Basic Parameters

ParameterDescription
Filter By ID ListA Comma separated array of incident IDs to filter the results by.
Filter Incidents From DateInclude incidents that were created after the given date.
Filter Incidents Until DateInclude incidents that were created before the given date.
Incident TypeThe incident type.

Advanced Parameters

ParameterDescription
Filter By ActionFilter by the action performed by Forcepoint in response to the incident.
Filter By PolicyFilter by the policy that triggered the incident.
Filter By SeverityFilter by the incident severity.
Filter By StatusFilter by the incident status.
Sort By DateSort the results by date.

Example Output

{    "incidents": [        {            "id": 373623,            "severity": "HIGH",            "action": "RELEASED",            "tag": "Tag",            "status": "Closed",            "source": {                "email_address": "test2@aaa.com"            },            "event_id": "7728775614896485765",            "maximum_matches": 13,            "transaction_size": 2632,            "analyzed_by": "Policy Engine  1272021",            "ignored_incidents": false,            "event_time": "19/10/2021 10:12:02",            "incident_time": "19/10/2021 10:12:02",            "channel": "EMAIL",            "policies": "Credit Cards; PCI",            "partition_index": 20211019,            "destination": "aaa@aaa.net",            "detected_by": "Protector on 1272021",            "details": "Automatic Email Subject with",            "released_incident": true,            "violation_triggers": 2,            "file_name": "visa.txt - 1.09 KB"        }    ],    "total_count": 1,    "total_returned": 1}

Workflow Library Example

Get Incidents with Forcepoint Dlp and Send Results Via Email

Preview this Workflow on desktop

Was this page helpful?

Forcepoint DLP Custom ActionRelease Quarantined Resource