Retrieves a list of the incidents by provided filters (maximum of 10,000 incidents per response). The list of returned incidents can contain one type of the two options: DLP incidents (INCIDENTS) or Discovery incidents (DISCOVERY).

Basic Parameters

ParameterDescription
Filter By ID ListA Comma separated array of incident IDs to filter the results by.
Filter Incidents From DateInclude incidents that were created after the given date.
Filter Incidents Until DateInclude incidents that were created before the given date.
Incident TypeThe incident type.

Advanced Parameters

ParameterDescription
Filter By ActionFilter by the action performed by Forcepoint in response to the incident.
Filter By PolicyFilter by the policy that triggered the incident.
Filter By SeverityFilter by the incident severity.
Filter By StatusFilter by the incident status.
Sort By DateSort the results by date.

Example Output

{
	"incidents": [
		{
			"id": 373623,
			"severity": "HIGH",
			"action": "RELEASED",
			"tag": "Tag",
			"status": "Closed",
			"source": {
				"email_address": "test2@aaa.com"
			},
			"event_id": "7728775614896485765",
			"maximum_matches": 13,
			"transaction_size": 2632,
			"analyzed_by": "Policy Engine  1272021",
			"ignored_incidents": false,
			"event_time": "19/10/2021 10:12:02",
			"incident_time": "19/10/2021 10:12:02",
			"channel": "EMAIL",
			"policies": "Credit Cards; PCI",
			"partition_index": 20211019,
			"destination": "aaa@aaa.net",
			"detected_by": "Protector on 1272021",
			"details": "Automatic Email Subject with",
			"released_incident": true,
			"violation_triggers": 2,
			"file_name": "visa.txt - 1.09 KB"
		}
	],
	"total_count": 1,
	"total_returned": 1
}

Workflow Library Example

Get Incidents with Forcepoint Dlp and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop