Method: projects.alerts.list

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
IAM Permissions

Get a list of alerts that meet the filter criteria.

HTTP request

GET https://threatintelligence.googleapis.com/v1beta/{parent=projects/*}/alerts

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`parent`	`string` Required. Parent of the alerts. Format: projects/{project}

parent

string

Required. Parent of the alerts. Format: projects/{project}

Query parameters

Parameters
`filter`	`string` Optional. Filter criteria. Supported fields for filtering include: `audit.create_time` `audit.creator` `audit.update_time` `audit.updater` `detail.data_leak.discovery_document_ids` `detail.data_leak.severity` `detail.detail_type` `detail.initial_access_broker.discovery_document_ids` `detail.initial_access_broker.severity` `detail.insider_threat.discovery_document_ids` `detail.insider_threat.severity` `findingCount` `priorityAnalysis.priority_level` `relevanceAnalysis.confidence` `relevanceAnalysis.relevance_level` `relevanceAnalysis.relevant` `severityAnalysis.severity_level` `state` Examples: `detail.detail_type = "initial_access_broker"` `detail.detail_type != "data_leak"` `detail.insider_threat.severity = "HIGH"` `audit.create_time >= "2026-04-03T00:00:00Z" AND audit.create_time < "2026-04-06T00:00:00Z"` `state = "NEW" OR state = "TRIAGED"` `severityAnalysis.severity_level = "SEVERITY_LEVEL_CRITICAL"`
`orderBy`	`string` Optional. Order by criteria in the csv format: "field1, field2 desc" or "field1, field2" or "field1 asc, field2". If a field is specified without `asc` or `desc`, ascending order is used by default. Supported fields for ordering are identical to those supported for filtering. Examples: `audit.create_time desc` `audit.update_time asc` `audit.create_time desc, severityAnalysis.severity_level desc`
`pageToken`	`string` Optional. Page token to retrieve the next page of results.
`pageSize`	`integer` Optional. Page size. Default to 100 alerts per page. Maximum is 1000 alerts per page.

Request body

The request body must be empty.

Response body

Response message for alerts.list.

If successful, the response body contains data with the following structure:

JSON representation
{ "alerts": [ { object (`Alert`) } ], "nextPageToken": string }

Fields

Fields
`alerts[]`	`object (Alert)` List of alerts.
`nextPageToken`	`string` Page token.

alerts[]

object (Alert)

List of alerts.

nextPageToken

string

Page token.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

threatintelligence.alerts.list

For more information, see the IAM documentation.

Method: projects.alerts.list Stay organized with collections Save and categorize content based on your preferences.