Alerts: Read and Write.| Parameter | Description |
|---|---|
| Alert IDs | Comma separated list of alert IDs to get details on. This endpoint does not support detection IDs prefixed with ldt. |
{
"meta": {
"query_time": 0.004553092,
"writes": {
"resources_affected": 0
},
"powered_by": "detectsapi",
"trace_id": "e3a17704-d33e-4f70-a769-6a3ddc01844f"
},
"errors": [],
"resources": [
{
"activity_id": "3D14C6B6-XXXX-460EC4FCD27D",
"aggregate_id": "aggind:dca1XXXX1660:097877B9-C71F-42C7-A836-2944D119B6CB",
"cid": "0123456789ABCDEFGHIJKLMNOPQRSTUV-WX",
"composite_id": "28a1xxxxxxxx3914:ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-1930xxxxxxxx9544",
"confidence": 30,
"context_timestamp": "2022-05-15T10:32:00.000Z",
"created_timestamp": "2022-05-15T11:34:56.887790892Z",
"description": "User access from an unusual location",
"display_name": "Unusual user geolocation",
"end_time": "2022-05-15T10:32:00.000Z",
"falcon_host_link": "https://falcon.crowdstrike.com/identity-protection/detections/dca1xxxx1660",
"id": "ind:a618xxxxxxxx4d85:1328xxxxxxxx1933-117-1930xxxxxxxx9544",
"location_country_code": "US",
"name": "AnomalousGeoLocationAccess",
"objective": "Gain Access",
"okta_application_id": "0oa1xxxxL5d7",
"pattern_id": 51125,
"product": "idp",
"scenario": "machine_learning",
"severity": 31,
"show_in_ui": true,
"source_account_name": "demo.user@example.com",
"source_account_okta_id": "00u4xxxxf5d7",
"source_endpoint_address_ip4": "192.0.2.100",
"source_endpoint_ip_address": "192.0.2.100",
"sso_application_identifier": "Okta Admin Console",
"sso_application_uri": "0oa1xxxxL5d7",
"start_time": "2022-05-15T10:32:00.000Z",
"status": "new",
"tactic": "Initial Access",
"tactic_id": "TA0001",
"technique": "Valid Accounts",
"technique_id": "T1078",
"timestamp": "2022-05-15T10:34:56.509Z",
"type": "idp-session-source-user-endpoint-target-info",
"updated_timestamp": "2022-05-15T11:34:56.887790892Z"
}
]
}
Was this page helpful?