Responses are paginated, and clients with a large number of incidents may need to submit multiple requests to obtain the entire datasetSample requestsBasic Search - no filtering: GET /api/external/incident/searchPassing page size and page number: GET /api/external/incident/search?PageNumber=2&PageSize=10Passing date and time: GET /api/external/incident/search?CreatedDateFrom=2021-05-30T14:59:15.449Z&CreatedDateTo=2021-06-30T14:59:15.449ZPassing Brand names - BrandName requires to be Encoded. e.g. Brother’s -> Brother%27s: GET /api/external/incident/search?BrandNames=Brother%27sPassing arrays: GET /api/external/incident/search?BrandNames=Brother-1&BrandNames=Brother-2.
External DocumentationTo learn more, visit the PhishLabs documentation.

Basic Parameters

ParameterDescription
Sort FieldContains a list of filter fields that can participate in order by.
Sort OrderRepresents available sort types.

Advanced Parameters

ParameterDescription
Brand NamesThe Brands of incidents to be returned.
This list is unique to your organization.
See existing incidents in the Web App for examples, or contact your PhishLabs representative for a comprehensive list.
Created Date FromThe minimum date and time that incidents were created.
Format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SS.SSS+HH:MM (ISO).
Created Date ToThe maximum date and time that incidents were created.
Format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SS.SSS+HH:MM (ISO).
Incident Severity CodesThe severity of incidents to be returned.
Incident Status CodesThe statuses of incidents to be returned.
Incident Status Reason CodesThe Status Reasons of Closed or Persistent Threat incidents to be returned.
Incident Type CodeAn incident type code.
Last Modified Date FromThe minimum date and time that incidents were modified.
Format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SS.SSS+HH:MM (ISO).
Last Modified Date ToThe maximum date and time that incidents were modified.
Format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SS.SSS+HH:MM (ISO).
Page NumberThe page you want to fetch.
Default: 1.
Page SizeThe number of items to be returned on a single page.
Default: 100.
Max: 200.
Threat Type CodesThe type of Threats to be returned.
Threat Types ending with “SM” are Social Media, “DW” are Dark Web.

Example Output

{
	"items": [
		{
			"brandName": "A Brand name.",
			"changeLogs": [
				{
					"content": "A content of the record.",
					"createdBy": "Who created this record.",
					"timeStamp": "A created date of the record."
				}
			],
			"created": "An incident created date.",
			"createdBy": "Who created this incident.",
			"executiveName": "A name of executive.",
			"id": 0,
			"incidentType": "A type of the incident.",
			"lastModified": "Last modified date.",
			"observables": [
				{
					"id": 0,
					"type": "A type of the Observable.",
					"url": "A URL of the Post, Social profile or Event."
				}
			],
			"severity": "An incident severity.",
			"status": "A status of the incident.",
			"statusReason": "A reason of the incident status, if available.",
			"summary": "An incident summary.",
			"threatType": "A threat type.",
			"title": "A title of the incident."
		}
	],
	"pageNumber": 0,
	"pageSize": 0,
	"pagesCount": 0,
	"totalCount": 0
}

Workflow Library Example

List Incidents with Phishlabs and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop