Parameter | Description |
---|---|
Alert ID | The ID of the alert. Can be obtained via the List Alerts action. |
{
"_id": "603f704aaf7417985bbf3b22",
"contextId": "206e2965-6533-48a6-ba9e-794364a84bf9",
"description": "Contoso user performed 11 suspicious activities MITRE Technique used Account Discovery (T1087) and subtechnique used Domain Account (T1087.002)",
"entities": [
{
"entityRole": "Source",
"entityType": 2,
"id": "6204bdaf-ad46-4e99-a25d-374a0532c666",
"inst": 0,
"label": "user1",
"pa": "user1@contoso.com",
"saas": 11161,
"type": "account"
}
]
}
Was this page helpful?