Skip to main content

Get Case

Get case details by given ID.

External Documentation

To learn more, visit the Exabeam documentation.

Parameters

ParameterDescription
Case IDThe ID of the case. Can be obtained by the Search Cases action.

Example Output

{
"alertCreationTimestamp": "2024-04-17T11:45:54.421",
"alertId": "c867bae5-3c21-4c98-a142-953c01dce1df",
"approxLogTime": "2024-04-17T11:41:47.564",
"assignee": "si-user-1@exabeam.com",
"assigneeId": "64f9e3ef1793b179824a8961",
"creationTimestamp": "2024-04-17T11:48:47.559",
"caseId": "e77e5002-bd35-4e7b-a532-cd76341ef6f3",
"creationBy": "system",
"stage": "CLOSED",
"closedReason": "Closed via automation",
"alertDescriptionRt": "Suspicious activity detected on host",
"hasAttachments": false,
"isDeleted": false,
"lastModifiedBy": "si-user-1@exabeam.com",
"lastModifiedTimestamp": "2024-04-17T11:55:19.127",
"mitres": [
{
"tacticKey": "TA0004",
"tactic": "Privilege Escalation",
"techniqueKey": "T1078",
"technique": "Valid Accounts"
},
{
"tacticKey": "TA0011",
"tactic": "Command and Control",
"techniqueKey": "T1090",
"technique": "Proxy"
},
{
"tacticKey": "TA0005",
"tactic": "Defense Evasion",
"techniqueKey": "T1078",
"technique": "Valid Accounts"
},
{
"tacticKey": "TA0011",
"tactic": "Command and Control",
"techniqueKey": "T1071",
"technique": "Application Layer Protocol"
},
{
"tacticKey": "TA0001",
"tactic": "Initial Access",
"techniqueKey": "T1078",
"technique": "Valid Accounts"
},
{
"tacticKey": "TA0003",
"tactic": "Persistence",
"techniqueKey": "T1078",
"technique": "Valid Accounts"
}
],
"alertName": "Multiple Anomalies",
"priority": "HIGH",
"riskScore": 71,
"queue": "Tier 1 Analyst",
"status": "READ",
"tags": [],
"useCases": [
"Compromised Credentials",
"Evasion",
"Malware",
"Abnormal Authentication & Access"
],
"products": [
"NG Analytics"
],
"vendors": [
"Exabeam"
],
"srcHosts": [],
"srcIps": [
"10.0.83.177"
],
"destHosts": [],
"destIps": [
"102.130.113.9"
],
"users": [
"GeorgeMartin"
],
"groupedbyKey": "User",
"groupedbyValue": "georgemartin",
"ingestTimestamp": "2024-04-17T11:47:54.143",
"srcEndpoints": [
{
"ip": "10.0.83.177",
"host": "host164"
}
],
"destEndpoints": [
{
"ip": "102.130.113.9",
"host": "host256"
}
]
}

Workflow Library Example

Get Case with Exabeam and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop