The Search Incidents API lists incidents and related data.

Parameters

ParameterDescription
ExpandSpecify which additional fields to include in the response.
LimitLimit the number of identities per page.
Next PageToken denoting start of next page.

Example Output

{
	"data": [
		{
			"apps": [],
			"assignee": {
				"userEmail": "Email",
				"userFirstName": "First Name",
				"userId": "Unique ID",
				"userLastName": "Last Name"
			},
			"assigneeId": "Unique id of assignee.",
			"category": "An enumeration.",
			"compliance": [],
			"createdAt": "The date the incident was first reported.",
			"description": "Description",
			"entities": [],
			"id": "Unique id",
			"isResolved": false,
			"policy": {
				"id": "Unique id of policy.",
				"name": "Name of policy.",
				"templateId": "Template ID"
			},
			"policyId": "Unique id of policy.",
			"recommendation": "Recommendation",
			"severity": "An enumeration.",
			"status": "An enumeration.",
			"tactics": [],
			"techniques": [],
			"updatedAt": "The date the incident was last updated.",
			"url": "URL"
		}
	],
	"pagination": {
		"hasMore": false,
		"limit": 20,
		"nextPage": "Token denoting start of next page"
	}
}

Workflow Library Example

Search Incidents with Authomize and Send Results Via Email

Preview this Workflow on desktop