List Incidents
Responses are paginated, and clients with a large number of incidents may need to submit multiple requests to obtain the entire datasetSample requestsBasic Search - no filtering: GET /api/external/incident/searchPassing page size and page number: GET /api/external/incident/search?PageNumber=2&PageSize=10Passing date and time: GET /api/external/incident/search?CreatedDateFrom=2021-05-30T14:59:15.449Z&CreatedDateTo=2021-06-30T14:59:15.449ZPassing Brand names - BrandName requires to be Encoded. e.g. Brother's -> Brother%27s: GET /api/external/incident/search?BrandNames=Brother%27sPassing arrays: GET /api/external/incident/search?BrandNames=Brother-1&BrandNames=Brother-2.
To learn more, visit the PhishLabs documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Sort Field | Contains a list of filter fields that can participate in order by. |
| Sort Order | Represents available sort types. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Brand Names | The Brands of incidents to be returned.This list is unique to your organization.See existing incidents in the Web App for examples, or contact your PhishLabs representative for a comprehensive list. |
| Created Date From | The minimum date and time that incidents were created.Format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SS.SSS+HH:MM (ISO). |
| Created Date To | The maximum date and time that incidents were created.Format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SS.SSS+HH:MM (ISO). |
| Incident Severity Codes | The severity of incidents to be returned. |
| Incident Status Codes | The statuses of incidents to be returned. |
| Incident Status Reason Codes | The Status Reasons of Closed or Persistent Threat incidents to be returned. |
| Incident Type Code | An incident type code. |
| Last Modified Date From | The minimum date and time that incidents were modified.Format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SS.SSS+HH:MM (ISO). |
| Last Modified Date To | The maximum date and time that incidents were modified.Format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SS.SSS+HH:MM (ISO). |
| Page Number | The page you want to fetch.Default: 1. |
| Page Size | The number of items to be returned on a single page.Default: 100.Max: 200. |
| Threat Type Codes | The type of Threats to be returned.Threat Types ending with "SM" are Social Media, "DW" are Dark Web. |
Example Output
{
"items": [
{
"brandName": "A Brand name.",
"changeLogs": [
{
"content": "A content of the record.",
"createdBy": "Who created this record.",
"timeStamp": "A created date of the record."
}
],
"created": "An incident created date.",
"createdBy": "Who created this incident.",
"executiveName": "A name of executive.",
"id": 0,
"incidentType": "A type of the incident.",
"lastModified": "Last modified date.",
"observables": [
{
"id": 0,
"type": "A type of the Observable.",
"url": "A URL of the Post, Social profile or Event."
}
],
"severity": "An incident severity.",
"status": "A status of the incident.",
"statusReason": "A reason of the incident status, if available.",
"summary": "An incident summary.",
"threatType": "A threat type.",
"title": "A title of the incident."
}
],
"pageNumber": 0,
"pageSize": 0,
"pagesCount": 0,
"totalCount": 0
}
Workflow Library Example
List Incidents with Phishlabs and Send Results Via Email
Preview this Workflow on desktop