Alert Logic

alert logic mdr provides single pane of glass visibility across public cloud, hybrid, and on premises environments, providing vital insights on your security posture, and detecting and responding to threats to your business prerequisites to authenticate this connector, you need one of the following username and password access key id and secret key capabilities this connector provides the following capabilities add incident feedback close incident get incident history get incident id by friendly id get incident get incident by time get logs/events for incident reopen incident notes https //console cloudinsight alertlogic com/api/iris https //console cloudinsight alertlogic com/api/aims configurations alert logic authentication authenticates using username/access key id and password/secret key configuration parameters parameter description type required url a url to the target host string required username username or access key id string required password password or secret key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add incident feedback update incident feedback for an incident endpoint url /iris/v3/{{accountid}}/{{incidentid}}/feedback method post input argument name type required description path parameters accountid string optional parameters for the add incident feedback action path parameters incidentid string required parameters for the add incident feedback action customer feedback string optional parameter for add incident feedback customer feedback reason string optional reason for feedback allowed values further action, acceptable risk, compensating control, threat not valid, not concluded, other input example {"json body" {"customer feedback" "my feedback","customer feedback reason" "further action"}} output parameter type description status code number http status code of the response reason string response reason phrase feedback string output field feedback feedback datetime string time value feedback reason string response reason phrase feedback uid string unique identifier feedback user string output field feedback user output example {"status code" 200,"reason" "ok","response headers" {},"json body" {"feedback" "my feedback","feedback datetime" "2020 05 25t19 21 04 854130+00 00","feedback reason" "further action","feedback uid" "ffffffff ffff ffff ffff ffffffffffff","feedback user" "user name \<user\@email org>"}} close incident close an incident endpoint url /iris/v3/{{accountid}}/{{incidentid}}/complete method post input argument name type required description path parameters accountid string optional parameters for the close incident action path parameters incidentid string required parameters for the close incident action notes string optional parameter for close incident reason code string optional reason for completion allowed values further action, acceptable risk, compensating control, threat not valid, not concluded, other input example {"path parameters" {"accountid" "string","incidentid" "string"},"notes" "string","reason code" "string"} output parameter type description status code number http status code of the response reason string response reason phrase new object output field new new\ notes string output field new\ notes new\ reason code string response reason phrase new\ status string status value new\ status change time string status value old object output field old old status string status value old status change time string status value output example {"status code" 200,"reason" "ok","response headers" {},"json body" {"new" {"notes" "this incident is closed because of y","reason code" "further action","status" "completed","status change time" "2020 05 22t11 09 56 855569+00 00"},"old" {"status" "open","status change time" "2020 05 22t07 54 33 555371+00 00"}}} get incident fetch a specific incident by its incident id endpoint url /iris/v3/{{accountid}}/{{incidentid}} method get input argument name type required description path parameters accountid string optional parameters for the get incident action path parameters incidentid string required parameters for the get incident action parameters return value string optional comma delimited list of "dot notation" string names of desired properties in the result set use if you only want a subset of attributes from the incident input example {"path parameters" {"accountid" "string","incidentid" "string"},"parameters" {"return value" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} get incident history fetch history for an specific incident by its incident id endpoint url /iris/v3/{{accountid}}/{{incidentid}}/history method get input argument name type required description path parameters accountid string optional parameters for the get incident history action path parameters incidentid string required parameters for the get incident history action input example {"path parameters" {"accountid" "string","incidentid" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" \[{"details" {},"historytype" 2012,"message" "incident created","time" 1527253566 384131,"time str" "2018 05 25t13 06 06 384131+00 00","who" "system"}]} get incident id by friendly id fetch a specific incident by its friendly id endpoint url /iris/v3/{{accountid}}/friendly/{{friendlyid}} method get input argument name type required description path parameters accountid string optional parameters for the get incident id by friendly id action path parameters friendlyid string required parameters for the get incident id by friendly id action input example {"path parameters" {"accountid" "string","friendlyid" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" \[{"incidentid" "610de0f9 0001 0020 0002 b58a00000000","humanfriendlyid" "aecbf","accountid" 1234}]} get incidents by time fetch incidents last updated within a time span for the specified account endpoint url /iris/v3/{{accountid}}/incidents by time method get input argument name type required description path parameters accountid string optional parameters for the get incidents by time action parameters return value string optional parameters for the get incidents by time action parameters start time string optional parameters for the get incidents by time action parameters end time string optional parameters for the get incidents by time action parameters pagination boolean optional parameters for the get incidents by time action parameters limit number optional parameters for the get incidents by time action parameters offset number optional parameters for the get incidents by time action input example {"parameters" {"return value" "string","start time" "string","end time" "string","pagination"\ false,"limit" 10,"offset" 5},"path parameters" {"accountid" "1234"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} get logs/events for incident get associated logs/events for a incident endpoint url /iris/v3/{{accountid}}/{{incidentid}}/elaborations/associated method get input argument name type required description path parameters accountid string optional parameters for the get logs/events for incident action path parameters incidentid string required parameters for the get logs/events for incident action parameters returnsource string optional parameters for the get logs/events for incident action parameters return value string optional comma delimited list of "dot notation" string names of desired properties in the result set use if you only want a subset of attributes from the incident parameters limit number optional maximum number of items in the result set parameters offset number optional the (zero based) offset of the first item in the result set to return input example {"path parameters" {"accountid" "string","incidentid" "string"},"parameters" {"returnsource" "string","return value" "string","limit" 123,"offset" 123}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" {}} reopen incident reopen an incident endpoint url /iris/v3/{{accountid}}/{{incidentid}}/reopen method post input argument name type required description path parameters accountid string optional parameters for the reopen incident action path parameters incidentid string required parameters for the reopen incident action notes string optional parameter for reopen incident input example {"path parameters" {"accountid" "string","incidentid" "string"},"notes" "string"} output parameter type description status code number http status code of the response reason string response reason phrase new object output field new new\ notes string output field new\ notes new\ reason code string response reason phrase new\ status string status value new\ status change time string status value old object output field old old status string status value old status change time string status value old reason code string response reason phrase old notes string output field old notes output example {"status code" 200,"reason" "ok","response headers" {},"json body" {"new" {"notes" "reopened because of y","reason code" "other","status" "open","status change time" "2020 05 22t11 09 56 855569+00 00"},"old" {"status" "completed","status change time" "2020 05 22t07 54 33 555371+00 00","reason code" "further action","notes" "closed because of x"}}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt