List Alerts
List alerts from Wiz with filtering options for time range, status, severity, and type. If no time range is provided, the alerts from the last 24 hours will be listed.
For more information on the Wiz API, see Wiz Documentation (opens in a new tab).
SDK Import:
from admyral.actions import virus_total_analyze_urlArguments:
| Argument Name | Description | Required |
|---|---|---|
Start Time start_time | The start time for the alerts to list. Must be in ISO 8601 format (YYYY-MM-DDTHH:MM:SSZ). | - |
End Time end_time | The end time for the alerts to list. Must be in ISO 8601 format (YYYY-MM-DDTHH:MM:SSZ). | - |
Limit limit | The maximum number of alerts to list. Default: 1000 | Yes |
Returns
A JSON array of alerts.
Required Secrets
| Secret Placeholder | Description |
|---|---|
WIZ_SECRET | Wiz secret. See Wiz setup |
SDK Example
alerts = list_wiz_alerts(
secrets={"WIZ_SECRET": "my_stored_wiz_secret"}
)Example Output:
[
{
"id": "abc123",
"control": {
"id": "control1",
"name": "Unencrypted S3 Bucket",
"description": "This control checks for unencrypted S3 buckets.",
"resolutionRecommendation": "Enable server-side encryption.",
"securitySubCategories": [
{
"title": "Encryption",
"category": {
"name": "Data Protection",
"framework": {
"name": "CIS"
}
}
}
]
},
"createdAt": "2024-08-01T12:34:56Z",
"updatedAt": "2024-08-01T13:00:00Z",
"status": "OPEN",
"severity": "HIGH",
"type": "CLOUD_CONFIGURATION",
"project": {
"id": "project1",
"name": "Critical Infrastructure",
"slug": "critical-infrastructure",
"businessUnit": "Operations",
"riskProfile": {
"businessImpact": "HIGH"
}
},
"entitySnapshot": {
"id": "resource123",
"type": "AWS::S3::Bucket",
"name": "my-unencrypted-bucket",
"cloudPlatform": "AWS",
"region": "us-east-1",
"tags": ["production", "sensitive-data"]
}
}
]