Skip to main content
Get incident details by its ID.
External DocumentationTo learn more, visit the Palo Alto Cortex Xsoar documentation.

Parameters

ParameterDescription
Incident IDThe ID of the incident to get details on.

Example Output

{
	"id": "178768",
	"version": 0,
	"cacheVersn": 0,
	"modified": "1970-01-01T00:00:00Z",
	"sizeInBytes": 0,
	"CustomFields": {
		"bmcassignee": [
			{}
		],
		"bmccustomer": [
			{}
		],
		"bmcrequester": [
			{}
		],
		"containmentsla": {
			"accumulatedPause": 0,
			"breachTriggered": false,
			"dueDate": "0001-01-01T00:00:00Z",
			"endDate": "0001-01-01T00:00:00Z",
			"lastPauseDate": "0001-01-01T00:00:00Z",
			"runStatus": "idle",
			"sla": 30,
			"slaStatus": -1,
			"startDate": "0001-01-01T00:00:00Z",
			"totalDuration": 0
		},
		"crowdstrikefalconbehaviourpatterndispositiondetails": [
			{},
			{},
			{}
		],
		"datadogcloudsiem": [
			{},
			{},
			{}
		],
		"dataminrpulserelatedterms": [
			{},
			{},
			{}
		],
		"decyfirdatadetails": [
			{},
			{},
			{}
		],
		"detectionsla": {
			"accumulatedPause": 0,
			"breachTriggered": false,
			"dueDate": "0001-01-01T00:00:00Z",
			"endDate": "0001-01-01T00:00:00Z",
			"lastPauseDate": "0001-01-01T00:00:00Z",
			"runStatus": "idle",
			"sla": 20,
			"slaStatus": -1,
			"startDate": "0001-01-01T00:00:00Z",
			"totalDuration": 0
		},
		"domaintoolsirisdetect": [
			{},
			{},
			{}
		],
		"endpoint": [
			{}
		],
		"externalid": "178768",
		"extrahoprevealxdetectiondevices": [
			{},
			{},
			{}
		],
		"extrahoprevealxmitretechniques": [
			{},
			{},
			{}
		],
		"filerelationships": [
			{},
			{},
			{}
		],
		"fortisiemattacktactics": [
			{},
			{}
		],
		"fortisiemevents": [
			{}
		],
		"incidentduration": {
			"accumulatedPause": 0,
			"breachTriggered": false,
			"dueDate": "0001-01-01T00:00:00Z",
			"endDate": "0001-01-01T00:00:00Z",
			"lastPauseDate": "0001-01-01T00:00:00Z",
			"runStatus": "idle",
			"sla": 0,
			"slaStatus": -1,
			"startDate": "0001-01-01T00:00:00Z",
			"totalDuration": 0
		},
		"incidentrdpachehuntingstringssimilarity": [
			{},
			{},
			{}
		],
		"incidentrdpcachehuntingstringsifter": [
			{},
			{},
			{}
		],
		"inventasource": [
			{}
		],
		"microsoftsentinelowner": [],
		"qintelqwatchexposures": [
			{},
			{},
			{}
		],
		"remediationsla": {
			"accumulatedPause": 0,
			"breachTriggered": false,
			"dueDate": "0001-01-01T00:00:00Z",
			"endDate": "0001-01-01T00:00:00Z",
			"lastPauseDate": "0001-01-01T00:00:00Z",
			"runStatus": "idle",
			"sla": 7200,
			"slaStatus": -1,
			"startDate": "0001-01-01T00:00:00Z",
			"totalDuration": 0
		},
		"rsametasevents": [],
		"rsarawlogslist": [],
		"securitypolicymatch": [
			{}
		],
		"similarincidentsdbot": [
			{}
		],
		"spycloudcompassdevicedata": [
			{},
			{},
			{}
		],
		"suspiciousexecutions": [
			{},
			{},
			{}
		],
		"timetoassignment": {
			"accumulatedPause": 0,
			"breachTriggered": false,
			"dueDate": "0001-01-01T00:00:00Z",
			"endDate": "0001-01-01T00:00:00Z",
			"lastPauseDate": "0001-01-01T00:00:00Z",
			"runStatus": "idle",
			"sla": 0,
			"slaStatus": -1,
			"startDate": "0001-01-01T00:00:00Z",
			"totalDuration": 0
		},
		"triagesla": {
			"accumulatedPause": 0,
			"breachTriggered": false,
			"dueDate": "0001-01-01T00:00:00Z",
			"endDate": "0001-01-01T00:00:00Z",
			"lastPauseDate": "0001-01-01T00:00:00Z",
			"runStatus": "idle",
			"sla": 30,
			"slaStatus": -1,
			"startDate": "0001-01-01T00:00:00Z",
			"totalDuration": 0
		},
		"urlsslverification": [],
		"xdralertsearchresults": [
			{},
			{},
			{}
		],
		"xdrinvestigationresults": [
			{},
			{},
			{},
			{
				"columnheader1": ""
			},
			{},
			{
				"columnheader1": ""
			},
			{},
			{}
		],
		"xpanseserviceclassifications": [
			{},
			{},
			{}
		],
		"xpanseservicevalidation": [
			{
				"columnheader1": ""
			},
			{},
			{}
		]
	},
	"account": "",
	"autime": 1712843499584000000,
	"type": "default_type",
	"rawType": "default_type",
	"name": "delete_integration_instance_ESEDFV0U",
	"rawName": "delete_integration_instance_ESEDFV0U",
	"status": 0,
	"custom_status": "",
	"resolution_status": "",
	"reason": "",
	"created": "2024-04-11T13:51:39.584Z",
	"occurred": "2024-04-11T13:51:38.183347Z",
	"closed": "0001-01-01T00:00:00Z",
	"sla": 0,
	"severity": 0,
	"investigationId": "",
	"labels": [
		{
			"value": "Rocket Incident Generator",
			"type": "Brand"
		},
		{
			"value": "delete_integration_instance_ESEDFV0U",
			"type": "Instance"
		},
		{
			"value": "bar",
			"type": "foo"
		},
		{
			"value": "{\"evidenceBoard\":\"https://fqdn.us.paloaltonetworks.com/EvidenceBoard/temp_a55ff05c-6e11-4544-86cf-f513687fc9fa\",\"investigation\":\"https://fqdn.us.paloaltonetworks.com/Details/temp_a55ff05c-6e11-4544-86cf-f513687fc9fa\",\"relatedIncidents\":\"https://fqdn.us.paloaltonetworks.com/Cluster/temp_a55ff05c-6e11-4544-86cf-f513687fc9fa\",\"server\":\"https://fqdn.us.paloaltonetworks.com\",\"warRoom\":\"https://fqdn.us.paloaltonetworks.com/WarRoom/temp_a55ff05c-6e11-4544-86cf-f513687fc9fa\",\"workPlan\":\"https://fqdn.us.paloaltonetworks.com/WorkPlan/temp_a55ff05c-6e11-4544-86cf-f513687fc9fa\"}",
			"type": "demisto_url"
		}
	],
	"attachment": null,
	"details": "{\"foo\": \"bar\", \"demisto_url\": {\"evidenceBoard\": \"https://fqdn.us.paloaltonetworks.com/EvidenceBoard/temp_a55ff05c-6e11-4544-86cf-f513687fc9fa\", \"investigation\": \"https://fqdn.us.paloaltonetworks.com/Details/temp_a55ff05c-6e11-4544-86cf-f513687fc9fa\", \"relatedIncidents\": \"https://fqdn.us.paloaltonetworks.com/Cluster/temp_a55ff05c-6e11-4544-86cf-f513687fc9fa\", \"server\": \"https://fqdn.us.paloaltonetworks.com\", \"warRoom\": \"https://fqdn.us.paloaltonetworks.com/WarRoom/temp_a55ff05c-6e11-4544-86cf-f513687fc9fa\", \"workPlan\": \"https://fqdn.us.paloaltonetworks.com/WorkPlan/temp_a55ff05c-6e11-4544-86cf-f513687fc9fa\"}}",
	"openDuration": 0,
	"lastOpen": "0001-01-01T00:00:00Z",
	"closingUserId": "",
	"owner": "",
	"activated": "0001-01-01T00:00:00Z",
	"closeReason": "",
	"rawCloseReason": "",
	"closeNotes": "",
	"playbookId": "",
	"dueDate": "0001-01-01T00:00:00Z",
	"reminder": "0001-01-01T00:00:00Z",
	"runStatus": "",
	"notifyTime": "0001-01-01T00:00:00Z",
	"phase": "",
	"rawPhase": "",
	"isPlayground": false,
	"rawJSON": "",
	"parent": "",
	"parentXDRIncident": "",
	"retained": false,
	"category": "",
	"rawCategory": "",
	"linkedIncidents": null,
	"linkedCount": 0,
	"droppedCount": 0,
	"sourceInstance": "delete_integration_instance_ESEDFV0U",
	"sourceBrand": "Rocket Incident Generator",
	"canvases": null,
	"lastJobRunTime": "0001-01-01T00:00:00Z",
	"feedBased": false,
	"dbotMirrorId": "",
	"dbotMirrorInstance": "",
	"dbotMirrorDirection": "",
	"dbotDirtyFields": null,
	"dbotCurrentDirtyFields": null,
	"dbotMirrorTags": null,
	"dbotMirrorLastSync": "0001-01-01T00:00:00Z",
	"isDebug": false
}

Workflow Library Example

Get Incident with Palo Alto Cortex Xsoar and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop