List Incidents
Retrieve list of incidents.
Basic Parameters
| Parameter | Description |
|---|---|
| From Date | Include incidents that were created after the given date. Represent in Unix epoch timestamp. |
| Incident Status | The status of the incident. |
| Range Type | - |
| To Date | Include incidents that were created before the given date. Represent in Unix epoch timestamp. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Max | The maximum number of records to return. |
| Offset | The offset of the item at which to begin the response. |
| Sort | Sort the order of the result. |
Example Output
{
"status": "OK",
"messages": [
"Get incident details for incident ID [2293]"
],
"result": {
"data": {
"totalIncidents": 1.0,
"incidentItems": [
{
"violatorText": "TESTAUTOCASE2",
"lastUpdateDate": 1683203728925,
"violatorId": "TESTAUTOCASE2",
"incidentType": "HighRiskRTActivityAccount",
"incidentId": "2293",
"incidentStatus": "Do Not Change",
"riskscore": 0.0,
"assignedGroup": "TestAutomation_Group",
"priority": "Low",
"reason": [
"ResourceType: mvkApr10",
"Policy: ActAcc4",
"Threat: Abnormal DNS record type queries"
],
"entity": "RTActivityAccount",
"workflowName": "Test_INC",
"url": "https://10.0.0.81:8479/Snypr/configurableDashboards/view?&type=incident&id=2293",
"isWhitelisted": false,
"watchlisted": false,
"tenantInfo": {
"tenantid": 1,
"tenantname": "Optimus",
"tenantcolor": "",
"tenantshortcode": "OP"
},
"statusCompleted": false,
"sandBoxPolicy": false,
"parentCaseId": "",
"casecreatetime": 1683187893436,
"bulkactionallowed": true,
"type": "HighRiskRTActivityAccount",
"caseEventStartTime": 1681736367757,
"solrquery": "index = violation and @policyname=\"ActAcc4\" and @accountname=\"TESTAUTOCASE2\" and @tenantname=\"Optimus\" and generationtime between \"04/17/2023 07:59:27\" \"05/04/2023 17:33:04\"",
"policystarttime": 1681736367757,
"policyendtime": 1683239584337,
"verboseinfo": "Account TESTAUTOCASE2 performed Logon failure 2 from ipaddress 111.93.188.91"
}
]
}
}
}
Workflow Library Example
List Incidents with Securonix and Send Results Via Email
Preview this Workflow on desktop