Get Incident By ID
Returns a single Incident based on the given ID.
External Documentation
To learn more, visit the PhishLabs Incident Data documentation.
Parameters
| Parameter | Description |
|---|---|
| Extend Attachments | If true, the attachment list will contain the following additional attachment types (if available): screenshot & submission. By default, only payload will be included. |
| Incident ID | ID of Incident. |
Example Output
{
"incidents": [
{
"closed": "2019-09-24T16:40:35Z",
"created": "2019-09-24T16:17:49Z",
"description": "This is a malicious phishing email.",
"details": {
"attachments": [
{
"fileName": "payroll.doc",
"malicious": true,
"md5": "f869ce1c8414a264bb11e14a2c8850ed",
"mimeType": "application/msword",
"sha256": "07c05679b1cfed895de0d838...",
"type": "payload",
"url": "http://incident-bucket.phishlabs.com/donwload/payload_file=payroll.doc"
}
],
"campaignLabel": "ecrim-202003-191",
"caseType": "Link",
"classification": "Malicious",
"emailAddresses": [
{
"address": "sender@example.com",
"bodyReplyTo": false,
"headerReplyTo": false,
"malicious": true,
"returnPath": true,
"sender": true
}
],
"emailBody": "Lorem ipsum dolor sit amet...",
"emailReceivedDate": "Sat, 17 Nov 2018 16:10:08 +0530",
"emailReportedBy": "user@phishlabs.com",
"furtherReviewReason": "Email headers required",
"messageID": "124369.69372.1552996@wb.phishlabs.com",
"offlineUponReview": false,
"payloadFamily": "WannaCry",
"sender": "marclowe@gmail.com",
"severity": "High",
"subClassification": "No Threat Detected",
"submissionMethod": "Attachment",
"urls": [
{
"malicious": false,
"maliciousDomain": false,
"url": "https://phishlabs.com"
}
]
},
"duration": 1366,
"id": "INC123456",
"modified": "2019-09-24T16:40:35Z",
"service": "SEA",
"status": "closed",
"title": "Fwd: Phishing Email"
}
],
"metadata": {
"count": 1
}
}
Workflow Library Example
Get Incident by Id with Phishlabs Incident Data and Send Results Via Email
Preview this Workflow on desktop