External DocumentationTo learn more, visit the LogRhythm documentation.
Parameters
| Parameter | Description |
|---|---|
| Alarm ID | The ID of the alarm whose associated events to retrieve. |
Example Output
Copy
Ask AI
{
"alarmEventsDetails": [
{
"account": "string",
"action": "string",
"amount": 0,
"bytesIn": "string",
"bytesOut": "string",
"classificationId": 0,
"classificationName": "string",
"classificationTypeName": "string",
"command": "string",
"commonEventId": 0,
"cve": "string",
"commonEventName": "string",
"count": 0,
"directionId": 0,
"directionName": "string",
"domain": "string",
"duration": 0,
"entityId": 0,
"entityName": "string",
"group": "string",
"impactedEntityId": 0,
"impactedEntityName": "string",
"impactedHostId": 0,
"impactedHostName": "string",
"impactedInterface": "string",
"impactedIP": "string",
"impactedLocation": {
"countryCode": "string",
"name": "string",
"latitude": 0,
"locationId": 0,
"locationKey": "string",
"longitude": 0,
"parentLocationId": 0,
"recordStatus": "string",
"regionCode": "string",
"type": "string",
"dateUpdated": "string"
},
"impactedMAC": "string",
"impactedName": "string",
"impactedNATIP": "string",
"impactedNATPort": "string",
"impactedNetwork": {
"beginIPRange": {
"value": "string"
},
"dateUpdated": "string",
"riskThreshold": "string",
"endIPRange": {
"value": "string"
},
"entityId": 0,
"hostZone": "string",
"locationId": 0,
"longDesc": "string",
"name": "string",
"networkId": 0,
"recordStatus": "string",
"shortDesc": "string"
},
"impactedPort": 0,
"impactedZone": "string",
"itemsPacketsIn": 0,
"itemsPacketsOut": 0,
"logDate": "string",
"login": "string",
"logMessage": "string",
"logSourceHostId": 0,
"logSourceHostName": "string",
"logSourceName": "string",
"logSourceTypeName": "string",
"messageId": 0,
"mpeRuleId": 0,
"mpeRuleName": "string",
"normalDateMax": "string",
"objectName": "string",
"objectType": "string",
"originEntityId": 0,
"originEntityName": "string",
"originHostId": 0,
"originHostName": "string",
"originInterface": "string",
"originIP": "string",
"originLocation": {
"countryCode": "string",
"name": "string",
"latitude": 0,
"locationId": 0,
"locationKey": "string",
"longitude": 0,
"parentLocationId": 0,
"recordStatus": "string",
"regionCode": "string",
"type": "string",
"dateUpdated": "string"
},
"originMAC": "string",
"originName": "string",
"originNATIP": "string",
"originNATPort": "string",
"originNetwork": {
"beginIPRange": {
"value": "string"
},
"dateUpdated": "string",
"riskThreshold": "string",
"endIPRange": {
"value": "string"
},
"entityId": 0,
"hostZone": "string",
"locationId": 0,
"longDesc": "string",
"name": "string",
"networkId": 0,
"recordStatus": "string",
"shortDesc": "string"
},
"originPort": 0,
"originZone": "string",
"parentProcessId": "string",
"parentProcessName": "string",
"parentProcessPath": "string",
"policy": "string",
"priority": 0,
"process": "string",
"processId": 0,
"protocolId": 0,
"protocolName": "string",
"quantity": 0,
"rate": 0,
"reason": "string",
"recipient": "string",
"result": "string",
"responseCode": "string",
"sender": "string",
"session": "string",
"sessionType": "string",
"serialNumber": "string",
"serviceId": 0,
"serviceName": "string",
"severity": "string",
"status": "string",
"size": 0,
"subject": "string",
"threatId": "string",
"threatName": "string",
"url": "string",
"userAgent": "string",
"vendorInfo": "string",
"vendorMsgId": 0,
"version": "string",
"originUserIdentityName": "string",
"impactedUserIdentityName": "string",
"originUserIdentityId": 0,
"impactedUserIdentityId": 0,
"senderIdentityId": 0,
"senderIdentityName": "string",
"recipientIdentityId": 0,
"recipientIdentityName": "string"
}
],
"statusCode": 0,
"statusMessage": "string",
"responseMessage": "string"
}
Workflow Library Example
Get Events by Alarm Id with Logrhythm and Send Results Via Email