Skip to main content
Fetches information about a specific alert event.
External DocumentationTo learn more, visit the Cisco Domain Protection documentation.

Parameters

ParameterDescription
Alert IDThe ID of the alert to fetch information for. Can be retrieved form the ‘List Alert Events’ action.

Example Output

{
	"version": 1,
	"status": "ok",
	"code": 200,
	"alert_event": {
		"id": 1557355,
		"alert_type": "authentication_spike",
		"last_notified_at": null,
		"resolved_at": null,
		"created_at": "2020-08-13 16:17:11.574163+00:00",
		"updated_at": "2020-08-13 16:17:11.574163+00:00",
		"summary": "125 SPF failures in 14:00 hour, average is 15 failures per hour",
		"domain": "example.com",
		"spf_fail_hosts": [
			{
				"ip": "203.0.113.130",
				"ptr_name": "mta8.example.com",
				"sbrs": 5.3,
				"country": "United States",
				"count": 52,
				"spf_fail_volume": 52,
				"dkim_fail_volume": 52,
				"double_fail_volume": 52,
				"total_ips": 10,
				"links": {
					"failure_stats_for_ip": "https://api.dmp.cisco.com/v1failure_stats?domain=example.com&ip=203.0.113.130&ip_space=all&message_range=date_range&policy_result_spf=f&req_auth_trust=t&start_date=2020-08-13T14%3A00%3A00.000%2B00%3A00",
					"failure_samples_for_ip": "https://api.dmp.cisco.com/v1failure_samples?domain=example.com&ip=203.0.113.130&ip_space=all&message_range=date_range&policy_result_spf=f&req_auth_trust=t&start_date=2020-08-13T14%3A00%3A00.000%2B00%3A00"
				}
			}
		],
		"dkim_fail_hosts": [
			{
				"ip": "203.0.113.101",
				"ptr_name": "mta.example.com",
				"sbrs": 5.6,
				"country": "United States",
				"count": 183,
				"spf_fail_volume": 183,
				"dkim_fail_volume": 183,
				"double_fail_volume": 183,
				"total_ips": 1
			}
		],
		"links": {
			"failure_stats_by_subject": "https://api.dmp.cisco.com/v1failure_stats?domain=example.com&group=subject&ip_space=all&message_range=date_range&policy_result_spf=f&req_auth_trust=t&start_date=2020-08-13T14%3A00%3A00.000%2B00%3A00",
			"failure_stats_by_ip": "https://api.dmp.cisco.com/v1failure_stats?domain=example.com&group=ip&ip_space=all&message_range=date_range&policy_result_spf=f&req_auth_trust=t&start_date=2020-08-13T14%3A00%3A00.000%2B00%3A00"
		}
	}
}

Workflow Library Example

Get Alert Event with Cisco Domain Protection and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop
I