0

It seems alertid's in the legacy api of Trend Micro Deep Security are not unique and linked to an individual alert. In different setups they can differ. Contacting Trend Micro support didn't give any clue on why it is like this. Legacy API will be phased out but covers some critical alerts which the REST API doesn't.

For example in one instance: alertid,name '28 = Unable to Upgrade the Agent Software'

in the another instance: '28 = Unable to communicate'

jumpy007
  • 1

1 Answers1

0

I guess it might be better if we can clarify the question to alert or alert type. https://automation.deepsecurity.trendmicro.com/legacy-rest/20_0/index.html?env=onprem#alerts https://automation.deepsecurity.trendmicro.com/legacy-rest/20_0/index.html?env=onprem#alert_types

The id for an alert indicates the incident itself, while the typeID will be the same for all alerts in a deployment.

While you're comparing the id cross different deployments, maybe the question is, what would you like to do with the id? I think you can use the name of the alert type cross deployments if you need a unique key.

https://help.deepsecurity.trendmicro.com/20_0/on-premise/alerts-predefined.html?Highlight=alert

James Hsiao
  • 1
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). –  Oct 21 '21 at 10:07