Get Alarm

Get alarm by given ID.

External Documentation

To learn more, visit the AlienVault USM documentation.

Parameters

Parameter	Description
Alarm ID	The ID of the alarm.

Example Output

{
    "uuid": "971918fd-a569-548a-5a80-1ffcda2a8365",
    "has_alarm": false,
    "needs_enrichment": true,
    "priority": 20,
    "suppressed": false,
    "events": [
        {
            "uuid": "...more content omitted for clarity..."
        }
    ],
    "rule_intent": "Environmental Awareness",
    "app_type": "amazon-aws",
    "source_username": "user@alienvault.com",
    "security_group_id": "sg-xxxxx",
    "destination_name": "ec2.amazonaws.com",
    "timestamp_occured": "1517932134000",
    "authentication_type": "IAMUser",
    "event_type": "Alarm",
    "rule_method": "AWS EC2 Security Group Modified",
    "priority_label": "low",
    "app_id": "amazon-aws",
    "source_name": "x.xx.xx.xxxx",
    "timestamp_received": "1517933139670",
    "rule_strategy": "Network Access Control Modification",
    "request_user_agent": "signin.amazonaws.com",
    "rule_id": "AWSEC2SecurityGroupMod",
    "sensor_uuid": "433152d2-10ee-4645-8c04-9f8269a447e7",
    "transient": false,
    "event_name": "Add inbound network traffic rule to security group",
    "packet_type": "alarm",
    "status": "open",
    "_links": {
        "self": {
            "href": "https://mysubdomain.aveng.us/api/2.0/alarms/971918fd-a569-548a-5a80-1ffcda2a8365",
            "templated": false
        }
    }
}

Workflow Library Example

Get Alarm with Alienvault Usm and Send Results Via Email

Preview this Workflow on desktop