Update Incident
Updates a Forcepoint DLP incident.
Parameters
| Parameter | Description |
|---|---|
| Action Type | The action to be performed on the incidents. |
| Action Value | Additional value per action type: - STATUS: One of NEW, IN_PROCESS, CLOSE, FALSE_POSITIVE, ESCALATED or a custom status. - SEVERITY: One of HIGH, MEDIUM or LOW. - ASSIGN_TO: The admin name which will be assigned. - TAG: The name of the tag (maximum 100 characters). - FALSE_POSITIVE: either 1 (ignore) or 0 (include). |
| Comment | A comment for the performed action. Supported only for the following action types: - ADD_COMMENT - ASSIGN_TO - TAG - RELEASE (not supported for DISCOVERY incident type) - FALSE_POSITIVE |
| Incident ID | The ID of the incident to be updated. |
| Incident Type | The incident type. |
Workflow Library Example
Update Incident with Forcepoint Dlp and Send Results Via Email
Preview this Workflow on desktop