Skip to main content
Get incident details by its ID. Note: To get the incident’s associated messages - use Get All Incident Details action.

Parameters

ParameterDescription
Incident IDThe ID of the incident to get all details for.

Example Output

{
	"summary": {
		"id": "63b97d57-0af4-4835-8a3e-8d9fe3949786",
		"sid": 9114748,
		"createdAt": "2024-10-22T23:26:17.239+00:00",
		"updatedAt": "2024-10-22T23:26:24.844+00:00",
		"tenantId": "35873022-0c7d-4118-bca8-ad1eebc682cb",
		"displayld": 781,
		"state": "closed",
		"title": "Message Delivered to bob[@]tricorion[.]tk with link hxxps://theexcelclub[.]com/",
		"closedAt": "2024-10-22T23:26:24.844+00:00",
		"assigned Teamld": "a3672f71-fad5-46e1-a7d5-4d6c2a2b4521",
		"assigned TeamName": "Analyst",
		"falsePositiveCount": 0,
		"messageCount": 2,
		"message SourceData": {}
	},
	"hasTapAlert": true,
	"hasAbuseAlert": false,
	"hasSmartSearchImport": false,
	"hasMessageCsvUpload": false,
	"comments": [
		{
			"id": "e248ce9d-a1ed-41a1-a277-f6d3efd38ee8",
			"author": "Security Admin User",
			"comment": "This incident has been remediated.",
			"deleted": false,
			"author_id": "a8405822-c771-474c-9154-7d023c710764",
			"tenant_id": "35873022-0c7d-4118-bca8-ad1eebc682cb",
			"comment_id": "5e1bba31-3ce9-4d10-99e6-3644b128abe0",
			"created_at": "2024-11-26T20:51:44.427",
			"updated_at": "2024-11-26T20:51:44.427",
			"incident_id": "e6134e09-6d02-444e-b1a6-7f9d7fe72cc7",
			"activity_type": "comment_addition",
			"activity_details": {}
		}
	],
	"activities": [
		{
			"id": "b0bf87d9-99be-4d8d-8848-4fb9870549a3",
			"content": null,
			"tenant_id": "35873022-0c7d-4118-bca8-ad1eebc682cb",
			"cause_type": "history",
			"comment_id": null,
			"created_at": "2024-10-22T23:26:24.845",
			"updated_at": "2024-10-22T23:26:24.845",
			"incident_id": "63b97d57-0af4-4835-8a3e-8d9fe3949786",
			"occurred_at": "2024-10-22T23:26:24.845075",
			"activity_type": "state_change",
			"causing_api_key": null,
			"activity_details": {
				"new_state": "closed",
				"old_state": "open"
			},
			"causing_user_name": null,
			"causing_workflow_name": "Close Incident"
		}
	]
}

Workflow Library Example

Get Incident Details with Proofpoint Threat Protection and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop