Alert Logic

alert logic mdr provides single pane of glass visibility across public cloud, hybrid, and on premises environments, providing vital insights on your security posture, and detecting and responding to threats to your business prerequisites to authenticate this connector, you need one of the following username and password access key id and secret key capabilities this connector provides the following capabilities add incident feedback close incident get incident history get incident id by friendly id get incident get incident by time get logs/events for incident reopen incident configurations alert logic authentication authenticates using username/access key id and password/secret key configuration parameters parameter description type required url a url to the target host string required username username or access key id string required password password or secret key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add incident feedback update incident feedback for an incident endpoint url /iris/v3/{{accountid}}/{{incidentid}}/feedback method post input argument name type required description accountid string optional unique identifier incidentid string required unique identifier customer feedback string required parameter for add incident feedback customer feedback reason string required reason for feedback allowed values further action, acceptable risk, compensating control, threat not valid, not concluded, other output parameter type description status code number http status code of the response reason string response reason phrase feedback string output field feedback feedback datetime string time value feedback reason string response reason phrase feedback uid string unique identifier feedback user string output field feedback user example \[ { "status code" 200, "reason" "ok", "response headers" {}, "json body" { "feedback" "my feedback", "feedback datetime" "2020 05 25t19 21 04 854130+00 00", "feedback reason" "further action", "feedback uid" "ffffffff ffff ffff ffff ffffffffffff", "feedback user" "user name \<user\@email org>" } } ] close incident close an incident endpoint url /iris/v3/{{accountid}}/{{incidentid}}/complete method post input argument name type required description accountid string optional unique identifier incidentid string required unique identifier notes string required parameter for close incident reason code string required reason for completion allowed values further action, acceptable risk, compensating control, threat not valid, not concluded, other output parameter type description status code number http status code of the response reason string response reason phrase new object output field new notes string output field notes reason code string response reason phrase status string status value status change time string status value old object output field old status string status value status change time string status value example \[ { "status code" 200, "reason" "ok", "response headers" {}, "json body" { "new" {}, "old" {} } } ] get incident fetch a specific incident by its incident id endpoint url /iris/v3/{{accountid}}/{{incidentid}} method get input argument name type required description accountid string optional unique identifier incidentid string required unique identifier return value string optional comma delimited list of "dot notation" string names of desired properties in the result set use if you only want a subset of attributes from the incident output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "reason" "ok", "response headers" {}, "json body" {} } ] get incident history fetch history for an specific incident by its incident id endpoint url /iris/v3/{{accountid}}/{{incidentid}}/history method get input argument name type required description accountid string optional unique identifier incidentid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "reason" "ok", "response headers" {}, "json body" \[ {} ] } ] get incident id by friendly id fetch a specific incident by its friendly id endpoint url /iris/v3/{{accountid}}/friendly/{{friendlyid}} method get input argument name type required description accountid string optional unique identifier friendlyid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "reason" "ok", "response headers" {}, "json body" \[ {} ] } ] get incidents by time fetch incidents last updated within a time span for the specified account endpoint url /iris/v3/{{accountid}}/incidents by time method get input argument name type required description accountid string optional unique identifier return value string optional value for the parameter start time string optional time value end time string optional time value pagination boolean optional parameter for get incidents by time limit number optional parameter for get incidents by time offset number optional parameter for get incidents by time output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "reason" "ok", "response headers" {}, "json body" {} } ] get logs/events for incident get associated logs/events for a incident endpoint url /iris/v3/{{accountid}}/{{incidentid}}/elaborations/associated method get input argument name type required description accountid string optional unique identifier incidentid string required unique identifier returnsource string optional parameter for get logs/events for incident return value string optional comma delimited list of "dot notation" string names of desired properties in the result set use if you only want a subset of attributes from the incident limit number optional maximum number of items in the result set offset number optional the (zero based) offset of the first item in the result set to return output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "reason" "ok", "response headers" {}, "json body" {} } ] reopen incident reopen an incident endpoint url /iris/v3/{{accountid}}/{{incidentid}}/reopen method post input argument name type required description accountid string optional unique identifier incidentid string required unique identifier notes string required parameter for reopen incident output parameter type description status code number http status code of the response reason string response reason phrase new object output field new notes string output field notes reason code string response reason phrase status string status value status change time string status value old object output field old status string status value status change time string status value reason code string response reason phrase notes string output field notes example \[ { "status code" 200, "reason" "ok", "response headers" {}, "json body" { "new" {}, "old" {} } } ] notes alert logic iris api documentation https //console cloudinsight alertlogic com/api/irisalert logic api authentication https //console cloudinsight alertlogic com/api/aims