Skip to main content
Returns a single Incident based on the given ID.
External DocumentationTo learn more, visit the PhishLabs Incident Data documentation.

Parameters

ParameterDescription
Extend AttachmentsIf true, the attachment list will contain the following additional attachment types (if available): screenshot & submission. By default, only payload will be included.
Incident IDID of Incident.

Example Output

{
	"incidents": [
		{
			"closed": "2019-09-24T16:40:35Z",
			"created": "2019-09-24T16:17:49Z",
			"description": "This is a malicious phishing email.",
			"details": {
				"attachments": [
					{
						"fileName": "payroll.doc",
						"malicious": true,
						"md5": "f869ce1c8414a264bb11e14a2c8850ed",
						"mimeType": "application/msword",
						"sha256": "07c05679b1cfed895de0d838...",
						"type": "payload",
						"url": "http://incident-bucket.phishlabs.com/donwload/payload_file=payroll.doc"
					}
				],
				"campaignLabel": "ecrim-202003-191",
				"caseType": "Link",
				"classification": "Malicious",
				"emailAddresses": [
					{
						"address": "[email protected]",
						"bodyReplyTo": false,
						"headerReplyTo": false,
						"malicious": true,
						"returnPath": true,
						"sender": true
					}
				],
				"emailBody": "Lorem ipsum dolor sit amet...",
				"emailReceivedDate": "Sat, 17 Nov 2018 16:10:08 +0530",
				"emailReportedBy": "[email protected]",
				"furtherReviewReason": "Email headers required",
				"messageID": "[email protected]",
				"offlineUponReview": false,
				"payloadFamily": "WannaCry",
				"sender": "[email protected]",
				"severity": "High",
				"subClassification": "No Threat Detected",
				"submissionMethod": "Attachment",
				"urls": [
					{
						"malicious": false,
						"maliciousDomain": false,
						"url": "https://phishlabs.com"
					}
				]
			},
			"duration": 1366,
			"id": "INC123456",
			"modified": "2019-09-24T16:40:35Z",
			"service": "SEA",
			"status": "closed",
			"title": "Fwd: Phishing Email"
		}
	],
	"metadata": {
		"count": 1
	}
}

Workflow Library Example

Get Incident by Id with Phishlabs Incident Data and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop