I would like to get the alert evidence using the API endpoint documented here:
https://docs.rapid7.com/insightidr/api/alert-triage/#operation/getAlertEvidences
This endpoint requires an alert_rrn but I only have an alert “id” returned from this endpoint:
/idr/v2/investigations/{identifier}/alerts
documented here: InsightIDR API Documentation
How can I get an alert_rrn given in “id”