Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Get incident and message details for a specific incident by its ID.

Basic Parameters

ParameterDescription
End RowThe last row index to return results until.
Incident IDThe ID of the incident to get all details for. Can be obtained from the id field in the Get Incidents Summary action response.
Sort ParamsAn array of JSON objects representing sorting criteria.

For example:
[
  {
    “sort”: “desc”,
    “colId”: “createdAt”
  }
]
Start RowThe first row index to return results from.

Advanced Parameters

ParameterDescription
Confidence FilterThe confidence to filter results by.
DispositionThe disposition to filter results by.
End TimeThe end time of the time range to filter by.
SourceThe source type to filter results by.
Start TimeThe start time of the time range to filter by.
VerdictThe verdict to filter results by.

Example Output

{
	"summary": {
		"id": "63b97d57-0af4-4835-8a3e-8d9fe3949786",
		"sid": 9114748,
		"createdAt": "2024-10-22T23:26:17.239+00:00",
		"updatedAt": "2024-10-22T23:26:24.844+00:00",
		"tenantId": "35873022-0c7d-4118-bca8-ad1eebc682cb",
		"displayld": 781,
		"state": "closed",
		"title": "Message Delivered to bob[@]tricorion[.]tk with link hxxps://theexcelclub[.]com/",
		"closedAt": "2024-10-22T23:26:24.844+00:00",
		"assigned Teamld": "a3672f71-fad5-46e1-a7d5-4d6c2a2b4521",
		"assigned TeamName": "Analyst",
		"falsePositiveCount": 0,
		"messageCount": 2,
		"message SourceData": {
			"hasTapAlert": true,
			"hasAbuseAlert": false,
			"hasSmartSearchImport": false,
			"hasMessageCsvUpload": false
		}
	},
	"comments": [
		{
			"id": "e248ce9d-a1ed-41a1-a277-f6d3efd38ee8",
			"author": "Security Admin User",
			"comment": "This incident has been remediated.",
			"deleted": false,
			"author_id": "a8405822-c771-474c-9154-7d023c710764",
			"tenant_id": "35873022-0c7d-4118-bca8-ad1eebc682cb",
			"comment_id": "5e1bba31-3ce9-4d10-99e6-3644b128abe0",
			"created_at": "2024-11-26T20:51:44.427",
			"updated_at": "2024-11-26T20:51:44.427",
			"incident_id": "e6134e09-6d02-444e-b1a6-7f9d7fe72cc7",
			"activity_type": "comment_addition",
			"activity_details": {}
		}
	],
	"activities": [
		{
			"id": "b0bf87d9-99be-4d8d-8848-4fb9870549a3",
			"content": null,
			"tenant_id": "35873022-0c7d-4118-bca8-ad1eebc682cb",
			"cause_type": "history",
			"comment_id": null,
			"created_at": "2024-10-22T23:26:24.845",
			"updated_at": "2024-10-22T23:26:24.845",
			"incident_id": "63b97d57-0af4-4835-8a3e-8d9fe3949786",
			"occurred at": "2024-10-22T23:26:24.845075",
			"activity_type": "state_change",
			"causing_api_key": null,
			"activity_details": {
				"new_state": "closed",
				"old_state": "open"
			},
			"causing_user_name": null,
			"causing_workflow_name": "Close Incident"
		}
	],
	"total": 2,
	"startRow": 0,
	"endRow": 200,
	"messages": [
		{
			"id": "768c0276-01eb-4e35-b0c3-f97fa9af6b95",
			"sid": 122547986,
			"createdAt": "2024-10-22T23:26:15.976+00:00",
			"updatedAt": "2024-11-26T15:43:28.015+00:00",
			"tenantld": "35873022-0c7d-4118-bca8-ad1eebc682cb",
			"emailld": "9129c5fd-ca52-47a1-b5c3-049ca7d31e4c",
			"messageld": "<DS7PR12MB62861B30D1A2B5714E5473F3AC4C2@DS7PR12MB6286.namprd12.prod.outlook.com>",
			"ppsGuid": "vMojOP7kQU8PdYJIBip0xGnkbo4Krl_j",
			"disposition": "malware",
			"emailSubject": "TDS test mail-3 - PL",
			"emailRecipientId": "768c0276-01eb-4e35-b0c3-f97fa9af6b95",
			"trap Received Time": "2024-10-22T23:26:15.976+00:00",
			"receivedAt": "2024-10-22T23:22:27.760+00:00",
			"remediationStatus": "mailbox_not_found",
			"quarantineStrategy": "forward_and_delete",
			"emailRecipientType": "to",
			"incidentId": "63b97d57-0af4-4835-8a3e-8d9fe3949786",
			"association": "sender_and_subject",
			"mimeContentPresent": false,
			"bodyPresent": false,
			"senderld": "6ba5a494-bedb-4aad-a2f3-a20b8e3887c0",
			"senderAddress": "bad_guy@nefariousdomain.com",
			"senderlp": "148.163.159.21",
			"recipientAddress": "bob@tricorion.tk",
			"lastKnownType": "unknown",
			"tapCleared": false,
			"vip": false,
			"vap": true,
			"reports": 0,
			"messageStatus": {
				"permitted_clicks": 0,
				"message_delivered": true
			},
			"sources": [
				{
					"type": "TapAlert"
				}
			],
			"abuseReporterRank": "not_a_reporter",
			"tap Threat Types": [
				"delivered_url_threat"
			]
		}
	]
}

Workflow Library Example

Get All Incident Details with Proofpoint Threat Protection and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop