Create an incident.

Basic Parameters

ParameterDescription
Account NameThe account name that’s associated with the violation.
Datasource NameThe resource name group.
Entity TypeThe type of the entity.
Resource NameThe name of the resource.
Violation NameThe violation policy name.
WorkflowThe workflow name.

Advanced Parameters

ParameterDescription
CommentThe comment to add as part of the incident.
CriticalityThe criticality of the incident that you are creating.

Example Output

{
	"status": "OK",
	"messages": [
		"Get incident details for incident ID [100317]"
	],
	"result": {
		"data": {
			"totalIncidents": 1.0,
			"incidentItems": [
				{
					"violatorText": "134.119.189.29",
					"lastUpdateDate": 1566337840264,
					"violatorId": "134.119.189.29",
					"incidentType": "Policy",
					"incidentId": "100317",
					"incidentStatus": "Open",
					"riskscore": 3.0,
					"assignedUser": "Admin Admin",
					"priority": "low",
					"reason": [
						"Policy: Repeated Visits to Potentially Malicious address",
						"Threat: Possible C2 Communication"
					],
					"entity": "Activityip",
					"workflowName": "SOCTeamReview",
					"url": "https://saaspocapp2t14wptp.securonix.net/Snypr/configurableDashboards/view?&type=incident&id=100317",
					"isWhitelisted": false,
					"watchlisted": false
				}
			]
		}
	}
}

Workflow Library Example

Create Incident with Securonix and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop