Skip to main content
The Retrieve Incident API fetches a particular incident and all its details.

Parameters

ParameterDescription
ExpandSpecify which additional fields to include in the response.
Incident IDUnique ID of the incident.

Example Output

{
	"data": {
		"apps": [],
		"assignee": {
			"userEmail": "Email",
			"userFirstName": "First Name",
			"userId": "Unique ID",
			"userLastName": "Last Name"
		},
		"assigneeId": "Unique id of assignee.",
		"category": "An enumeration.",
		"compliance": [],
		"createdAt": "The date the incident was first reported.",
		"description": "Description",
		"entities": [],
		"id": "Unique id",
		"isResolved": false,
		"policy": {
			"id": "Unique id of policy.",
			"name": "Name of policy.",
			"templateId": "Template ID"
		},
		"policyId": "Unique id of policy.",
		"recommendation": "Recommendation",
		"severity": "An enumeration.",
		"status": "An enumeration.",
		"tactics": [],
		"techniques": [],
		"updatedAt": "The date the incident was last updated.",
		"url": "URL"
	}
}

Workflow Library Example

Get Incident with Authomize and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop
I