Get Alert Event

Fetches information about a specific alert event.

External Documentation

To learn more, visit the Cisco Domain Protection documentation.

Parameters

Parameter	Description
Alert ID	The ID of the alert to fetch information for. Can be retrieved form the 'List Alert Events' action.

Example Output

{
    "version": 1,
    "status": "ok",
    "code": 200,
    "alert_event": {
        "id": 1557355,
        "alert_type": "authentication_spike",
        "last_notified_at": null,
        "resolved_at": null,
        "created_at": "2020-08-13 16:17:11.574163+00:00",
        "updated_at": "2020-08-13 16:17:11.574163+00:00",
        "summary": "125 SPF failures in 14:00 hour, average is 15 failures per hour",
        "domain": "example.com",
        "spf_fail_hosts": [
            {
                "ip": "203.0.113.130",
                "ptr_name": "mta8.example.com",
                "sbrs": 5.3,
                "country": "United States",
                "count": 52,
                "spf_fail_volume": 52,
                "dkim_fail_volume": 52,
                "double_fail_volume": 52,
                "total_ips": 10,
                "links": {
                    "failure_stats_for_ip": "https://api.dmp.cisco.com/v1failure_stats?domain=example.com&ip=203.0.113.130&ip_space=all&message_range=date_range&policy_result_spf=f&req_auth_trust=t&start_date=2020-08-13T14%3A00%3A00.000%2B00%3A00",
                    "failure_samples_for_ip": "https://api.dmp.cisco.com/v1failure_samples?domain=example.com&ip=203.0.113.130&ip_space=all&message_range=date_range&policy_result_spf=f&req_auth_trust=t&start_date=2020-08-13T14%3A00%3A00.000%2B00%3A00"
                }
            }
        ],
        "dkim_fail_hosts": [
            {
                "ip": "203.0.113.101",
                "ptr_name": "mta.example.com",
                "sbrs": 5.6,
                "country": "United States",
                "count": 183,
                "spf_fail_volume": 183,
                "dkim_fail_volume": 183,
                "double_fail_volume": 183,
                "total_ips": 1
            }
        ],
        "links": {
            "failure_stats_by_subject": "https://api.dmp.cisco.com/v1failure_stats?domain=example.com&group=subject&ip_space=all&message_range=date_range&policy_result_spf=f&req_auth_trust=t&start_date=2020-08-13T14%3A00%3A00.000%2B00%3A00",
            "failure_stats_by_ip": "https://api.dmp.cisco.com/v1failure_stats?domain=example.com&group=ip&ip_space=all&message_range=date_range&policy_result_spf=f&req_auth_trust=t&start_date=2020-08-13T14%3A00%3A00.000%2B00%3A00"
        }
    }
}

Workflow Library Example

Get Alert Event with Cisco Domain Protection and Send Results Via Email

Preview this Workflow on desktop

Get Alert Event

Parameters​

Example Output​

Workflow Library Example​

Parameters

Example Output

Workflow Library Example