Skip to main content

Documentation Index

Fetch the complete documentation index at: https://learninghub.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Workflows based on this trigger will search for new events every 5 minutes.

Sample Event

{    "alertCreationTimestamp": "2024-04-17T11:45:54.421",    "alertId": "c867bae5-3c21-4c98-a142-953c01dce1df",    "approxLogTime": "2024-04-17T11:41:47.564",    "assignee": "si-user-1@exabeam.com",    "assigneeId": "64f9e3ef1793b179824a8961",    "creationTimestamp": "2024-04-17T11:48:47.559",    "caseId": "e77e5002-bd35-4e7b-a532-cd76341ef6f3",    "creationBy": "system",    "stage": "CLOSED",    "closedReason": "Closed via automation",    "alertDescriptionRt": "Suspicious activity detected on host",    "hasAttachments": false,    "isDeleted": false,    "lastModifiedBy": "si-user-1@exabeam.com",    "lastModifiedTimestamp": "2024-04-17T11:55:19.127",    "mitres": [        {            "tacticKey": "TA0004",            "tactic": "Privilege Escalation",            "techniqueKey": "T1078",            "technique": "Valid Accounts"        },        {            "tacticKey": "TA0011",            "tactic": "Command and Control",            "techniqueKey": "T1090",            "technique": "Proxy"        },        {            "tacticKey": "TA0005",            "tactic": "Defense Evasion",            "techniqueKey": "T1078",            "technique": "Valid Accounts"        },        {            "tacticKey": "TA0011",            "tactic": "Command and Control",            "techniqueKey": "T1071",            "technique": "Application Layer Protocol"        },        {            "tacticKey": "TA0001",            "tactic": "Initial Access",            "techniqueKey": "T1078",            "technique": "Valid Accounts"        },        {            "tacticKey": "TA0003",            "tactic": "Persistence",            "techniqueKey": "T1078",            "technique": "Valid Accounts"        }    ],    "alertName": "Multiple Anomalies",    "priority": "HIGH",    "riskScore": 71,    "queue": "Tier 1 Analyst",    "status": "READ",    "tags": [],    "useCases": [        "Compromised Credentials",        "Evasion",        "Malware",        "Abnormal Authentication & Access"    ],    "products": [        "NG Analytics"    ],    "vendors": [        "Exabeam"    ],    "srcHosts": [],    "srcIps": [        "10.0.83.177"    ],    "destHosts": [],    "destIps": [        "102.130.113.9"    ],    "users": [        "GeorgeMartin"    ],    "groupedbyKey": "User",    "groupedbyValue": "georgemartin",    "ingestTimestamp": "2024-04-17T11:47:54.143",    "srcEndpoints": [        {            "ip": "10.0.83.177",            "host": "host164"        }    ],    "destEndpoints": [        {            "ip": "102.130.113.9",            "host": "host256"        }    ]}