Skip to main content
Returns a single Incident based on the given ID.
External DocumentationTo learn more, visit the PhishLabs Incident Data documentation.

Parameters

ParameterDescription
Extend AttachmentsIf true, the attachment list will contain the following additional attachment types (if available): screenshot & submission. By default, only payload will be included.
Incident IDID of Incident.

Example Output

{
	"incidents": [
		{
			"closed": "2019-09-24T16:40:35Z",
			"created": "2019-09-24T16:17:49Z",
			"description": "This is a malicious phishing email.",
			"details": {
				"attachments": [
					{
						"fileName": "payroll.doc",
						"malicious": true,
						"md5": "f869ce1c8414a264bb11e14a2c8850ed",
						"mimeType": "application/msword",
						"sha256": "07c05679b1cfed895de0d838...",
						"type": "payload",
						"url": "http://incident-bucket.phishlabs.com/donwload/payload_file=payroll.doc"
					}
				],
				"campaignLabel": "ecrim-202003-191",
				"caseType": "Link",
				"classification": "Malicious",
				"emailAddresses": [
					{
						"address": "sender@example.com",
						"bodyReplyTo": false,
						"headerReplyTo": false,
						"malicious": true,
						"returnPath": true,
						"sender": true
					}
				],
				"emailBody": "Lorem ipsum dolor sit amet...",
				"emailReceivedDate": "Sat, 17 Nov 2018 16:10:08 +0530",
				"emailReportedBy": "user@phishlabs.com",
				"furtherReviewReason": "Email headers required",
				"messageID": "124369.69372.1552996@wb.phishlabs.com",
				"offlineUponReview": false,
				"payloadFamily": "WannaCry",
				"sender": "marclowe@gmail.com",
				"severity": "High",
				"subClassification": "No Threat Detected",
				"submissionMethod": "Attachment",
				"urls": [
					{
						"malicious": false,
						"maliciousDomain": false,
						"url": "https://phishlabs.com"
					}
				]
			},
			"duration": 1366,
			"id": "INC123456",
			"modified": "2019-09-24T16:40:35Z",
			"service": "SEA",
			"status": "closed",
			"title": "Fwd: Phishing Email"
		}
	],
	"metadata": {
		"count": 1
	}
}

Workflow Library Example

Get Incident by Id with Phishlabs Incident Data and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop