> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List Incidents

Retrieves all incidents.
**Note:** Retrieves only actions that were created after 01-01-2023.

<Note>
  External Documentation

  To learn more, visit the [Check Point XDR-XPR documentation](https://app.swaggerhub.com/apis-docs/Check-Point/xdr_xpr_api/2.0.3#/Incidents/ExternalIncidentsControllerV1_findAll).
</Note>

## Basic Parameters

<div className="integrations-table">
  | Parameter  | Description                                                |
  | ---------- | ---------------------------------------------------------- |
  | Date From  | The start date of the time frame by default is 7 days ago. |
  | Date Until | The end date of the time frame by default is today.        |
  | Filter By  | The field to filter by.                                    |
</div>

## Advanced Parameters

<div className="integrations-table">
  | Parameter | Description                                   |
  | --------- | --------------------------------------------- |
  | Limit     | The number of results to return, max is 1000. |
  | Offset    | The number of some incidents to skip.         |
</div>

## Example Output

```json theme={"dark"}
{
	"success": true,
	"msg": "<string>",
	"data": {
		"incidents": [
			{
				"summary": "Server server1 was detected running a suspicious jal.exe command immediately after IPS detected a RCE attack from 194.200.154.221.",
				"assignee": "12345678-1234-1234-1234-987654321987",
				"tenantId": "12345678-1234-1234-1234-123456789012",
				"display_id": 1,
				"created_at": "2023-01-01T00:00:00.000Z",
				"updated_at": "2023-01-01T00:00:00.000Z",
				"followUp": true,
				"is_prevented": false,
				"status": "new",
				"mitre_tactics": [
					"TA0001",
					"TA0002"
				],
				"mitre_techniques": [
					"T1111",
					"T1112"
				],
				"sensors": [
					"checkpoint_network_security"
				],
				"indicators": [
					{
						"type": "ip",
						"value": "192.168.1.1"
					}
				],
				"assets": [
					{
						"type": "host",
						"value": "server1"
					}
				],
				"insights": [
					{
						"detection_time": "2023-01-01T00:00:00.000Z",
						"summary": "Server server1 was detected running a suspicious jal.exe command immediately after IPS detected a RCE attack from 194.200.154.221.",
						"severity": "informational",
						"confidence": "low",
						"indicators": [
							{
								"type": "ip",
								"value": "192.168.1.1"
							}
						],
						"assets": [
							{
								"type": "host",
								"value": "server1"
							}
						]
					}
				],
				"severity": "informational",
				"confidence": "low",
				"priority": "informational",
				"id": "123456789123456789123456",
				"firstSeen": "2023-01-01T00:00:00.000Z",
				"lastSeen": "2023-01-01T00:00:00.000Z"
			}
		],
		"count": 1,
		"limit": 641,
		"offset": 2,
		"total": 1
	}
}
```

## Workflow Library Example

[List Incidents with Check Point Xdr Xpr and Send Results Via Email](https://library.blinkops.com/workflows/list-incidents-with-check-point-xdr-xpr-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/list-incidents-with-check-point-xdr-xpr-and-send-results-via-email/canvas" />
</div>