rf-alerts
List alerts from Recorded Future.
Syntax
rf-alerts [profile=PROFILE] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [rule=RULE] [status=STATUS] [query=QUERY] [limit=NUM] [order=ORDER]
- profile=PROFILE
- Optional. Recorded Future connect profile code
- duration=NUM{mon|w|d|h|m|s}
- Optional. Scan only recent data. Use s(second), m(minute), h(hour), d(day), mon(month) time unit.
- from=yyyyMMddHHmmss
- Optional. Start time of range. yyyyMMddHHmmss format.
- to=yyyyMMddHHmmss
- Optional. End time of range. yyyyMMddHHmmss format.
- rule=RULE
- Optional. Alert rule ID filter
- status=STATUS
- Optional. Status filter (new, pending, dismissed, resolved)
- query=QUERY
- Optional. Free text search query
- limit=NUM
- Optional. Maximum number of alerts to retrieve (default: 1000)
- order=ORDER
- Optional. Sort order by triggered time (asc, desc)
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| id | String | ID | Alert ID |
| title | String | Title | Alert title |
| type | String | Type | Alert type |
| url | String | URL | Portal alert URL |
| rule_id | String | Rule ID | Rule ID |
| rule_name | String | Rule Name | Rule name |
| triggered | Date | Triggered | Alert triggered time |
| triggered_by | List | Triggered By | Triggered entities |
| hits | List | Hits | Hit list (source, url, title, fragment) |
| hit_count | Integer | Hit Count | Number of hits |
| review_note | String | Review Note | Review note |
| review_status | String | Review Status | Review status in portal |
| review_assignee | String | Review Assignee | Review assignee |