Skip to main content

Get Alert

Get alert details by given ID.

External Documentation

To learn more, visit the Exabeam documentation.

Parameters

ParameterDescription
Alert IDThe ID of the alert. Can be obtained by the Search Alerts action.

Example Output

{
    "creationTimestamp": "2024-04-10T09:16:09.915",
    "alertId": "5119d712-1d4c-4da4-9ae5-fd8ea7d88c20",
    "approxLogTime": "2024-04-10T09:11:30.934",
    "creationBy": "system",
    "alertDescriptionRt": "Multiple Anomalies detected for user georgemartin",
    "lastModifiedBy": "si-user-1@exabeam.com",
    "lastModifiedTimestamp": "2024-04-17T08:32:02.522",
    "mitres": [
        {
            "tacticKey": "TA0004",
            "tactic": "Privilege Escalation",
            "techniqueKey": "T1078",
            "technique": "Valid Accounts"
        },
        {
            "tacticKey": "TA0011",
            "tactic": "Command and Control",
            "techniqueKey": "T1090",
            "technique": "Proxy"
        },
        {
            "tacticKey": "TA0005",
            "tactic": "Defense Evasion",
            "techniqueKey": "T1078",
            "technique": "Valid Accounts"
        },
        {
            "tacticKey": "TA0011",
            "tactic": "Command and Control",
            "techniqueKey": "T1071",
            "technique": "Application Layer Protocol"
        },
        {
            "tacticKey": "TA0001",
            "tactic": "Initial Access",
            "techniqueKey": "T1078",
            "technique": "Valid Accounts"
        },
        {
            "tacticKey": "TA0003",
            "tactic": "Persistence",
            "techniqueKey": "T1078",
            "technique": "Valid Accounts"
        }
    ],
    "alertName": "Multiple Anomalies",
    "priority": "CRITICAL",
    "riskScore": 77,
    "status": "READ",
    "tags": [],
    "useCases": [
        "Compromised Credentials",
        "Evasion",
        "Abnormal Authentication & Access"
    ],
    "products": [
        "NG Analytics"
    ],
    "vendors": [
        "Exabeam"
    ],
    "srcHosts": [],
    "srcIps": [
        "10.0.83.177"
    ],
    "destHosts": [],
    "destIps": [
        "102.130.127.117"
    ],
    "users": [
        "GeorgeMartin"
    ],
    "groupedbyKey": "User",
    "groupedbyValue": "georgemartin",
    "ingestTimestamp": "2024-04-10T09:21:20.052",
    "srcEndpoints": [
        {
            "ip": "10.0.83.177",
            "host": "host1"
        }
    ],
    "destEndpoints": [
        {
            "ip": "102.130.127.117",
            "host": "host5"
        }
    ],
    "groupingRuleId": "detection-created-user-w4b4sm"
}

Workflow Library Example

Get Alert with Exabeam and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop