List Incidents - Blink Documentation

Responses are paginated, and clients with a large number of incidents may need to submit multiple requests to obtain the entire datasetSample requestsBasic Search - no filtering: GET /api/external/incident/searchPassing page size and page number: GET /api/external/incident/search?PageNumber=2&PageSize=10Passing date and time: GET /api/external/incident/search?CreatedDateFrom=2021-05-30T14:59:15.449Z&CreatedDateTo=2021-06-30T14:59:15.449ZPassing Brand names - BrandName requires to be Encoded. e.g. Brother’s -> Brother%27s: GET /api/external/incident/search?BrandNames=Brother%27sPassing arrays: GET /api/external/incident/search?BrandNames=Brother-1&BrandNames=Brother-2.

External DocumentationTo learn more, visit the PhishLabs documentation.

Basic Parameters

Parameter	Description
Sort Field	Contains a list of filter fields that can participate in order by.
Sort Order	Represents available sort types.

Advanced Parameters

Parameter	Description
Brand Names	The Brands of incidents to be returned. This list is unique to your organization. See existing incidents in the Web App for examples, or contact your PhishLabs representative for a comprehensive list.
Created Date From	The minimum date and time that incidents were created. Format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SS.SSS+HH:MM (ISO).
Created Date To	The maximum date and time that incidents were created. Format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SS.SSS+HH:MM (ISO).
Incident Severity Codes	The severity of incidents to be returned.
Incident Status Codes	The statuses of incidents to be returned.
Incident Status Reason Codes	The Status Reasons of Closed or Persistent Threat incidents to be returned.
Incident Type Code	An incident type code.
Last Modified Date From	The minimum date and time that incidents were modified. Format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SS.SSS+HH:MM (ISO).
Last Modified Date To	The maximum date and time that incidents were modified. Format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SS.SSS+HH:MM (ISO).
Page Number	The page you want to fetch. Default: 1.
Page Size	The number of items to be returned on a single page. Default: 100. Max: 200.
Threat Type Codes	The type of Threats to be returned. Threat Types ending with “SM” are Social Media, “DW” are Dark Web.

Example Output

{
	"items": [
		{
			"brandName": "A Brand name.",
			"changeLogs": [
				{
					"content": "A content of the record.",
					"createdBy": "Who created this record.",
					"timeStamp": "A created date of the record."
				}
			],
			"created": "An incident created date.",
			"createdBy": "Who created this incident.",
			"executiveName": "A name of executive.",
			"id": 0,
			"incidentType": "A type of the incident.",
			"lastModified": "Last modified date.",
			"observables": [
				{
					"id": 0,
					"type": "A type of the Observable.",
					"url": "A URL of the Post, Social profile or Event."
				}
			],
			"severity": "An incident severity.",
			"status": "A status of the incident.",
			"statusReason": "A reason of the incident status, if available.",
			"summary": "An incident summary.",
			"threatType": "A threat type.",
			"title": "A title of the incident."
		}
	],
	"pageNumber": 0,
	"pageSize": 0,
	"pagesCount": 0,
	"totalCount": 0
}

Workflow Library Example

List Incidents with Phishlabs and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Basic Parameters

​Advanced Parameters

​Example Output

​Workflow Library Example

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example