Object properties for incidents
The following objects are included in the response for the incidents parameter.
| Name | Supported | Comments |
|---|---|---|
| id | INCIDENTS DISCOVERY | |
| severity | INCIDENTS DISCOVERY | |
| action | INCIDENTS DISCOVERY | |
| tag | INCIDENTS | |
| status | INCIDENTS | |
| destination | INCIDENTS | |
| details | INCIDENTS | |
| released_incident | INCIDENTS | |
| event_id | INCIDENTS DISCOVERY | |
| maximum_matches | INCIDENTS DISCOVERY | |
| transaction_size |
INCIDENTS DISCOVERY (by ID only) |
|
| assigned_to |
INCIDENTS DISCOVERY (by ID only) |
|
| analyzed_by |
INCIDENTS DISCOVERY (by ID only) |
|
| ignored_incidents | INCIDENTS | |
| event_time | INCIDENTS | |
| incident_time | INCIDENTS DISCOVERY | |
| channel |
INCIDENTS DISCOVERY (by filter only) |
|
| policies | INCIDENTS DISCOVERY | |
| partition_index | INCIDENTS | |
| detected_by | INCIDENTS | |
| endpoint_type | INCIDENTS | |
| violation_triggers |
INCIDENTS DISCOVERY (by ID only) |
Array on main structure |
| file_name | INCIDENTS | |
| file_path | DISCOVERY | |
| history |
INCIDENTS DISCOVERY (by ID only) |
|
| sources |
INCIDENTS DISCOVERY (by ID only) |