Create Incident - BlinkOps Documentation

Create an incident.

Basic Parameters

Parameter	Description
Account Name	The account name that’s associated with the violation.
Datasource Name	The resource name group.
Entity Type	The type of the entity.
Resource Name	The name of the resource.
Violation Name	The violation policy name.
Workflow	The workflow name.

Advanced Parameters

Parameter	Description
Comment	The comment to add as part of the incident.
Criticality	The criticality of the incident that you are creating.

Example Output

{
	"status": "OK",
	"messages": [
		"Get incident details for incident ID [100317]"
	],
	"result": {
		"data": {
			"totalIncidents": 1.0,
			"incidentItems": [
				{
					"violatorText": "134.119.189.29",
					"lastUpdateDate": 1566337840264,
					"violatorId": "134.119.189.29",
					"incidentType": "Policy",
					"incidentId": "100317",
					"incidentStatus": "Open",
					"riskscore": 3.0,
					"assignedUser": "Admin Admin",
					"priority": "low",
					"reason": [
						"Policy: Repeated Visits to Potentially Malicious address",
						"Threat: Possible C2 Communication"
					],
					"entity": "Activityip",
					"workflowName": "SOCTeamReview",
					"url": "https://saaspocapp2t14wptp.securonix.net/Snypr/configurableDashboards/view?&type=incident&id=100317",
					"isWhitelisted": false,
					"watchlisted": false
				}
			]
		}
	}
}

Workflow Library Example

Create Incident with Securonix and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Basic Parameters

​Advanced Parameters

​Example Output

​Workflow Library Example

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example