get_alert_history
Retrieve the complete chronological audit trail for any alert to track all status changes, assignments, notes, and events for compliance and investigation.
Instructions
Get the complete audit history and timeline for an alert.
Retrieves a chronological record of all actions, status changes, and events related to a specific alert. Provides full audit trail for compliance and investigation.
Args: alert_id: The unique identifier of the alert. first: Number of history events to retrieve (1-100, default: 10). after: Pagination cursor from previous response (optional).
Returns: Paginated chronological list in JSON format containing: - edges: Array of history events with: - createdAt: ISO timestamp when the event was created - eventText: Human-readable description of the event - eventType: Type of event (STATUS_CHANGED, ASSIGNMENT_CHANGED, NOTE_ADDED, etc.) - reportUrl: Optional URL to mitigation action report (if applicable) - historyItemCreator: Creator/author of the event (may be null for system events): - userId: User identifier - userType: Type of user (MDR, CONSOLE_USER, etc.) - pageInfo: Pagination metadata (same structure as list_alerts)
Common Event Types: - status_change: Alert status modified (NEW → IN_PROGRESS, etc.) - assignment: Alert assigned/unassigned to user or team - severity_change: Severity level modified - note_added: Analyst note or comment added - verdict_change: Analyst verdict updated - escalation: Alert escalated to higher priority - integration_action: External system actions (ticket creation, etc.)
Common Use Cases: - Compliance auditing and reporting - Investigation timeline reconstruction - Performance metrics and SLA tracking - Change management and accountability - Forensic analysis of alert handling
Raises: RuntimeError: If there's an error retrieving alert history. ValueError: If parameters are invalid.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| after | No | ||
| first | No | ||
| alert_id | Yes |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |