Get Alert Details
Get details about an alert.
External Documentation
To learn more, visit the Lacework documentation.
Parameters
| Parameter | Description |
|---|---|
| Alert ID | The ID of the alert to get details of. Can be retrieved from the 'List Alerts' action. |
| Scope | Scope of the details to get. |
Example Output
{
"data": {
"alertId": 813628,
"startTime": "2022-06-30T00:00:00.000Z",
"alertType": "CloudActivityLogIngestionFailed",
"severity": "High",
"endTime": "2022-06-30T01:00:00.000Z",
"lastUserUpdatedTime": "",
"status": "Open",
"alertName": "Clone of Cloud Activity log ingestion failure detected",
"alertInfo": {
"subject": "Clone of Cloud Activity log ingestion failure detected: `azure-al-india-dnd` (and `3` more) is failing for data ingestion into Lacework",
"description": "New integration failure detected for azure-al-india-dnd (and 3 more)",
"supportingFacts": [
{
"supportingFactText": "Container Escape",
"subElements": [
{
"supportingFactText": "Use of known container privilege escalation and exploit tools 6 time(s) on host(s) ip-172-18-0-240"
}
]
}
]
},
"entityMap": {
"API": "{object}",
"CT_User": "{object}",
"CT_RawTime": "{object}",
"Region": "{object}",
"Resource": "{object}",
"RulesTriggered": "{object}",
"SourceIpAddress": "{object}"
}
}
}
Workflow Library Example
Get Alert Details with Lacework and Send Results Via Email
Preview this Workflow on desktop