Classify Incident
Classify a specific incident as either an attack, a false positive or spam. Scopes: partner.company.classify, company.classify.
Parameters
| Parameter | Description |
|---|---|
| Classifying User Email | User to be set as the incident resolver. Should be an Owner or an Administrator. |
| Company ID | The ID of the company. Can be found under Account Settings -> General & Security -> Company ID. |
| Incident ID | The ID of the incident to classify. |
| New Classification | The new classification of the incident. |
| Previous Classification | The current classification of the incident. |
Example Output
{
"success": true
}
Workflow Library Example
Classify Incident with Ironscales and Send Results Via Email
Preview this Workflow on desktop