List Alerts
Get a list of alerts during the specified date range.
External Documentation
To learn more, visit the Lacework documentation.
Parameters
| Parameter | Description |
|---|---|
| End Time | Query for changed files until given timestamp. |
| Start Time | Query for changed files since given timestamp. |
Example Output
{
"paging": {
"rows": 1000,
"totalRows": 3120,
"urls": {
"nextPage": "https://YourLacework.lacework.net/api/v2/Alerts/AbcdEfgh123..."
}
},
"data": [
{
"alertId": 855628,
"startTime": "2022-06-30T00:00:00.000Z",
"alertType": "MaliciousFile",
"severity": "Critical",
"internetExposure": "UnknownInternetExposure",
"reachability": "UnknownReachability",
"derivedFields": {
"category": "Anomaly",
"sub_category": "File",
"source": "Agent"
},
"endTime": "2022-06-30T01:00:00.000Z",
"lastUserUpdatedTime": "",
"status": "Open",
"alertName": "Clone of Cloud Activity log ingestion failure detected",
"alertInfo": {
"subject": "Clone of Cloud Activity log ingestion failure detected: `azure-al-india-dnd` (and `3` more) is failing for data ingestion into Lacework",
"description": "New integration failure detected for azure-al-india-dnd (and 3 more)"
},
"policyId": "CUSTOM_PLATFORM_130"
},
{
"alertId": 855629,
"startTime": "2022-06-30T00:00:00.000Z",
"alertType": "ChangedFile",
"severity": "Critical",
"internetExposure": "UnknownInternetExposure",
"reachability": "UnknownReachability",
"derivedFields": {
"category": "Policy",
"sub_category": "File",
"source": "Agent"
},
"endTime": "2022-06-30T01:00:00.000Z",
"lastUserUpdatedTime": "2022-06-30T01:26:51.392Z",
"status": "Open",
"alertName": "Unauthorized API Call",
"alertInfo": {
"subject": "Unauthorized API Call: For account: `1234567890`: Unauthorized API call was attempted `4` times",
"description": "For account: 1234567890: Unauthorized API call was attempted 4 times by user ABCD1234:Lacework"
}
}
]
}
Workflow Library Example
List Alerts with Lacework and Send Results Via Email
Preview this Workflow on desktop