Get Alert
Get alert details by given ID.
External Documentation
To learn more, visit the Exabeam documentation.
Parameters
Parameter | Description |
---|---|
Alert ID | The ID of the alert. Can be obtained by the Search Alerts action. |
Example Output
{
"creationTimestamp": "2024-04-10T09:16:09.915",
"alertId": "5119d712-1d4c-4da4-9ae5-fd8ea7d88c20",
"approxLogTime": "2024-04-10T09:11:30.934",
"creationBy": "system",
"alertDescriptionRt": "Multiple Anomalies detected for user georgemartin",
"lastModifiedBy": "si-user-1@exabeam.com",
"lastModifiedTimestamp": "2024-04-17T08:32:02.522",
"mitres": [
{
"tacticKey": "TA0004",
"tactic": "Privilege Escalation",
"techniqueKey": "T1078",
"technique": "Valid Accounts"
},
{
"tacticKey": "TA0011",
"tactic": "Command and Control",
"techniqueKey": "T1090",
"technique": "Proxy"
},
{
"tacticKey": "TA0005",
"tactic": "Defense Evasion",
"techniqueKey": "T1078",
"technique": "Valid Accounts"
},
{
"tacticKey": "TA0011",
"tactic": "Command and Control",
"techniqueKey": "T1071",
"technique": "Application Layer Protocol"
},
{
"tacticKey": "TA0001",
"tactic": "Initial Access",
"techniqueKey": "T1078",
"technique": "Valid Accounts"
},
{
"tacticKey": "TA0003",
"tactic": "Persistence",
"techniqueKey": "T1078",
"technique": "Valid Accounts"
}
],
"alertName": "Multiple Anomalies",
"priority": "CRITICAL",
"riskScore": 77,
"status": "READ",
"tags": [],
"useCases": [
"Compromised Credentials",
"Evasion",
"Abnormal Authentication & Access"
],
"products": [
"NG Analytics"
],
"vendors": [
"Exabeam"
],
"srcHosts": [],
"srcIps": [
"10.0.83.177"
],
"destHosts": [],
"destIps": [
"102.130.127.117"
],
"users": [
"GeorgeMartin"
],
"groupedbyKey": "User",
"groupedbyValue": "georgemartin",
"ingestTimestamp": "2024-04-10T09:21:20.052",
"srcEndpoints": [
{
"ip": "10.0.83.177",
"host": "host1"
}
],
"destEndpoints": [
{
"ip": "102.130.127.117",
"host": "host5"
}
],
"groupingRuleId": "detection-created-user-w4b4sm"
}
Workflow Library Example
Get Alert with Exabeam and Send Results Via Email
Preview this Workflow on desktop