Create Incident
Create an incident.
Basic Parameters
| Parameter | Description |
|---|---|
| Account Name | The account name that's associated with the violation. |
| Datasource Name | The resource name group. |
| Entity Type | The type of the entity. |
| Resource Name | The name of the resource. |
| Violation Name | The violation policy name. |
| Workflow | The workflow name. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Comment | The comment to add as part of the incident. |
| Criticality | The criticality of the incident that you are creating. |
Example Output
{
"status": "OK",
"messages": [
"Get incident details for incident ID [100317]"
],
"result": {
"data": {
"totalIncidents": 1.0,
"incidentItems": [
{
"violatorText": "134.119.189.29",
"lastUpdateDate": 1566337840264,
"violatorId": "134.119.189.29",
"incidentType": "Policy",
"incidentId": "100317",
"incidentStatus": "Open",
"riskscore": 3.0,
"assignedUser": "Admin Admin",
"priority": "low",
"reason": [
"Policy: Repeated Visits to Potentially Malicious address",
"Threat: Possible C2 Communication"
],
"entity": "Activityip",
"workflowName": "SOCTeamReview",
"url": "https://saaspocapp2t14wptp.securonix.net/Snypr/configurableDashboards/view?&type=incident&id=100317",
"isWhitelisted": false,
"watchlisted": false
}
]
}
}
}
Workflow Library Example
Create Incident with Securonix and Send Results Via Email
Preview this Workflow on desktop