Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Get details about an alert.
External DocumentationTo learn more, visit the Lacework documentation.

Parameters

ParameterDescription
Alert IDThe ID of the alert to get details of. Can be retrieved from the ‘List Alerts’ action.
ScopeScope of the details to get.

Example Output

{
	"data": {
		"alertId": 813628,
		"startTime": "2022-06-30T00:00:00.000Z",
		"alertType": "CloudActivityLogIngestionFailed",
		"severity": "High",
		"endTime": "2022-06-30T01:00:00.000Z",
		"lastUserUpdatedTime": "",
		"status": "Open",
		"alertName": "Clone of Cloud Activity log ingestion failure detected",
		"alertInfo": {
			"subject": "Clone of Cloud Activity log ingestion failure detected: `azure-al-india-dnd` (and `3` more) is failing for data ingestion into Lacework",
			"description": "New integration failure detected for azure-al-india-dnd (and 3 more)",
			"supportingFacts": [
				{
					"supportingFactText": "Container Escape",
					"subElements": [
						{
							"supportingFactText": "Use of known container privilege escalation and exploit tools 6 time(s) on host(s) ip-172-18-0-240"
						}
					]
				}
			]
		},
		"entityMap": {
			"API": "{object}",
			"CT_User": "{object}",
			"CT_RawTime": "{object}",
			"Region": "{object}",
			"Resource": "{object}",
			"RulesTriggered": "{object}",
			"SourceIpAddress": "{object}"
		}
	}
}

Workflow Library Example

Get Alert Details with Lacework and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop