Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Get alarm by given ID.
External DocumentationTo learn more, visit the AlienVault USM documentation.

Parameters

ParameterDescription
Alarm IDThe ID of the alarm.

Example Output

{
	"@version": "<string>",
	"licenseId": "<string>",
	"id": "<string>",
	"timestamp": 3285494477532,
	"events": [
		{
			"customheader_4": "<string>",
			"timestamp_occured": "1741322565067",
			"suppressed": "<string>",
			"object_type": "<string>",
			"customfield_2": "<string>",
			"customheader_2": "<string>",
			"customfield_6": "<string>",
			"customheader_8": "<string>",
			"customheader_11": "<string>",
			"timestamp_arrived": "1741322565076",
			"customheader_12": "<string>",
			"customfield_5": "<string>",
			"customfield_12": "<string>",
			"customfield_4": "<string>",
			"transient": false,
			"customfield_0": "<string>",
			"customheader_7": "<string>",
			"packet_type": "<string>",
			"customfield_8": "<string>",
			"event_name": "<string>",
			"customfield_11": "<string>",
			"needs_internal_enrichment": false,
			"x_att_tenant_subdomain": "<string>",
			"timestamp_to_storage": "1741322565076",
			"customfield_10": "<string>",
			"customheader_1": "<string>",
			"x_att_tenantid": "<string>",
			"customfield_1": "<string>",
			"customheader_9": "<string>",
			"sensor_uuid": "<string>",
			"customheader_10": "<string>",
			"needs_enrichment": false,
			"customfield_9": "<string>",
			"customheader_5": "<string>",
			"customheader_0": "<string>",
			"uuid": "<string>",
			"customheader_6": "<string>",
			"control_id": "<string>",
			"customfield_7": "<string>"
		}
	],
	"msspId": "<string>",
	"tenantId": "<string>",
	"assets": [],
	"@timestamp": "2025-03-07T04:42:45.238549872Z",
	"usmc-region": "<string>",
	"event": {
		"original": "<string>"
	},
	"alarm": {
		"timestamp_occured": "1741322565067",
		"event_type": "<string>",
		"suppressed": "<string>",
		"object_type": "<string>",
		"rule_intent": "<string>",
		"timestamp_arrived": "1741322565085",
		"priority": "<string>",
		"transient": false,
		"rule_strategy": "<string>",
		"alarm_response_codes": [],
		"number_of_events": 0,
		"mute": "<string>",
		"packet_type": "<string>",
		"highlight_fields": [
			"<string>"
		],
		"rule_name": "<string>",
		"needs_internal_enrichment": false,
		"alarm_sensor_sources": [
			"<string>"
		],
		"rule_method": "<string>",
		"alarm_events_count": 1,
		"x_att_tenant_subdomain": "<string>",
		"timestamp_to_storage": "1741322565085",
		"x_att_tenantid": "<string>",
		"sensor_uuid": "<string>",
		"rule_id": "<string>",
		"status": "<string>",
		"needs_enrichment": false,
		"timestamp_received": "1741322565077",
		"priority_label": "<string>",
		"uuid": "<string>",
		"packet_data": [
			"<string>"
		],
		"alarm_outcome": "<string>"
	},
	"_id": "<string>"
}

Workflow Library Example

Get Alarm with Alienvault Usm and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop