Skip to main content
Retrieve detection details by its ID.
External DocumentationTo learn more, visit the Upwind documentation.

Parameters

ParameterDescription
Detection IDThe IDof the detection to retrieve.
Organization IDThe ID of the organization.

Example Output

{
	"id": "string",
	"type": "string",
	"category": "NETWORK",
	"severity": "LOW",
	"status": "PENDING",
	"title": "string",
	"description": "string",
	"resource": {
		"id": "string",
		"external_id": "string",
		"name": "string",
		"type": "string",
		"cloud_provider": "AWS",
		"region": "string",
		"cluster_id": "string",
		"cloud_account_id": "string",
		"cloud_account_name": "string",
		"namespace": "string",
		"internet_exposure": {
			"ingress": {
				"active_communication": true
			}
		},
		"cloud_account_tags": [
			{
				"key": "string",
				"value": "string"
			}
		],
		"risk_categories": [
			"string"
		]
	},
	"triggers": [
		{
			"events": [
				{
					"id": "string",
					"description": "string",
					"event_type": "string",
					"event_time": "2024-07-29T15:51:28.071Z",
					"type": "string",
					"data": {
						"initiator": {
							"type": "string",
							"data": {
								"uid": "string",
								"groups": [
									"string"
								],
								"user_name": "string",
								"user_agent": "string",
								"source_ips": [
									"string"
								]
							}
						}
					}
				}
			],
			"policy_id": "string",
			"policy_name": "string"
		}
	],
	"first_seen_time": "2024-07-29T15:51:28.071Z",
	"last_seen_time": "2024-07-29T15:51:28.071Z",
	"occurrence_count": 0,
	"mitre_attacks": [
		{
			"tactic_id": "string",
			"tactic_name": "string",
			"technique_id": "string",
			"technique_name": "string"
		}
	]
}

Workflow Library Example

Get Detection Details with Upwind and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop