Get case details by given ID.
External DocumentationTo learn more, visit the Exabeam documentation.

Parameters

ParameterDescription
Case IDThe ID of the case. Can be obtained by the Search Cases action.

Example Output

{
	"alertCreationTimestamp": "2024-04-17T11:45:54.421",
	"alertId": "c867bae5-3c21-4c98-a142-953c01dce1df",
	"approxLogTime": "2024-04-17T11:41:47.564",
	"assignee": "si-user-1@exabeam.com",
	"assigneeId": "64f9e3ef1793b179824a8961",
	"creationTimestamp": "2024-04-17T11:48:47.559",
	"caseId": "e77e5002-bd35-4e7b-a532-cd76341ef6f3",
	"creationBy": "system",
	"stage": "CLOSED",
	"closedReason": "Closed via automation",
	"alertDescriptionRt": "Suspicious activity detected on host",
	"hasAttachments": false,
	"isDeleted": false,
	"lastModifiedBy": "si-user-1@exabeam.com",
	"lastModifiedTimestamp": "2024-04-17T11:55:19.127",
	"mitres": [
		{
			"tacticKey": "TA0004",
			"tactic": "Privilege Escalation",
			"techniqueKey": "T1078",
			"technique": "Valid Accounts"
		},
		{
			"tacticKey": "TA0011",
			"tactic": "Command and Control",
			"techniqueKey": "T1090",
			"technique": "Proxy"
		},
		{
			"tacticKey": "TA0005",
			"tactic": "Defense Evasion",
			"techniqueKey": "T1078",
			"technique": "Valid Accounts"
		},
		{
			"tacticKey": "TA0011",
			"tactic": "Command and Control",
			"techniqueKey": "T1071",
			"technique": "Application Layer Protocol"
		},
		{
			"tacticKey": "TA0001",
			"tactic": "Initial Access",
			"techniqueKey": "T1078",
			"technique": "Valid Accounts"
		},
		{
			"tacticKey": "TA0003",
			"tactic": "Persistence",
			"techniqueKey": "T1078",
			"technique": "Valid Accounts"
		}
	],
	"alertName": "Multiple Anomalies",
	"priority": "HIGH",
	"riskScore": 71,
	"queue": "Tier 1 Analyst",
	"status": "READ",
	"tags": [],
	"useCases": [
		"Compromised Credentials",
		"Evasion",
		"Malware",
		"Abnormal Authentication & Access"
	],
	"products": [
		"NG Analytics"
	],
	"vendors": [
		"Exabeam"
	],
	"srcHosts": [],
	"srcIps": [
		"10.0.83.177"
	],
	"destHosts": [],
	"destIps": [
		"102.130.113.9"
	],
	"users": [
		"GeorgeMartin"
	],
	"groupedbyKey": "User",
	"groupedbyValue": "georgemartin",
	"ingestTimestamp": "2024-04-17T11:47:54.143",
	"srcEndpoints": [
		{
			"ip": "10.0.83.177",
			"host": "host164"
		}
	],
	"destEndpoints": [
		{
			"ip": "102.130.113.9",
			"host": "host256"
		}
	]
}

Workflow Library Example

Get Case with Exabeam and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop