List Alert Events
Retrieve a list of all alert events.
External Documentation
To learn more, visit the Cisco Domain Protection documentation.
Parameters
| Parameter | Description |
|---|---|
| End Date | The latest date time a search should target. Takes the current date as default. |
| Filter | Filter responses. |
| Limit | The amount of records to be returned. |
| Offset | The offset of the returned records. |
| Start Date | The earliest date time a search should target. Takes the current date as default. |
Example Output
{
"version": 1,
"status": "ok",
"code": 200,
"offset": 0,
"count": 2,
"alert_events": [
{
"id": 1735751,
"alert_type": "authentication_spike",
"last_notified_at": null,
"resolved_at": "2020-08-10 17:11:50.150320+00:00",
"created_at": "2020-08-11 16:16:37.159147+00:00",
"updated_at": "2020-08-11 17:11:50.202274+00:00",
"summary": "220 authentication failures from Aug 10 14:00 to Aug 10 15:00",
"domain": "example.com",
"links": {
"failure_stats_by_subject": "https://api.dmp.cisco.com/v1failure_stats?domain=example.com&end_date=2020-08-10T15%3A00%3A00.000%2B00%3A00&group=subject&ip_space=all&message_range=date_range&policy_result_spf=f&req_auth_trust=t&start_date=2020-08-10T14%3A00%3A00.000%2B00%3A00",
"failure_stats_by_ip": "https://api.dmp.cisco.com/v1failure_stats?domain=example.com&end_date=2020-08-10T15%3A00%3A00.000%2B00%3A00&group=ip&ip_space=all&message_range=date_range&policy_result_spf=f&req_auth_trust=t&start_date=2020-08-10T14%3A00%3A00.000%2B00%3A00"
}
},
{
"id": 1686761,
"alert_type": "brand_spoofing",
"last_notified_at": null,
"resolved_at": null,
"created_at": "2020-08-10 14:23:11.438837+00:00",
"updated_at": "2020-08-10 16:23:21.104563+00:00",
"summary": "example.com.ar was detected spoofing your brand"
},
{
"id": 1671295,
"alert_type": "dkim_record_changed",
"last_notified_at": null,
"resolved_at": "2020-08-07 16:31:50.610671+00:00",
"created_at": "2020-08-07 16:31:50.612116+00:00",
"updated_at": "2020-08-07 16:31:50.612116+00:00",
"summary": "The DKIM record(s) for example.com has changed.",
"domain": "example.com"
},
{
"id": 1648234,
"alert_type": "dmarc_record_changed",
"last_notified_at": null,
"resolved_at": "2020-08-06 13:36:42.892687+00:00",
"created_at": "2020-08-06 13:36:42.893233+00:00",
"updated_at": "2020-08-06 13:36:42.893233+00:00",
"summary": "The DMARC record for example.com has changed.",
"domain": "example.com"
},
{
"id": 1648233,
"alert_type": "infrastructure",
"last_notified_at": null,
"resolved_at": "2020-08-05 22:29:41.460081+00:00",
"created_at": "2020-08-05 22:29:41.463898+00:00",
"updated_at": "2020-08-05 22:29:41.463898+00:00",
"summary": "Increase in authentication errors from your infrastructure for example.com",
"domain": "example.com"
},
{
"id": 60848,
"alert_type": "new_dkim_selector",
"last_notified_at": null,
"resolved_at": "2020-08-03 15:12:45.613050+00:00",
"created_at": "2020-08-03 15:12:45.613649+00:00",
"updated_at": "2020-08-03 15:12:45.613649+00:00",
"summary": "New DKIM selector(s) for example.com have been detected.",
"domain": "example.com"
},
{
"id": 1648232,
"alert_type": "new_sender",
"last_notified_at": null,
"resolved_at": "2020-08-03 06:02:59.820648+00:00",
"created_at": "2020-08-03 06:02:59.821769+00:00",
"updated_at": "2020-08-03 06:02:59.821769+00:00",
"summary": "1 new sender has been detected sending messages for example.com",
"domain": "example.com"
},
{
"id": 1648231,
"alert_type": "new_well_known_sender",
"last_notified_at": null,
"resolved_at": "2020-07-19 03:13:54.514112+00:00",
"created_at": "2020-07-19 03:13:54.514864+00:00",
"updated_at": "2020-07-19 03:13:54.514864+00:00",
"summary": "A new well-known sender overlaps with your custom sender. You may choose to approve the new sender and update the custom sender.",
"domain": "example.com"
},
{
"id": 1643227,
"alert_type": "spf_record_changed",
"last_notified_at": null,
"resolved_at": "2020-07-14 06:22:20.991937+00:00",
"created_at": "2020-07-14 06:22:20.992664+00:00",
"updated_at": "2020-07-14 06:22:20.992664+00:00",
"summary": "The SPF record for example.com has changed.",
"domain": "example.com"
},
{
"id": 1643226,
"alert_type": "threat_spike",
"last_notified_at": null,
"resolved_at": "2020-07-12 13:14:22.866371+00:00",
"created_at": "2020-07-12 12:11:20.571472+00:00",
"updated_at": "2020-07-12 13:14:23.188198+00:00",
"summary": "258 failures from Aug 12 10:00 to Aug 12 11:00",
"domain": "example.com",
"links": {
"failure_stats_by_subject": "https://api.dmp.cisco.com/v1failure_stats?domain=example.com&end_date=2020-08-12T11%3A00%3A00.000%2B00%3A00&group=subject&ip_space=all&message_range=date_range&policy_result_dkim=f&policy_result_spf=f&req_auth_trust=t&start_date=2020-08-12T10%3A00%3A00.000%2B00%3A00",
"failure_stats_by_ip": "https://api.dmp.cisco.com/v1failure_stats?domain=example.com&end_date=2020-08-12T11%3A00%3A00.000%2B00%3A00&group=ip&ip_space=all&message_range=date_range&policy_result_dkim=f&policy_result_spf=f&req_auth_trust=t&start_date=2020-08-12T10%3A00%3A00.000%2B00%3A00"
}
},
{
"id": 1588599,
"alert_type": "unauthorized_netblock",
"last_notified_at": null,
"resolved_at": "2020-04-10 22:07:11.932054+00:00",
"created_at": "2020-03-26 22:07:38.340623+00:00",
"updated_at": "2020-04-10 22:07:11.944350+00:00",
"summary": "Message Sent from Unauthorized Well Known Sender IP address",
"domain": "example.com"
}
]
}
Workflow Library Example
List Alert Events with Cisco Domain Protection and Send Results Via Email
Preview this Workflow on desktop