Skip to main content
Get incidents summary with optional filtering.

Basic Parameters

ParameterDescription
End RowThe last row index to return results until.
Incident Display IDsA comma-separated list of incident display IDs to filter by.
Sort ParamsAn array of JSON objects representing sorting criteria.

For example:
[
  {
    “sort”: “desc”,
    “colId”: “createdAt”
  }
]
Start RowThe first row index to return results from.

Advanced Parameters

ParameterDescription
Confidence FilterThe confidence to filter results by.
DispositionThe disposition to filter results by.
End TimeThe end time of the time range to filter by.
PriorityThe priority to filter the results by.
SourceThe source type to filter results by.
Start TimeThe start time of the time range to filter by.
State FilterThe state of the incidents to filter by.
VerdictThe verdict to filter results by.

Example Output

{
	"total": 1,
	"startRow": 0,
	"endRow": 1,
	"incidents": [
		{
			"id": "63b97d57-0af4-4835-8a3e-8d9fe3949786",
			"sid": 9114748,
			"createdAt": "2024-10-22T23:26:17.239+00:00",
			"updatedAt": "2024-10-22T23:26:24.844+00:00",
			"tenantId": "35873022-0c7d-4118-bca8-ad1eebc682cb",
			"closedAt": "2024-10-22T23:26:24.844+00:00",
			"displayId": 781,
			"title": "Message Delivered to bob[@]tricorion[.]tk with link hxxps://theexcelclub[.]com/",
			"state": "closed",
			"assignedTeamName": "Analyst",
			"assignedTeamId": "a3672f71-fad5-46e1-a7d5-4d6c2a2b4521",
			"messageCount": 2,
			"vap": true,
			"vip": false,
			"abuseSourceIds": [],
			"sourceTypes": [
				"tap_alert"
			],
			"sourcesData": [
				{
					"type": "TapAlert"
				}
			],
			"commentCount": 1,
			"dispositions": [
				"malware"
			],
			"clearVerdicts": [],
			"clearConfidences": []
		}
	]
}

Workflow Library Example

Get Incidents Summary with Proofpoint Threat Protection and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop