Synopsis
Subcommands
list
List risk-based alerts with filtering and sorting.Options
| Flag | Type | Description |
|---|---|---|
--status | string | OPEN or RESOLVED |
--provider | string | Cloud provider: AWS, Azure, GCP, Kubernetes (case-insensitive) |
--alert-type | string | ASSET or FINDING |
--flagged | boolean | Filter by flagged status (true or false) |
--acknowledged | boolean | Filter by acknowledged status (true or false) |
--sort-by | string | riskScore or discoveredDate |
--sort-order | string | asc or desc |
--ids | string | Filter by alert IDs (comma-separated) |
--workflow-id | string | Filter by workflow IDs (comma-separated) |
--asset-group-id | string | Filter by asset group IDs (comma-separated) |
--resource-type | string | Filter by resource types (comma-separated) |
--integration-id | string | Filter by integration IDs (comma-separated) |
--per-page | number | Results per page (default: 50, max: 1000) |
--all | flag | Fetch all pages automatically |
Examples
Output columns
Table output includes all fields returned by the API:| Column | Description |
|---|---|
| ID | Alert ID |
| TITLE | Alert title |
| STATUS | OPEN or RESOLVED |
| TYPE | ASSET or FINDING |
| RISK SCORE | Numeric risk score |
| FLAGGED | Whether flagged |
| ACKNOWLEDGED | Whether acknowledged |
| TENANT ID | Tenant ID |
| INTEGRATION ID | Integration ID |
| WORKFLOW ID | Associated workflow ID |
| PROVIDER | Cloud provider |
| SERVICE | Cloud service |
| REGION | Cloud region |
| RESOURCE ID | Resource identifier |
| RESOURCE TYPE | Resource type |
| RESOURCE NAME | Resource name |
| ACCOUNT ID | Cloud account ID |
| FIRST OBSERVED | First observed timestamp |
| DISCOVERED | Alert discovery timestamp |
| LAST SCANNED | Last scan timestamp |
| RULES CHANGED | Rules last changed timestamp |
| CLOSED AT | Closed timestamp |
| CREATED AT | Record creation timestamp |
| UPDATED AT | Record update timestamp |