policy-alerts-tool
Retrieve Rhombus policy alerts triggered by AI events, device status changes, tampering, or access control events. Filter by time range, device, or location to find specific alerts.
Instructions
Retrieves Rhombus policy alerts. Policy alerts in the Rhombus system are generated based on user-defined alert policies configured in the Rhombus Console. These policies trigger alerts when specific events occur, such as:
AI & Computer Vision Events: Based on intelligent video analytics for motion, people, vehicles, facial recognition, license plate recognition, or unusual behavior.
Device Status Changes: Like camera disconnections or sensor low battery.
Physical or Visual Tamper: Detection of physical movement of a device or obstruction of a camera's field of view.
Access Control Events: Such as unauthorized access attempts in restricted areas.
Alerts are generated on triggers, but are NOT the same as notifications. Only certain alerts generate notifications based on user settings.
Can inquire about labels that have been seen.
Please note, this is not an exhaustive list, and there may be other types of triggers or events that generate policy alerts within the Rhombus system.
This tool allows you to filter existing alerts by existing/expiring, a specific time range (before or after a timestamp in ISO 8601 format), by a list of device UUIDs, or by a list of location UUIDs. You can also specify the maximum number of results to return. The output is provided in JSON format.
Pagination: Results are paginated and have a maximum page size. If the response includes a lastEvaluatedKey (for queryType "expiringSoon") or both lastTimestampISO and lastUuid (for queryTypes "existing" and "alert-groups"), more results are available. Pass these values back in the next call using the corresponding input parameters (lastEvaluatedKey, or lastTimestampISO and lastUuid) to retrieve the next page. Repeat until the response no longer includes these fields.
IMPORTANT: The "unhealthy-devices" queryType returns historical alert notifications that were triggered for device health issues. It does NOT return live/real-time device connection status. If no device health alert policies are configured, or alerts were dismissed, this may return empty even when devices are offline.
To check which devices are currently online/offline, use the get-entity-tool instead. The get-entity-tool returns the current state of all devices including their live connection status (the "connected" field). Request all entity types (CAMERA, DOORBELL_CAMERA, BADGE_READER, etc.) and check the "connected" field on each device to determine which are offline.
Output filtering (all tools):
includeFields(string[]): Dot-notation paths to keep in the response (e.g."vehicleEvents.vehicleLicensePlate"). Omit to return all fields.filterBy(array): Predicates to filter array items. Each entry:{field, op, value}where op is one of= != > >= < <= contains. All conditions are ANDed. Example:[{field:"vehicleLicensePlate", op:"=", value:"ABC123"}]WARNING: some tool responses exceed 400k characters — use these params to request only the data you need.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| queryType | Yes | The type of policy alerts to retrieve. Use "existing" to get current policy alerts, and "expiringSoon" to get policy alerts that are nearing their expiration date. | |
| afterTimestampISO | Yes | The start of the time range for which to retrieve alerts. Only alerts that occurred AFTER this timestamp will be returned.Time format is in ISO 8601 format. Both UTC ("2025-08-04T20:54:27.123Z") and time zone offsets ("2025-08-04T13:54:27.123-07:00") are accepted to ensure an unambiguous point in time. | |
| beforeTimestampISO | Yes | The end of the time range for which to retrieve alerts. Only alerts that occurred BEFORE this timestamp will be returned.Time format is in ISO 8601 format. Both UTC ("2025-08-04T20:54:27.123Z") and time zone offsets ("2025-08-04T13:54:27.123-07:00") are accepted to ensure an unambiguous point in time. | |
| deviceFilter | Yes | A list of UUIDs representing the specific devices to filter alerts by. Only alerts emitted by these devices will be returned. Please truncate any facets, such as .v0 | |
| locationFilter | Yes | A list of UUIDs representing the specific locations to filter alerts by. Only alerts associated with these locations will be returned. Please truncate any facets, such as .v0 | |
| maxResults | Yes | The maximum number of policy alerts to return. A good default is 100, but you may increase or decrease this number as needed. A reasonable hard maximum is 1000 alerts. | |
| lastEvaluatedKey | Yes | Opaque pagination cursor from a previous response. When the response includes lastEvaluatedKey, pass it here on the next call to retrieve the next page. Used by queryType 'expiringSoon'. | |
| lastTimestampISO | Yes | Pagination cursor (ISO 8601 timestamp). When the response includes lastTimestampISO, pass it here with lastUuid on the next call for the next page. Used by queryTypes 'existing' and 'alert-groups'.Time format is in ISO 8601 format. Both UTC ("2025-08-04T20:54:27.123Z") and time zone offsets ("2025-08-04T13:54:27.123-07:00") are accepted to ensure an unambiguous point in time. | |
| lastUuid | Yes | Pagination cursor (UUID of last item). Pass together with lastTimestampISO from the previous response to fetch the next page. Used by queryTypes 'existing' and 'alert-groups'. | |
| timeZone | Yes | The timezone from the location of the camera of the policy alert, for formatting timestamps. This is necessary for the tool to produce accurate formatted timestamps. | |
| alertUuid | Yes | The UUID of a specific policy alert. Required for 'details' and 'dismiss'. | |
| includeFields | Yes | Dot-notation field paths to include in the response (e.g. "vehicleEvents.vehicleLicensePlate"). Pass null to return all fields. WARNING: some responses can exceed 400k characters — use includeFields to request only the data you need. For high-volume tools this may be required to get a complete answer. | |
| filterBy | Yes | Filter array items in the response by field values. All conditions are ANDed. Example: [{field: "vehicleLicensePlate", op: "=", value: "ABC123"}, {field: "confidence", op: ">", value: 0.8}] Use alongside includeFields to get only the specific records and fields you need. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| error | No | ||
| errorMsg | No | ||
| policyAlerts | Yes | ||
| lastEvaluatedKey | No | If present, more results are available. Pass this value as lastEvaluatedKey on the next call to get the next page (queryType 'expiringSoon'). | |
| lastTimestampISO | No | If present with lastUuid, more results are available. Pass both as lastTimestampISO and lastUuid on the next call for the next page ('existing' or 'alert-groups'). ISO 8601 format. | |
| lastUuid | No | If present with lastTimestampISO, more results are available. Pass both on the next call for the next page ('existing' or 'alert-groups'). |