List Alarms
List and query alarms.
External Documentation
To learn more, visit the AlienVault USM documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Occurred After | Return alarms that occurred after given date. |
| Occurred Before | Return alarms that occurred before given date. |
| Sort | Sort by a given parameter and direction. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Limit | The maximum number of results to return per page. |
| Page Number | The number of the page to return. |
| Rule Intent | Return alarms with given triggering rule intent. |
| Rule Method | Return alarms with given triggering rule method. |
| Rule Strategy | Return alarms with given triggering rule strategy. |
| Sensor UUID | The UUID of the source sensor. |
| Suppressed | Return alarms with the suppressed flag. |
Example Output
{
"_links": {
"first": {
"href": "https://mysubdomain.alienvault.cloud/api/2.0/alarms?page=0&size=20&sort=timestamp_occured,desc",
"templated": false
},
"self": {
"href": "https://mysubdomain.alienvault.cloud/api/2.0/alarms",
"templated": false
},
"next": {
"href": "https://mysubdomain.alienvault.cloud/api/2.0/alarms?page=1&size=20&sort=timestamp_occured,desc",
"templated": false
},
"last": {
"href": "https://mysubdomain.alienvault.cloud/api/2.0/alarms?page=175&size=20&sort=timestamp_occured,desc",
"templated": false
}
},
"_embedded": {
"alarms": [
{
"uuid": "971918fd-a569-548a-5a80-1ffcda2a8365",
"has_alarm": false,
"needs_enrichment": true,
"priority": 20,
"suppressed": false,
"events": [
{
"uuid": "...more content omitted for clarity..."
}
],
"rule_intent": "Environmental Awareness",
"app_type": "amazon-aws",
"source_username": "user@alienvault.com",
"security_group_id": "sg-xxxxx",
"destination_name": "ec2.amazonaws.com",
"timestamp_occured": "1517932134000",
"authentication_type": "IAMUser",
"event_type": "Alarm",
"rule_method": "AWS EC2 Security Group Modified",
"priority_label": "low",
"app_id": "amazon-aws",
"source_name": "x.xx.xx.xxxx",
"timestamp_received": "1517933139670",
"rule_strategy": "Network Access Control Modification",
"request_user_agent": "signin.amazonaws.com",
"rule_id": "AWSEC2SecurityGroupMod",
"sensor_uuid": "433152d2-10ee-4645-8c04-9f8269a447e7",
"transient": false,
"event_name": "Add inbound network traffic rule to security group",
"packet_type": "alarm",
"status": "open",
"_links": {
"self": {
"href": "https://mysubdomain.aveng.us/api/2.0/alarms/971918fd-a569-548a-5a80-1ffcda2a8365",
"templated": false
}
}
}
]
},
"page": {
"size": 20,
"totalElements": 3506,
"totalPages": 176,
"number": 0
}
}
Workflow Library Example
List Alarms with Alienvault Usm and Send Results Via Email
Preview this Workflow on desktop