# /filters/alerts - Get aggregated alert filters

**GET /filters/alerts**

Aggregated endpoint for the alerts views' filter dropdowns.

`systems`, `severities` and `organizations` are data-driven: only
values that actually appear in alert history within the caller's scope
are returned. `alerts` is a static catalog of every alert a NethServer
(NS8) or NethSecurity system can raise — it is NOT scoped to the
caller's data, so the dropdown can filter on alerts not yet received.

Auth is checked once, then the data-driven datasets are fetched in
parallel.

Scope follows the same rules as the other alerts endpoints:
`organization_id` omitted = caller's full hierarchy; one or more
`organization_id` = those tenants (validated, Owner exempt);
Customer is always pinned to its own organization.



## Servers
- Backend API server (port 8080): https://api.your-domain.com/api (Backend API server (port 8080))
- Collect API server (port 8081): https://collect.your-domain.com/api (Collect API server (port 8081))


## Authentication methods
- Bearer auth


## Parameters


### Query parameters
- **organization_id** (array[string])
  Tenant scope. Omit for the caller's full hierarchy, or repeat to
  target specific tenants (each validated against the caller's
  hierarchy; Owner exempt).
- **include** (string)
  When set to `descendants`, expand each organization_id to itself plus its sub-tree.


## Responses
### 200
Alert filters retrieved successfully

#### Body: application/json (object)
- **code** (integer)

- **message** (string)

- **data** (object)


### 401
Unauthorized - invalid or missing token

#### Body: application/json (object)
- **code** (integer)

- **message** (string)

- **data** (object | null)


### 403
Forbidden - insufficient permissions

#### Body: application/json (object)
- **code** (integer)

- **message** (string)

- **data** (object | null)



[Powered by Bump.sh](https://bump.sh)