Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Retrieves all incidents. Note: Retrieves only actions that were created after 01-01-2023.
External DocumentationTo learn more, visit the Check Point XDR-XPR documentation.

Basic Parameters

ParameterDescription
Date FromThe start date of the time frame by default is 7 days ago.
Date UntilThe end date of the time frame by default is today.
Filter ByThe field to filter by.

Advanced Parameters

ParameterDescription
LimitThe number of results to return, max is 1000.
OffsetThe number of some incidents to skip.

Example Output

{
	"success": true,
	"msg": "<string>",
	"data": {
		"incidents": [
			{
				"summary": "Server server1 was detected running a suspicious jal.exe command immediately after IPS detected a RCE attack from 194.200.154.221.",
				"assignee": "12345678-1234-1234-1234-987654321987",
				"tenantId": "12345678-1234-1234-1234-123456789012",
				"display_id": 1,
				"created_at": "2023-01-01T00:00:00.000Z",
				"updated_at": "2023-01-01T00:00:00.000Z",
				"followUp": true,
				"is_prevented": false,
				"status": "new",
				"mitre_tactics": [
					"TA0001",
					"TA0002"
				],
				"mitre_techniques": [
					"T1111",
					"T1112"
				],
				"sensors": [
					"checkpoint_network_security"
				],
				"indicators": [
					{
						"type": "ip",
						"value": "192.168.1.1"
					}
				],
				"assets": [
					{
						"type": "host",
						"value": "server1"
					}
				],
				"insights": [
					{
						"detection_time": "2023-01-01T00:00:00.000Z",
						"summary": "Server server1 was detected running a suspicious jal.exe command immediately after IPS detected a RCE attack from 194.200.154.221.",
						"severity": "informational",
						"confidence": "low",
						"indicators": [
							{
								"type": "ip",
								"value": "192.168.1.1"
							}
						],
						"assets": [
							{
								"type": "host",
								"value": "server1"
							}
						]
					}
				],
				"severity": "informational",
				"confidence": "low",
				"priority": "informational",
				"id": "123456789123456789123456",
				"firstSeen": "2023-01-01T00:00:00.000Z",
				"lastSeen": "2023-01-01T00:00:00.000Z"
			}
		],
		"count": 1,
		"limit": 641,
		"offset": 2,
		"total": 1
	}
}

Workflow Library Example

List Incidents with Check Point Xdr Xpr and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop