determination_change_timestamp": {
      "start": "<dateTime>",
      "end": "<dateTime>",
      "range": "<string>"
    }
  },
  "format": "<string>",
  "fields": ["<string>"]
}

Request Body

{"time_range"=>{"range"=>"-1d"}, "criteria"=>{"minimum_severity"=>2, "type"=>["WATCHLIST"]}, "format"=>"CSV"}

HEADERS

KeyDatatypeRequiredDescription
Content-Typestring
Acceptstring

RESPONSES

status: OK

&quot;alert_notes_present,alert_url,asset_group,asset_id,attack_tactic,attack_technique,backend_timestamp,backend_update_timestamp,blocked_effective_reputation,blocked_md5,blocked_name,blocked_sha256,childproc_cmdline,childproc_effective_reputation,childproc_guid,childproc_md5,childproc_name,childproc_sha256,childproc_username,chrome_device_id,connection_type,container_id,container_image_hash,container_image_name,container_name,detection_timestamp,determination_change_timestamp,determination_changed_by,determination_changed_by_type,determination_value,device_external_ip,device_id,device_internal_ip,device_location,device_name,device_os,device_os_version,device_policy,device_policy_id,device_target_value,device_uem_id,device_username,egress_group_id,egress_group_name,external_device_friendly_name,first_event_timestamp,id,ioc_field,ioc_hit,ioc_id,ip_reputation,is_updated,k8s_cluster,k8s_kind,k8s_namespace,k8s_pod_name,k8s_policy,k8s_policy_id,k8s_rule,k8s_rule_id,k8s_workload_name,last_event_timestamp,mdr_alert,mdr_alert_notes_present,mdr_determination_value,mdr_threat_notes_present,mdr_workflow_is_assigned,mdr_workflow_status,ml_classification_anomalies,ml_classification_final_verdict,ml_classification_global_prevalence,ml_classification_org_prevalence,netconn_local_ip,netconn_local_ipv4,netconn_local_ipv6,netconn_local_port,netconn_protocol,netconn_remote_domain,netconn_remote_ip,netconn_remote_ipv4,netconn_remote_ipv6,netconn_remote_port,org_key,parent_cmdline,parent_effective_reputation,parent_guid,parent_md5,parent_name,parent_pid,parent_reputation,parent_sha256,parent_username,policy_applied,primary_event_id,process_cmdline,process_container_pid,process_effective_reputation,process_guid,process_issuer,process_md5,process_name,process_pid,process_publisher,process_reputation,process_sha256,process_username,product_id,product_name,reason,reason_code,remote_is_private,remote_k8s_kind,remote_k8s_namespace,remote_k8s_pod_name,remote_k8s_workload_name,report_description,report_id,report_link,report_name,report_tags,rule_category_id,rule_config_category,rule_config_id,rule_config_name,rule_id,run_state,sensor_action,serial_number,severity,tags,threat_hunt_id,threat_hunt_name,threat_id,threat_name,threat_notes_present,tms_rule_id,ttps,type,user_update_timestamp,vendor_id,vendor_name,watchlists,workflow_change_timestamp,workflow_changed_by,workflow_changed_by_rule_id,workflow_changed_by_type,workflow_closure_reason,workflow_status\nfalse,defense.conferdeploy.net/alerts?s[c][query_string]=id:4870e071-9c7d-4147-b00d-0be988ff920a\u0026orgKey=ABCD1234,,,,,2024-05-28T13:27:23.815596681Z,2024-05-28T13:27:23.815596681Z,,,,,,,,,,,,,,,,,,2024-05-28T13:24:28.335Z,2024-05-28T13:27:23.815596681Z,,,NONE,1.2.3.4,18741265,10.203.101.185,UNKNOWN,DEMO-WIN,WINDOWS,Windows 10 x64,Standard,165700,MEDIUM,,,,,,2024-05-28T13:20:42.954Z,4870e071-9c7d-4147-b00d-0be988ff920a,,(process_name:dllhost.exe) AND process_publisher_state:FILE_SIGNATURE_STATE_VERIFIED ,529de965-e1f6-4e7d-a37e-9e392da29740,,false,,,,,,1b32b7cf-7c3d-30f1-97b4-6ec2e39530c9,,627bbdfe-55a7-3100-89bc-25d618fb9684,,2024-05-28T13:20:42.954Z,false,false,,false,false,,,,,,,,,0,,,,,,0,ABCD1234,C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch -p,TRUSTED_WHITE_LIST,ABCD1234-011df811-00000330-00000000-1daa67e691ecdb8,7469cc568ad6821fd9d925542730a7d8,c:\\windows\\system32\\svchost.exe,816,TRUSTED_WHITE_LIST,,NT AUTHORITY\\SYSTEM,NOT_APPLIED,1yR4WspiQUmlqaWJRHV9eg-0,C:\\WINDOWS\\system32\\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F},0,TRUSTED_WHITE_LIST,ABCD1234-011df811-00001c44-00000000-1daa67eb00776e6,[Microsoft Windows Production PCA 2011],dfe1e4b1b8714cbe1005ee9413c2bae9,c:\\windows\\system32\\dllhost.exe,7236,[Microsoft Windows],TRUSTED_WHITE_LIST,0309834d40475ccd5a88c48f7ff5ec62e5c6798900357dd83665c3d0345124e0,DEMO-WIN\\DEMO-DOMAIN,,,\&quot;Process dllhost.exe was detected by the report \&quot;\&quot;demo-report\&quot;\&quot; in watchlist \&quot;\&quot;demo-watchlist\&quot;\&quot;\&quot;,1b32b7cf-7c3d-30f1-97b4-6ec2e39530c9:627bbdfe-55a7-3100-89bc-25d618fb9684,false,,,,,,Q0O2FxEWSy2fSSYxEs2Pg,,demo-report,,1b32b7cf-7c3d-30f1-97b4-6ec2e39530c9,,,,627bbdfe-55a7-3100-89bc-25d618fb9684,RAN,ALLOW,,5,,,,1B32B7CF7C3D40F117B46EC2E39530C9,,true,,,WATCHLIST,,,,,2024-05-28T13:27:23.815596681Z,ALERT_CREATION,,SYSTEM,,OPEN\nfalse,defense.conferdeploy.net/alerts?s[c][query_string]=id:f3b3f70d-28a1-4764-9385-89331608e0f3\u0026orgKey=ABCD1234,,,,,2024-05-28T12:55:56.709689187Z,2024-05-28T12:55:56.709689187Z,,,,,,,,,,,,,,,,,,2024-05-28T12:52:34.185Z,2024-05-28T12:55:56.709689187Z,,,NONE,1.2.3.4,19013608,9.8.7.6,UNKNOWN,DEMO-02\\DEMO-DOMAIN,WINDOWS,Windows 10 x64,Demo Policy,465946,MEDIUM,,,,,,2024-05-28T12:48:32.406Z,f3b3f70d-28a1-4764-9385-89331608e0f3,,(process_name:dllhost.exe) AND process_publisher_state:FILE_SIGNATURE_STATE_VERIFIED ,529de965-e1f6-4e7d-a37e-9e392da29740,,false,,,,,,1b32b7cf-7c3d-30f1-97b4-6ec2e39530c9,,627bbdfe-55a7-3100-89bc-25d618fb9684,,2024-05-28T12:48:32.406Z,false,false,,false,false,,,,,,,,,0,,,,,,0,ABCD1234,C:\\Windows\\system32\\svchost.exe -k DcomLaunch -p,TRUSTED_WHITE_LIST,ABCD1234-01221fe8-00000338-00000000-1daa710f1091653,7469cc568ad6821fd9d925542730a7d8,c:\\windows\\system32\\svchost.exe,824,TRUSTED_WHITE_LIST,,NT AUTHORITY\\SYSTEM,NOT_APPLIED,AZDQ1VvNSdyupi9rG-4nOg-0,C:\\Windows\\system32\\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F},0,TRUSTED_WHITE_LIST,ABCD1234-01221fe8-00001f70-00000000-1daa7113a0da2e2,[Microsoft Windows Production PCA 2011],dfe1e4b1b8714cbe1005ee9413c2bae9,c:\\windows\\system32\\dllhost.exe,8048,[Microsoft Windows],TRUSTED_WHITE_LIST,0309834d40475ccd5a88c48f7ff5ec62e5c6798900357dd83665c3d0345124e0,DEMO-02\\DEMO-DOMAIN,,,\&quot;Process dllhost.exe was detected by the report \&quot;\&quot;demo-report\&quot;\&quot; in watchlist \&quot;\&quot;demo-watchlist\&quot;\&quot;\&quot;,1b32b7cf-7c3d-30f1-97b4-6ec2e39530c9:627bbdfe-55a7-3100-89bc-25d618fb9684,false,,,,,,Q0O2FxEWSy2fSSYxEs2Pg,,demo-report,,1b32b7cf-7c3d-30f1-97b4-6ec2e39530c9,,,,627bbdfe-55a7-3100-89bc-25d618fb9684,RAN,ALLOW,,5,,,,1B32B7CF7C3D40F117B46EC2E39530C9,,true,,,WATCHLIST,,,,,2024-05-28T12:55:56.709689187Z,ALERT_CREATION,,SYSTEM,,OPEN\n&quot;