Search Incidents
The Search Incidents API lists incidents and related data.
Parameters
| Parameter | Description |
|---|---|
| Expand | Expend. |
| Limit | Limit the number of identities per page. |
| Next Page | Token denoting start of next page. |
Example Output
{
"data": [
{
"apps": [],
"assignee": {
"userEmail": "Email",
"userFirstName": "First Name",
"userId": "Unique ID",
"userLastName": "Last Name"
},
"assigneeId": "Unique id of assignee.",
"category": "An enumeration.",
"compliance": [],
"createdAt": "The date the incident was first reported.",
"description": "Description",
"entities": [],
"id": "Unique id",
"isResolved": false,
"policy": {
"id": "Unique id of policy.",
"name": "Name of policy.",
"templateId": "Template ID"
},
"policyId": "Unique id of policy.",
"recommendation": "Recommendation",
"severity": "An enumeration.",
"status": "An enumeration.",
"tactics": [],
"techniques": [],
"updatedAt": "The date the incident was last updated.",
"url": "URL"
}
],
"pagination": {
"hasMore": false,
"limit": 20,
"nextPage": "Token denoting start of next page"
}
}
Workflow Library Example
Search Incidents with Authomize and Send Results Via Email
Preview this Workflow on desktop