List Incident Reports - BlinkOps Documentation

Retrieve a list of incident reports showing detected threats and recommended remediations.

External DocumentationTo learn more, visit the Huntress documentation.

Basic Parameters

Parameter	Description
Indicator Type	Select the indicator type to filter the incident reports by.
Limit	The maximum number of results to return per page. Defaults to `10`, with a minimum of `1` and a maximum of `500`.
Page Token	The token used to retrieve the next page of results.
Return All Pages	Automatically fetch all resources, page by page.
Severity	Select the severity to filter the results by.
Sort Direction	Select the sort direction for the results.
Sort Field	Select the field to sort the results by.
Status	Select the status to filter the incident reports by.

Advanced Parameters

Parameter	Description
Agent ID	The ID of the agent to filter the incident reports by. Can be obtained using the `List Agents` action.
Organization ID	The ID of the organization to filter the results by.
Platform	Select the platform to filter the incident reports by.

Example Output

{
	"incident_reports": [
		{
			"id": 1,
			"account_id": 5,
			"agent_id": 12,
			"body": "<Content>",
			"closed_at": "2022-03-15T14:22:00Z",
			"indicator_counts": {
				"footholds": 1,
				"monitored_files": 0,
				"process_detections": 0,
				"ransomware_canaries": 0,
				"antivirus_detections": 0
			},
			"indicator_types": [
				"footholds"
			],
			"organization_id": 4,
			"platform": "windows",
			"remediations": {
				"total_count": 1,
				"has_more": false,
				"items": [
					{
						"id": 1,
						"type": "manual",
						"action": "Delete File",
						"parameters": [
							{
								"name": "path",
								"description": "c:\\windows\\system32\\tasks\\malicious_task"
							}
						],
						"status": "completed",
						"approved_at": "2025-06-26T18:57:03Z",
						"approved_by": {
							"id": "123123",
							"email": "john.smith@example.com",
							"name": "John smith"
						},
						"completed_at": "2025-06-26T18:57:03Z"
					}
				]
			},
			"sent_at": "2022-03-01T21:00:00Z",
			"severity": "low",
			"status": "closed",
			"status_updated_at": "2022-03-15T14:22:00Z",
			"subject": "LOW - Incident on laptop01 (Test)",
			"summary": "Huntress detected a malicious scheduled task on this host. We recommend removing the file and scheduled task listed in the remediation steps below.",
			"updated_at": "2022-03-01T20:31:30Z"
		}
	],
	"pagination": {
		"next_page_url": "string",
		"next_page_token": "string"
	}
}