Get details about an alert.
External Documentation
To learn more, visit the Lacework documentation.
Parameter | Description |
---|---|
Alert ID | The ID of the alert to get details of. Can be retrieved from the ‘List Alerts’ action. |
Scope | Scope of the details to get. |
{
"data": {
"alertId": 813628,
"startTime": "2022-06-30T00:00:00.000Z",
"alertType": "CloudActivityLogIngestionFailed",
"severity": "High",
"endTime": "2022-06-30T01:00:00.000Z",
"lastUserUpdatedTime": "",
"status": "Open",
"alertName": "Clone of Cloud Activity log ingestion failure detected",
"alertInfo": {
"subject": "Clone of Cloud Activity log ingestion failure detected: `azure-al-india-dnd` (and `3` more) is failing for data ingestion into Lacework",
"description": "New integration failure detected for azure-al-india-dnd (and 3 more)",
"supportingFacts": [
{
"supportingFactText": "Container Escape",
"subElements": [
{
"supportingFactText": "Use of known container privilege escalation and exploit tools 6 time(s) on host(s) ip-172-18-0-240"
}
]
}
]
},
"entityMap": {
"API": "{object}",
"CT_User": "{object}",
"CT_RawTime": "{object}",
"Region": "{object}",
"Resource": "{object}",
"RulesTriggered": "{object}",
"SourceIpAddress": "{object}"
}
}
}
Get Alert Details with Lacework and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?
Get details about an alert.
External Documentation
To learn more, visit the Lacework documentation.
Parameter | Description |
---|---|
Alert ID | The ID of the alert to get details of. Can be retrieved from the ‘List Alerts’ action. |
Scope | Scope of the details to get. |
{
"data": {
"alertId": 813628,
"startTime": "2022-06-30T00:00:00.000Z",
"alertType": "CloudActivityLogIngestionFailed",
"severity": "High",
"endTime": "2022-06-30T01:00:00.000Z",
"lastUserUpdatedTime": "",
"status": "Open",
"alertName": "Clone of Cloud Activity log ingestion failure detected",
"alertInfo": {
"subject": "Clone of Cloud Activity log ingestion failure detected: `azure-al-india-dnd` (and `3` more) is failing for data ingestion into Lacework",
"description": "New integration failure detected for azure-al-india-dnd (and 3 more)",
"supportingFacts": [
{
"supportingFactText": "Container Escape",
"subElements": [
{
"supportingFactText": "Use of known container privilege escalation and exploit tools 6 time(s) on host(s) ip-172-18-0-240"
}
]
}
]
},
"entityMap": {
"API": "{object}",
"CT_User": "{object}",
"CT_RawTime": "{object}",
"Region": "{object}",
"Resource": "{object}",
"RulesTriggered": "{object}",
"SourceIpAddress": "{object}"
}
}
}
Get Alert Details with Lacework and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?