Object properties for incidents

The following objects are included in the response for the incidents parameter.

Name Supported Description
id INCIDENTS, DISCOVERY Unique incident ID.
severity INCIDENTS, DISCOVERY Incident severity.
action INCIDENTS, DISCOVERY

AUDITED, QUARANTINED, BLOCKED, ENCRYPTED, RELEASED, ESG_ACTION

QUARANTINE_WITH_NOTE, UNSHARE_EXTERNAL, UNSHARE_ALL, UNSHARE_INTERNAL

tag INCIDENTS The incident tag. For example, my tag.
status INCIDENTS Incident status.
destination INCIDENTS Destination of the incident that was created. Email recipient if it is an email incident.
details INCIDENTS Summary/Subject title of email of incident if it is email channel, Web site if it is web channel.
released_incident INCIDENTS True/False field that identify if incident was released or not.
event_id INCIDENTS, DISCOVERY Unique event ID.
maximum_matches INCIDENTS, DISCOVERY Threshold number of total matches.
transaction_size

INCIDENTS, DISCOVERY

(by ID only)

Size of the incident forensic.
assigned_to

INCIDENTS, DISCOVERY

(by ID only)

The administrator name assigned to a ticket. For example: admin.
analyzed_by

INCIDENTS, DISCOVERY

(by ID only)

Policy engine which analyzed and created the incident.
ignored_incidents INCIDENTS

TRUE - means that the incident is not shown in UI report.

FALSE - means that the incident is shown in UI report.

event_time INCIDENTS Time of event.
incident_time INCIDENTS, DISCOVERY Time of incident.
channel

INCIDENTS, DISCOVERY

(by filter only)

Channel which created the incident.
policies INCIDENTS, DISCOVERY Which policy was triggered.
partition_index INCIDENTS Incidents table name. This parameter can be used to perform more effective update incident API requests.
detected_by INCIDENTS Which machine/protector detected the incident.
endpoint_type INCIDENTS LAPTOP, DESKTOP, NA
violation_triggers

INCIDENTS, DISCOVERY

(by ID only)

Violation triggered objects. See Violation trigger object properties.
file_name INCIDENTS Network incident file name that triggered incident creation.
file_path DISCOVERY Discovery incident file path that triggered incident creation.
history

INCIDENTS, DISCOVERY

(by ID only)

Historical trail of incident. See History array object properties.
sources

INCIDENTS, DISCOVERY

(by ID only)

Transaction source (from where the transaction is originated).