sophos_get_siem_alerts
Retrieve Sophos SIEM alerts for external integration. Supports cursor pagination; returns alerts from the last 24 hours.
Instructions
Retrieve alerts from the Sophos SIEM API for integration with external SIEM systems. Alerts are from the last 24 hours only. Use the cursor from the response (next_cursor) to paginate; check has_more to know if more pages exist.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| limit | No | Maximum number of alerts to return per request (min 200, max 1000, default 200) | |
| cursor | No | Pagination cursor from a previous response (next_cursor field) to fetch the next batch of alerts | |
| from_date | No | Return alerts after this point in time. Must be a UTC Unix timestamp (seconds since epoch, e.g. '1700000000'). Must be within the last 24 hours. | |
| tenant_id | Yes | The tenant ID to query SIEM alerts for |