Retrieve incident by incident ID or display ID.
External Documentation
To learn more, visit the Check Point XDR-XPR documentation.
Parameter | Description |
---|---|
Incident ID | The incident ID or display ID of the incident to retrieve. |
{
"summary": "Server server1 was detected running a suspicious jal.exe command immediately after IPS detected a RCE attack from 194.200.154.221.",
"assignee": "12345678-1234-1234-1234-987654321987",
"tenantId": "12345678-1234-1234-1234-123456789012",
"display_id": 1,
"created_at": "2023-01-01T00:00:00.000Z",
"updated_at": "2023-01-01T00:00:00.000Z",
"followUp": true,
"is_prevented": false,
"status": "new",
"mitre_tactics": [
"TA0001",
"TA0002"
],
"mitre_techniques": [
"T1111",
"T1112"
],
"sensors": [
"checkpoint_network_security"
],
"indicators": [
{
"type": "ip",
"value": "192.168.1.1"
}
],
"assets": [
{
"type": "host",
"value": "server1"
}
],
"insights": [
{
"detection_time": "2023-01-01T00:00:00.000Z",
"summary": "Server server1 was detected running a suspicious jal.exe command immediately after IPS detected a RCE attack from 194.200.154.221.",
"severity": "informational",
"confidence": "low",
"indicators": [
{
"type": "ip",
"value": "192.168.1.1"
}
],
"assets": [
{
"type": "host",
"value": "server1"
}
]
}
],
"severity": "informational",
"confidence": "low",
"priority": "informational",
"id": "123456789123456789123456",
"firstSeen": "2023-01-01T00:00:00.000Z",
"lastSeen": "2023-01-01T00:00:00.000Z"
}
Get Incident with Check Point Xdr Xpr and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?
Retrieve incident by incident ID or display ID.
External Documentation
To learn more, visit the Check Point XDR-XPR documentation.
Parameter | Description |
---|---|
Incident ID | The incident ID or display ID of the incident to retrieve. |
{
"summary": "Server server1 was detected running a suspicious jal.exe command immediately after IPS detected a RCE attack from 194.200.154.221.",
"assignee": "12345678-1234-1234-1234-987654321987",
"tenantId": "12345678-1234-1234-1234-123456789012",
"display_id": 1,
"created_at": "2023-01-01T00:00:00.000Z",
"updated_at": "2023-01-01T00:00:00.000Z",
"followUp": true,
"is_prevented": false,
"status": "new",
"mitre_tactics": [
"TA0001",
"TA0002"
],
"mitre_techniques": [
"T1111",
"T1112"
],
"sensors": [
"checkpoint_network_security"
],
"indicators": [
{
"type": "ip",
"value": "192.168.1.1"
}
],
"assets": [
{
"type": "host",
"value": "server1"
}
],
"insights": [
{
"detection_time": "2023-01-01T00:00:00.000Z",
"summary": "Server server1 was detected running a suspicious jal.exe command immediately after IPS detected a RCE attack from 194.200.154.221.",
"severity": "informational",
"confidence": "low",
"indicators": [
{
"type": "ip",
"value": "192.168.1.1"
}
],
"assets": [
{
"type": "host",
"value": "server1"
}
]
}
],
"severity": "informational",
"confidence": "low",
"priority": "informational",
"id": "123456789123456789123456",
"firstSeen": "2023-01-01T00:00:00.000Z",
"lastSeen": "2023-01-01T00:00:00.000Z"
}
Get Incident with Check Point Xdr Xpr and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?