The Search Incidents API lists incidents and related data.

Parameters

ParameterDescription
ExpandExpend.
LimitLimit the number of identities per page.
Next PageToken denoting start of next page.

Example Output

{
	"data": [
		{
			"apps": [],
			"assignee": {
				"userEmail": "Email",
				"userFirstName": "First Name",
				"userId": "Unique ID",
				"userLastName": "Last Name"
			},
			"assigneeId": "Unique id of assignee.",
			"category": "An enumeration.",
			"compliance": [],
			"createdAt": "The date the incident was first reported.",
			"description": "Description",
			"entities": [],
			"id": "Unique id",
			"isResolved": false,
			"policy": {
				"id": "Unique id of policy.",
				"name": "Name of policy.",
				"templateId": "Template ID"
			},
			"policyId": "Unique id of policy.",
			"recommendation": "Recommendation",
			"severity": "An enumeration.",
			"status": "An enumeration.",
			"tactics": [],
			"techniques": [],
			"updatedAt": "The date the incident was last updated.",
			"url": "URL"
		}
	],
	"pagination": {
		"hasMore": false,
		"limit": 20,
		"nextPage": "Token denoting start of next page"
	}
}

Workflow Library Example

Search Incidents with Authomize and Send Results Via Email

Preview this Workflow on desktop