Get Incidents
Retrieves a list of the incidents by provided filters (maximum of 10,000 incidents per response). The list of returned incidents can contain one type of the two options: DLP incidents (INCIDENTS) or Discovery incidents (DISCOVERY).
Basic Parameters
| Parameter | Description |
|---|---|
| Filter By ID List | A Comma separated array of incident IDs to filter the results by. |
| Filter Incidents From Date | Include incidents that were created after the given date. |
| Filter Incidents Until Date | Include incidents that were created before the given date. |
| Incident Type | The incident type. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Filter By Action | Filter by the action performed by Forcepoint in response to the incident. |
| Filter By Policy | Filter by the policy that triggered the incident. |
| Filter By Severity | Filter by the incident severity. |
| Filter By Status | Filter by the incident status. |
| Sort By Date | Sort the results by date. |
Example Output
{
"incidents": [
{
"id": 373623,
"severity": "HIGH",
"action": "RELEASED",
"tag": "Tag",
"status": "Closed",
"source": {
"email_address": "test2@aaa.com"
},
"event_id": "7728775614896485765",
"maximum_matches": 13,
"transaction_size": 2632,
"analyzed_by": "Policy Engine 1272021",
"ignored_incidents": false,
"event_time": "19/10/2021 10:12:02",
"incident_time": "19/10/2021 10:12:02",
"channel": "EMAIL",
"policies": "Credit Cards; PCI",
"partition_index": 20211019,
"destination": "aaa@aaa.net",
"detected_by": "Protector on 1272021",
"details": "Automatic Email Subject with",
"released_incident": true,
"violation_triggers": 2,
"file_name": "visa.txt - 1.09 KB"
}
],
"total_count": 1,
"total_returned": 1
}
Workflow Library Example
Get Incidents with Forcepoint Dlp and Send Results Via Email
Preview this Workflow on desktop