Skip to main content
List and query alarms.
External DocumentationTo learn more, visit the AlienVault USM documentation.

Basic Parameters

ParameterDescription
Occurred AfterReturn alarms that occurred after given date.
Occurred BeforeReturn alarms that occurred before given date.
SortSort by a given parameter and direction.

Advanced Parameters

ParameterDescription
LimitThe maximum number of results to return per page.
Page NumberThe number of the page to return.
Rule IntentReturn alarms with given triggering rule intent.
Rule MethodReturn alarms with given triggering rule method.
Rule StrategyReturn alarms with given triggering rule strategy.
Sensor UUIDThe UUID of the source sensor.
SuppressedReturn alarms with the suppressed flag.

Example Output

{
	"_links": {
		"first": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/alarms?page=0&size=20&sort=timestamp_occured,desc",
			"templated": false
		},
		"self": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/alarms",
			"templated": false
		},
		"next": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/alarms?page=1&size=20&sort=timestamp_occured,desc",
			"templated": false
		},
		"last": {
			"href": "https://mysubdomain.alienvault.cloud/api/2.0/alarms?page=175&size=20&sort=timestamp_occured,desc",
			"templated": false
		}
	},
	"_embedded": {
		"alarms": [
			{
				"uuid": "971918fd-a569-548a-5a80-1ffcda2a8365",
				"has_alarm": false,
				"needs_enrichment": true,
				"priority": 20,
				"suppressed": false,
				"events": [
					{
						"uuid": "...more content omitted for clarity..."
					}
				],
				"rule_intent": "Environmental Awareness",
				"app_type": "amazon-aws",
				"source_username": "user@alienvault.com",
				"security_group_id": "sg-xxxxx",
				"destination_name": "ec2.amazonaws.com",
				"timestamp_occured": "1517932134000",
				"authentication_type": "IAMUser",
				"event_type": "Alarm",
				"rule_method": "AWS EC2 Security Group Modified",
				"priority_label": "low",
				"app_id": "amazon-aws",
				"source_name": "x.xx.xx.xxxx",
				"timestamp_received": "1517933139670",
				"rule_strategy": "Network Access Control Modification",
				"request_user_agent": "signin.amazonaws.com",
				"rule_id": "AWSEC2SecurityGroupMod",
				"sensor_uuid": "433152d2-10ee-4645-8c04-9f8269a447e7",
				"transient": false,
				"event_name": "Add inbound network traffic rule to security group",
				"packet_type": "alarm",
				"status": "open",
				"_links": {
					"self": {
						"href": "https://mysubdomain.aveng.us/api/2.0/alarms/971918fd-a569-548a-5a80-1ffcda2a8365",
						"templated": false
					}
				}
			}
		]
	},
	"page": {
		"size": 20,
		"totalElements": 3506,
		"totalPages": 176,
		"number": 0
	}
}

Workflow Library Example

List Alarms with Alienvault Usm and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop
I