@dimitryr ,

If it's a Quick Action added to the case via Default Case View then the action will be executed on all Alerts by default.

If it's a Quick Action added to the Alert via Playbook or Default Alert View then by default it will be executed only on that specific Alert:

Let me know, if it makes sense.

Is there any way to limit only to the first open alert in the case?

I also added quick actions in the case view, but just want it to run one time on a single alert, not all.

Hi ​@ORBR,

You could look to custom create the ‘Case Comment’ functionality slightly modifying it.

Use the below endpoint to add a case commeent

Method: POST

/api/external/v1/cases/comments

Have your quick action, get the current Case Details

Method: GET

/api/external/v1/dynamic-cases/GetCaseDetails

This will output the identifiers for an alert, just get one random alert (maybe the first one), then use the /api/external/v1/cases/comments, and pass one of the alert identifiers to the ‘alertIdentifier’ parameter.

Your quick action will have one parameter, the comment, it will lookup the current case’s details, return one of the alert identifiers, and use the comments endpoint to just post 1 comment, as opposed to how many alerts you have in your case :)
 

Review the swagger of your instance for all request body example values for the mentioned endpoints:
 https://{INSTANCE_URL}/swagger/index.html

Hope it helps!

Kind Regards,