Get alarm by given ID.

External Documentation

To learn more, visit the AlienVault USM documentation.

Parameters

ParameterDescription
Alarm IDThe ID of the alarm.

Example Output

{
	"@version": "<string>",
	"licenseId": "<string>",
	"id": "<string>",
	"timestamp": 3285494477532,
	"events": [
		{
			"customheader_4": "<string>",
			"timestamp_occured": "1741322565067",
			"suppressed": "<string>",
			"object_type": "<string>",
			"customfield_2": "<string>",
			"customheader_2": "<string>",
			"customfield_6": "<string>",
			"customheader_8": "<string>",
			"customheader_11": "<string>",
			"timestamp_arrived": "1741322565076",
			"customheader_12": "<string>",
			"customfield_5": "<string>",
			"customfield_12": "<string>",
			"customfield_4": "<string>",
			"transient": false,
			"customfield_0": "<string>",
			"customheader_7": "<string>",
			"packet_type": "<string>",
			"customfield_8": "<string>",
			"event_name": "<string>",
			"customfield_11": "<string>",
			"needs_internal_enrichment": false,
			"x_att_tenant_subdomain": "<string>",
			"timestamp_to_storage": "1741322565076",
			"customfield_10": "<string>",
			"customheader_1": "<string>",
			"x_att_tenantid": "<string>",
			"customfield_1": "<string>",
			"customheader_9": "<string>",
			"sensor_uuid": "<string>",
			"customheader_10": "<string>",
			"needs_enrichment": false,
			"customfield_9": "<string>",
			"customheader_5": "<string>",
			"customheader_0": "<string>",
			"uuid": "<string>",
			"customheader_6": "<string>",
			"control_id": "<string>",
			"customfield_7": "<string>"
		}
	],
	"msspId": "<string>",
	"tenantId": "<string>",
	"assets": [],
	"@timestamp": "2025-03-07T04:42:45.238549872Z",
	"usmc-region": "<string>",
	"event": {
		"original": "<string>"
	},
	"alarm": {
		"timestamp_occured": "1741322565067",
		"event_type": "<string>",
		"suppressed": "<string>",
		"object_type": "<string>",
		"rule_intent": "<string>",
		"timestamp_arrived": "1741322565085",
		"priority": "<string>",
		"transient": false,
		"rule_strategy": "<string>",
		"alarm_response_codes": [],
		"number_of_events": 0,
		"mute": "<string>",
		"packet_type": "<string>",
		"highlight_fields": [
			"<string>"
		],
		"rule_name": "<string>",
		"needs_internal_enrichment": false,
		"alarm_sensor_sources": [
			"<string>"
		],
		"rule_method": "<string>",
		"alarm_events_count": 1,
		"x_att_tenant_subdomain": "<string>",
		"timestamp_to_storage": "1741322565085",
		"x_att_tenantid": "<string>",
		"sensor_uuid": "<string>",
		"rule_id": "<string>",
		"status": "<string>",
		"needs_enrichment": false,
		"timestamp_received": "1741322565077",
		"priority_label": "<string>",
		"uuid": "<string>",
		"packet_data": [
			"<string>"
		],
		"alarm_outcome": "<string>"
	},
	"_id": "<string>"
}

Workflow Library Example

Get Alarm with Alienvault Usm and Send Results Via Email

Preview this Workflow on desktop