Root parameters

The following parameters are shown in the request. For examples of requests, see Request examples for the Get Incidents API.

Name Required/ Optional Supported Valid values
type Required INCIDENTS, DISCOVERY INCIDENTS DISCOVERY
ids

Required

(for by IDs filter)

INCIDENTS, DISCOVERY

Comma separated array of incident IDs. Example: [123, 345]

The number of provided IDs is limited to 1,000. Error code 400 is returned if this limit is violated.

Note: If this parameter is provided, it is used where any provided filters are ignored.

sort_by Optional INCIDENTS, DISCOVERY INSERT_DATE
from_date

Required

(for not by IDs filter)

INCIDENTS, DISCOVERY Date in format “dd/MM/yyyy HH:mm:ss” Example: 12/08/2021 16:00:00
to_date

Required

(for not by IDs filter)

INCIDENTS, DISCOVERY Date in format “dd/MM/yyyy HH:mm:ss” Example: 13/08/2021 18:55:00
detected_by Optional INCIDENTS, DISCOVERY

Agent detected the violation.

Example: Endpoint Agent, Crawler 100190120a

analyzed_by Optional INCIDENTS, DISCOVERY

Policy Engine ID.

Example: Policy Engine 100190120a

event_id Optional INCIDENTS, DISCOVERY

Event ID number.

Example: 5121411628328991975

destination Optional INCIDENTS

Destination.

Example: Windows Portable Device (WPD)

policies Optional INCIDENTS Policy that triggered the incident. Example: PCI
action Optional INCIDENTS

AUDITED QUARANTINED BLOCKED ENCRYPTED RELEASED ESG_ACTION

QUARANTINE_WITH_NOTE UNSHARE_EXTERNAL UNSHARE_ALL UNSHARE_INTERNAL

source Optional INCIDENTS

Source.

Example: DESKTOP-3NG4NN6\\Lenovo

status Optional INCIDENTS, DISCOVERY

NEW IN_PROCESS CLOSE FALSE_POSITIVE ESCALATED

Note: Also supports a custom status.

severity Optional INCIDENTS, DISCOVERY HIGH MEDIUM LOW
endpoint_type Optional INCIDENTS LAPTOP DESKTOP NA
channel Optional INCIDENTS

EMAIL ENDPOINT_EMAIL FTP

HTTP HTTPS

ENDPOINT_HTTP ENDPOINT_HTTPS ENDPOINT_PRINTING ENDPOINT_APPLICATION ENDPOINT_REMOVABLE_MEDIA ENDPOINT_LAN ENDPOINT_DISCOVERY CASB_REAL_TIME CASB_NEAR_REAL_TIME CASB_DISCOVERY
assigned_to Optional INCIDENTS, DISCOVERY The administrator name assigned to a ticket Example: admin
tag Optional INCIDENTS, DISCOVERY The Incident tag. Example: my tag

remove_ignored

_incidents

Optional

(default is false)

INCIDENTS, DISCOVERY

Filter out ignored incidents from the results. TRUE

FALSE