Retrieve incident by incident ID or display ID.

External Documentation

To learn more, visit the Check Point XDR-XPR documentation.

Parameters

ParameterDescription
Incident IDThe incident ID or display ID of the incident to retrieve.

Example Output

{
	"summary": "Server server1 was detected running a suspicious jal.exe command immediately after IPS detected a RCE attack from 194.200.154.221.",
	"assignee": "12345678-1234-1234-1234-987654321987",
	"tenantId": "12345678-1234-1234-1234-123456789012",
	"display_id": 1,
	"created_at": "2023-01-01T00:00:00.000Z",
	"updated_at": "2023-01-01T00:00:00.000Z",
	"followUp": true,
	"is_prevented": false,
	"status": "new",
	"mitre_tactics": [
		"TA0001",
		"TA0002"
	],
	"mitre_techniques": [
		"T1111",
		"T1112"
	],
	"sensors": [
		"checkpoint_network_security"
	],
	"indicators": [
		{
			"type": "ip",
			"value": "192.168.1.1"
		}
	],
	"assets": [
		{
			"type": "host",
			"value": "server1"
		}
	],
	"insights": [
		{
			"detection_time": "2023-01-01T00:00:00.000Z",
			"summary": "Server server1 was detected running a suspicious jal.exe command immediately after IPS detected a RCE attack from 194.200.154.221.",
			"severity": "informational",
			"confidence": "low",
			"indicators": [
				{
					"type": "ip",
					"value": "192.168.1.1"
				}
			],
			"assets": [
				{
					"type": "host",
					"value": "server1"
				}
			]
		}
	],
	"severity": "informational",
	"confidence": "low",
	"priority": "informational",
	"id": "123456789123456789123456",
	"firstSeen": "2023-01-01T00:00:00.000Z",
	"lastSeen": "2023-01-01T00:00:00.000Z"
}

Workflow Library Example

Get Incident with Check Point Xdr Xpr and Send Results Via Email

Preview this Workflow on desktop

Retrieve incident by incident ID or display ID.

External Documentation

To learn more, visit the Check Point XDR-XPR documentation.

Parameters

ParameterDescription
Incident IDThe incident ID or display ID of the incident to retrieve.

Example Output

{
	"summary": "Server server1 was detected running a suspicious jal.exe command immediately after IPS detected a RCE attack from 194.200.154.221.",
	"assignee": "12345678-1234-1234-1234-987654321987",
	"tenantId": "12345678-1234-1234-1234-123456789012",
	"display_id": 1,
	"created_at": "2023-01-01T00:00:00.000Z",
	"updated_at": "2023-01-01T00:00:00.000Z",
	"followUp": true,
	"is_prevented": false,
	"status": "new",
	"mitre_tactics": [
		"TA0001",
		"TA0002"
	],
	"mitre_techniques": [
		"T1111",
		"T1112"
	],
	"sensors": [
		"checkpoint_network_security"
	],
	"indicators": [
		{
			"type": "ip",
			"value": "192.168.1.1"
		}
	],
	"assets": [
		{
			"type": "host",
			"value": "server1"
		}
	],
	"insights": [
		{
			"detection_time": "2023-01-01T00:00:00.000Z",
			"summary": "Server server1 was detected running a suspicious jal.exe command immediately after IPS detected a RCE attack from 194.200.154.221.",
			"severity": "informational",
			"confidence": "low",
			"indicators": [
				{
					"type": "ip",
					"value": "192.168.1.1"
				}
			],
			"assets": [
				{
					"type": "host",
					"value": "server1"
				}
			]
		}
	],
	"severity": "informational",
	"confidence": "low",
	"priority": "informational",
	"id": "123456789123456789123456",
	"firstSeen": "2023-01-01T00:00:00.000Z",
	"lastSeen": "2023-01-01T00:00:00.000Z"
}

Workflow Library Example

Get Incident with Check Point Xdr Xpr and Send Results Via Email

Preview this Workflow on desktop