Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Get alert details by given ID.
External DocumentationTo learn more, visit the Exabeam documentation.

Parameters

ParameterDescription
Alert IDThe ID of the alert. Can be obtained by the Search Alerts action.

Example Output

{
	"creationTimestamp": "2024-04-10T09:16:09.915",
	"alertId": "5119d712-1d4c-4da4-9ae5-fd8ea7d88c20",
	"approxLogTime": "2024-04-10T09:11:30.934",
	"creationBy": "system",
	"alertDescriptionRt": "Multiple Anomalies detected for user georgemartin",
	"lastModifiedBy": "si-user-1@exabeam.com",
	"lastModifiedTimestamp": "2024-04-17T08:32:02.522",
	"mitres": [
		{
			"tacticKey": "TA0004",
			"tactic": "Privilege Escalation",
			"techniqueKey": "T1078",
			"technique": "Valid Accounts"
		},
		{
			"tacticKey": "TA0011",
			"tactic": "Command and Control",
			"techniqueKey": "T1090",
			"technique": "Proxy"
		},
		{
			"tacticKey": "TA0005",
			"tactic": "Defense Evasion",
			"techniqueKey": "T1078",
			"technique": "Valid Accounts"
		},
		{
			"tacticKey": "TA0011",
			"tactic": "Command and Control",
			"techniqueKey": "T1071",
			"technique": "Application Layer Protocol"
		},
		{
			"tacticKey": "TA0001",
			"tactic": "Initial Access",
			"techniqueKey": "T1078",
			"technique": "Valid Accounts"
		},
		{
			"tacticKey": "TA0003",
			"tactic": "Persistence",
			"techniqueKey": "T1078",
			"technique": "Valid Accounts"
		}
	],
	"alertName": "Multiple Anomalies",
	"priority": "CRITICAL",
	"riskScore": 77,
	"status": "READ",
	"tags": [],
	"useCases": [
		"Compromised Credentials",
		"Evasion",
		"Abnormal Authentication & Access"
	],
	"products": [
		"NG Analytics"
	],
	"vendors": [
		"Exabeam"
	],
	"srcHosts": [],
	"srcIps": [
		"10.0.83.177"
	],
	"destHosts": [],
	"destIps": [
		"102.130.127.117"
	],
	"users": [
		"GeorgeMartin"
	],
	"groupedbyKey": "User",
	"groupedbyValue": "georgemartin",
	"ingestTimestamp": "2024-04-10T09:21:20.052",
	"srcEndpoints": [
		{
			"ip": "10.0.83.177",
			"host": "host1"
		}
	],
	"destEndpoints": [
		{
			"ip": "102.130.127.117",
			"host": "host5"
		}
	],
	"groupingRuleId": "detection-created-user-w4b4sm"
}

Workflow Library Example

Get Alert with Exabeam and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop