Default hidden filter that excludes false positive incidents (same as in UI):
curl --insecure --location --request POST "https://<DLP Manager IP>:<DLP Manager port>/dlp/rest/v1/incidents/" \
--header "Authorization: Bearer <access token> " \
--header "Content-Type: application/json" \
--data-raw "{
"sort_by": "INSERT_DATE", "type" : "INCIDENTS",
"from_date" : "01/08/2021 16:00:00", "to_date" : "12/08/2021 20:00:00",
"detected_by" : "Endpoint Agent", "analyzed_by": "Policy Engine 100190120a", "event_id" : 5121411628328991975,
"destination" : "Windows Portable Device (WPD)", "policies" : "PCI",
"action" : "BLOCKED",
"source" : "DESKTOP-3NG4NN6\\Lenovo", "status" : "NEW",
"severity" : "MEDIUM", "endpoint_type" : "LAPTOP",
"channel" : "ENDPOINT_REMOVABLE_MEDIA",
"assigned_to" : "admin", "tag" : "Vadim tag"
}"