Skip to main content

Update Incident

Updates a Forcepoint DLP incident.

Parameters

ParameterDescription
Action TypeThe action to be performed on the incidents.
Action ValueAdditional value per action type:
  • STATUS: One of NEW, INPROCESS, CLOSE, FALSEPOSITIVE, ESCALATED or a custom status.
  • SEVERITY: One of HIGH, MEDIUM or LOW.
  • ASSIGN_TO: The admin name which will be assigned.
  • TAG: The name of the tag (maximum 100 characters).
  • FALSE_POSITIVE: either 1 (ignore) or 0 (include).
CommentA comment for the performed action. Supported only for the following action types:
  • ADD_COMMENT
  • ASSIGN_TO
  • TAG
  • RELEASE (not supported for DISCOVERY incident type)
  • FALSE_POSITIVE
Incident IDThe ID of the incident to be updated.
Incident TypeThe incident type.

Workflow Library Example

Update Incident with Forcepoint Dlp and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop