Get Case

Get case details by given ID.

External Documentation

To learn more, visit the Exabeam documentation.

Parameters

Parameter	Description
Case ID	The ID of the case. Can be obtained by the Search Cases action.

Example Output

{
    "alertCreationTimestamp": "2024-04-17T11:45:54.421",
    "alertId": "c867bae5-3c21-4c98-a142-953c01dce1df",
    "approxLogTime": "2024-04-17T11:41:47.564",
    "assignee": "si-user-1@exabeam.com",
    "assigneeId": "64f9e3ef1793b179824a8961",
    "creationTimestamp": "2024-04-17T11:48:47.559",
    "caseId": "e77e5002-bd35-4e7b-a532-cd76341ef6f3",
    "creationBy": "system",
    "stage": "CLOSED",
    "closedReason": "Closed via automation",
    "alertDescriptionRt": "Suspicious activity detected on host",
    "hasAttachments": false,
    "isDeleted": false,
    "lastModifiedBy": "si-user-1@exabeam.com",
    "lastModifiedTimestamp": "2024-04-17T11:55:19.127",
    "mitres": [
        {
            "tacticKey": "TA0004",
            "tactic": "Privilege Escalation",
            "techniqueKey": "T1078",
            "technique": "Valid Accounts"
        },
        {
            "tacticKey": "TA0011",
            "tactic": "Command and Control",
            "techniqueKey": "T1090",
            "technique": "Proxy"
        },
        {
            "tacticKey": "TA0005",
            "tactic": "Defense Evasion",
            "techniqueKey": "T1078",
            "technique": "Valid Accounts"
        },
        {
            "tacticKey": "TA0011",
            "tactic": "Command and Control",
            "techniqueKey": "T1071",
            "technique": "Application Layer Protocol"
        },
        {
            "tacticKey": "TA0001",
            "tactic": "Initial Access",
            "techniqueKey": "T1078",
            "technique": "Valid Accounts"
        },
        {
            "tacticKey": "TA0003",
            "tactic": "Persistence",
            "techniqueKey": "T1078",
            "technique": "Valid Accounts"
        }
    ],
    "alertName": "Multiple Anomalies",
    "priority": "HIGH",
    "riskScore": 71,
    "queue": "Tier 1 Analyst",
    "status": "READ",
    "tags": [],
    "useCases": [
        "Compromised Credentials",
        "Evasion",
        "Malware",
        "Abnormal Authentication & Access"
    ],
    "products": [
        "NG Analytics"
    ],
    "vendors": [
        "Exabeam"
    ],
    "srcHosts": [],
    "srcIps": [
        "10.0.83.177"
    ],
    "destHosts": [],
    "destIps": [
        "102.130.113.9"
    ],
    "users": [
        "GeorgeMartin"
    ],
    "groupedbyKey": "User",
    "groupedbyValue": "georgemartin",
    "ingestTimestamp": "2024-04-17T11:47:54.143",
    "srcEndpoints": [
        {
            "ip": "10.0.83.177",
            "host": "host164"
        }
    ],
    "destEndpoints": [
        {
            "ip": "102.130.113.9",
            "host": "host256"
        }
    ]
}

Workflow Library Example

Get Case with Exabeam and Send Results Via Email

Preview this Workflow on desktop