> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Case

Get case details by given ID.

<Note>
  External Documentation

  To learn more, visit the [Exabeam documentation](https://developers.exabeam.com/exabeam/reference/threat-center-get-case-by-id).
</Note>

## Parameters

<div className="integrations-table">
  | Parameter | Description                                                       |
  | --------- | ----------------------------------------------------------------- |
  | Case ID   | The ID of the case. Can be obtained by the `Search Cases` action. |
</div>

## Example Output

```json theme={"dark"}
{
	"alertCreationTimestamp": "2024-04-17T11:45:54.421",
	"alertId": "c867bae5-3c21-4c98-a142-953c01dce1df",
	"approxLogTime": "2024-04-17T11:41:47.564",
	"assignee": "si-user-1@exabeam.com",
	"assigneeId": "64f9e3ef1793b179824a8961",
	"creationTimestamp": "2024-04-17T11:48:47.559",
	"caseId": "e77e5002-bd35-4e7b-a532-cd76341ef6f3",
	"creationBy": "system",
	"stage": "CLOSED",
	"closedReason": "Closed via automation",
	"alertDescriptionRt": "Suspicious activity detected on host",
	"hasAttachments": false,
	"isDeleted": false,
	"lastModifiedBy": "si-user-1@exabeam.com",
	"lastModifiedTimestamp": "2024-04-17T11:55:19.127",
	"mitres": [
		{
			"tacticKey": "TA0004",
			"tactic": "Privilege Escalation",
			"techniqueKey": "T1078",
			"technique": "Valid Accounts"
		},
		{
			"tacticKey": "TA0011",
			"tactic": "Command and Control",
			"techniqueKey": "T1090",
			"technique": "Proxy"
		},
		{
			"tacticKey": "TA0005",
			"tactic": "Defense Evasion",
			"techniqueKey": "T1078",
			"technique": "Valid Accounts"
		},
		{
			"tacticKey": "TA0011",
			"tactic": "Command and Control",
			"techniqueKey": "T1071",
			"technique": "Application Layer Protocol"
		},
		{
			"tacticKey": "TA0001",
			"tactic": "Initial Access",
			"techniqueKey": "T1078",
			"technique": "Valid Accounts"
		},
		{
			"tacticKey": "TA0003",
			"tactic": "Persistence",
			"techniqueKey": "T1078",
			"technique": "Valid Accounts"
		}
	],
	"alertName": "Multiple Anomalies",
	"priority": "HIGH",
	"riskScore": 71,
	"queue": "Tier 1 Analyst",
	"status": "READ",
	"tags": [],
	"useCases": [
		"Compromised Credentials",
		"Evasion",
		"Malware",
		"Abnormal Authentication & Access"
	],
	"products": [
		"NG Analytics"
	],
	"vendors": [
		"Exabeam"
	],
	"srcHosts": [],
	"srcIps": [
		"10.0.83.177"
	],
	"destHosts": [],
	"destIps": [
		"102.130.113.9"
	],
	"users": [
		"GeorgeMartin"
	],
	"groupedbyKey": "User",
	"groupedbyValue": "georgemartin",
	"ingestTimestamp": "2024-04-17T11:47:54.143",
	"srcEndpoints": [
		{
			"ip": "10.0.83.177",
			"host": "host164"
		}
	],
	"destEndpoints": [
		{
			"ip": "102.130.113.9",
			"host": "host256"
		}
	]
}
```

## Workflow Library Example

[Get Case with Exabeam and Send Results Via Email](https://library.blinkops.com/workflows/get-case-with-exabeam-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/get-case-with-exabeam-and-send-results-via-email/canvas" />
</div>
