Object properties for incidents

The following objects are included in the response for the incidents parameter.

Name	Supported	Comments
id	INCIDENTS DISCOVERY
severity	INCIDENTS DISCOVERY
action	INCIDENTS DISCOVERY
tag	INCIDENTS
status	INCIDENTS
destination	INCIDENTS
details	INCIDENTS
released_incident	INCIDENTS
event_id	INCIDENTS DISCOVERY
maximum_matches	INCIDENTS DISCOVERY
transaction_size	INCIDENTS DISCOVERY (by ID only)
assigned_to	INCIDENTS DISCOVERY (by ID only)
analyzed_by	INCIDENTS DISCOVERY (by ID only)
ignored_incidents	INCIDENTS
event_time	INCIDENTS
incident_time	INCIDENTS DISCOVERY
channel	INCIDENTS DISCOVERY (by filter only)
policies	INCIDENTS DISCOVERY
partition_index	INCIDENTS
detected_by	INCIDENTS
endpoint_type	INCIDENTS
violation_triggers	INCIDENTS DISCOVERY (by ID only)	Array on main structure
file_name	INCIDENTS
file_path	DISCOVERY