Get incident by id
curl --request GET \
--url https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}{
"data": {
"source": "Sentinel",
"incident": {
"id": "<string>",
"name": "<string>",
"title": "<string>",
"description": "<string>",
"number": 123,
"type": "<string>",
"source": "Sentinel",
"sourceDisplayName": "<string>",
"lastModificationTime": "2023-11-07T05:31:56Z",
"creationTime": "2023-11-07T05:31:56Z",
"lastActivityTime": "2023-11-07T05:31:56Z",
"severity": "Informational",
"classification": "BenignPositive",
"comment": "<string>",
"classificationReason": "InaccurateData",
"classificationComment": "<string>",
"tactics": [
"<string>"
],
"ruleIds": [
"<string>"
],
"alertProductNames": [
"<string>"
],
"user": {
"id": "<string>",
"displayName": "<string>",
"email": "<string>"
},
"isAssigned": true,
"productId": "<string>",
"status": "Active",
"alertsCount": 123,
"entities": [
{
"id": "<string>",
"type": "User",
"kind": "<string>",
"displayName": "<string>",
"friendlyName": "<string>",
"fileName": "<string>",
"hostName": "<string>",
"accountEntityId": "<string>",
"deviceId": "<string>",
"deviceAzureId": "<string>",
"defenderAtpDeviceId": "<string>",
"defenderEndpointDeviceId": "<string>",
"networkMessageId": "<string>",
"hashAlgorithm": "<string>",
"aadUserId": "<string>",
"emailAddress": "<string>",
"userPrincipalName": "<string>",
"ipAddress": "<string>",
"fileHash": "<string>",
"emailId": "<string>",
"emailSubject": "<string>"
}
],
"workspaceName": "<string>",
"workspaceId": "<string>",
"isDefenderXDRSourced": true
},
"investigationDetails": {
"entities": [
{
"id": "<string>",
"displayName": "<string>",
"fileName": "<string>",
"fileHash": "<string>",
"type": "User",
"friendlyName": "<string>",
"hostName": "<string>",
"kind": "<string>",
"accountEntityId": "<string>",
"networkMessageId": "<string>",
"commandLine": "<string>",
"userUpn": "<string>",
"deviceId": "<string>",
"aadUserId": "<string>",
"entityType": "User",
"isValidEntraIdUser": true,
"isValidEntraIdDevice": true
}
],
"alerts": [
{
"id": "<string>",
"kind": "<string>",
"displayName": "<string>",
"alertName": "<string>",
"vendorName": "<string>",
"type": "<string>",
"description": "<string>",
"timeGenerated": "2023-11-07T05:31:56Z",
"tactics": [
"<string>"
],
"severity": "<string>",
"productName": "<string>",
"deviceId": "<string>"
}
],
"incident": {
"id": "<string>",
"name": "<string>",
"title": "<string>",
"description": "<string>",
"number": 123,
"type": "<string>",
"source": "Sentinel",
"sourceDisplayName": "<string>",
"lastModificationTime": "2023-11-07T05:31:56Z",
"creationTime": "2023-11-07T05:31:56Z",
"lastActivityTime": "2023-11-07T05:31:56Z",
"severity": "Informational",
"classification": "BenignPositive",
"comment": "<string>",
"classificationReason": "InaccurateData",
"classificationComment": "<string>",
"tactics": [
"<string>"
],
"ruleIds": [
"<string>"
],
"alertProductNames": [
"<string>"
],
"user": {
"id": "<string>",
"displayName": "<string>",
"email": "<string>"
},
"isAssigned": true,
"productId": "<string>",
"status": "Active",
"alertsCount": 123,
"entities": [
{
"id": "<string>",
"type": "User",
"kind": "<string>",
"displayName": "<string>",
"friendlyName": "<string>",
"fileName": "<string>",
"hostName": "<string>",
"accountEntityId": "<string>",
"deviceId": "<string>",
"deviceAzureId": "<string>",
"defenderAtpDeviceId": "<string>",
"defenderEndpointDeviceId": "<string>",
"networkMessageId": "<string>",
"hashAlgorithm": "<string>",
"aadUserId": "<string>",
"emailAddress": "<string>",
"userPrincipalName": "<string>",
"ipAddress": "<string>",
"fileHash": "<string>",
"emailId": "<string>",
"emailSubject": "<string>"
}
],
"workspaceName": "<string>",
"workspaceId": "<string>",
"isDefenderXDRSourced": true
},
"incidentComment": [
{
"id": "<string>",
"message": "<string>",
"createdTime": "2023-11-07T05:31:56Z",
"authorEmail": "<string>",
"authorName": "<string>",
"isActivityComment": true,
"isAgentComment": true,
"agentName": "<string>",
"isClosingComment": true,
"ticketNoteId": "<string>",
"ticketId": "<string>"
}
]
},
"evidence": {
"columns": [
"<string>"
],
"rows": [
"<array>"
]
},
"gamebookCatalog": {
"recommended": {
"aiGamebook": {
"id": "<string>",
"tracingId": "<string>",
"incidentId": "<string>",
"source": "Sentinel",
"incidentTitle": "<string>",
"incidentNumber": 123,
"isOcr": true,
"isRecover": true,
"triggedByUserId": "<string>",
"displayName": "<string>",
"modificationDate": "2023-11-07T05:31:56Z",
"creationDate": "2023-11-07T05:31:56Z",
"status": "Pending",
"title": "<string>",
"isAdminRequired": true,
"workspaceId": "<string>",
"workspaceName": "<string>",
"tenantId": "<string>",
"isAutoRun": true,
"originalGamebookId": "<string>",
"originalGamebookTitle": "<string>",
"isRetryGamebook": true,
"isQueued": true,
"playbooks": [
{
"id": "<string>",
"referenceId": "<string>",
"entityId": "<string>",
"name": "<string>",
"description": "<string>",
"entityType": "User",
"affectedEntity": "<string>",
"isRecommended": true,
"status": "Pending",
"errorMessage": "<string>",
"sequence": 123,
"modificationDate": "2023-11-07T05:31:56Z",
"startingDate": "2023-11-07T05:31:56Z",
"finishingDate": "2023-11-07T05:31:56Z",
"executionTime": "<string>",
"tracingId": "<string>",
"parameters": {},
"isAdminRequired": true
}
],
"summary": "<string>"
},
"serviceProviderGamebook": {
"id": "<string>",
"tracingId": "<string>",
"incidentId": "<string>",
"source": "Sentinel",
"incidentTitle": "<string>",
"incidentNumber": 123,
"isOcr": true,
"isRecover": true,
"triggedByUserId": "<string>",
"displayName": "<string>",
"modificationDate": "2023-11-07T05:31:56Z",
"creationDate": "2023-11-07T05:31:56Z",
"status": "Pending",
"title": "<string>",
"isAdminRequired": true,
"workspaceId": "<string>",
"workspaceName": "<string>",
"tenantId": "<string>",
"isAutoRun": true,
"originalGamebookId": "<string>",
"originalGamebookTitle": "<string>",
"isRetryGamebook": true,
"isQueued": true,
"playbooks": [
{
"id": "<string>",
"referenceId": "<string>",
"entityId": "<string>",
"name": "<string>",
"description": "<string>",
"entityType": "User",
"affectedEntity": "<string>",
"isRecommended": true,
"status": "Pending",
"errorMessage": "<string>",
"sequence": 123,
"modificationDate": "2023-11-07T05:31:56Z",
"startingDate": "2023-11-07T05:31:56Z",
"finishingDate": "2023-11-07T05:31:56Z",
"executionTime": "<string>",
"tracingId": "<string>",
"parameters": {},
"isAdminRequired": true
}
],
"summary": "<string>"
}
},
"lastGamebook": {
"id": "<string>",
"tracingId": "<string>",
"incidentId": "<string>",
"source": "Sentinel",
"incidentTitle": "<string>",
"incidentNumber": 123,
"isOcr": true,
"isRecover": true,
"triggedByUserId": "<string>",
"displayName": "<string>",
"modificationDate": "2023-11-07T05:31:56Z",
"creationDate": "2023-11-07T05:31:56Z",
"status": "Pending",
"title": "<string>",
"isAdminRequired": true,
"workspaceId": "<string>",
"workspaceName": "<string>",
"tenantId": "<string>",
"isAutoRun": true,
"originalGamebookId": "<string>",
"originalGamebookTitle": "<string>",
"isRetryGamebook": true,
"isQueued": true,
"playbooks": [
{
"id": "<string>",
"referenceId": "<string>",
"entityId": "<string>",
"name": "<string>",
"description": "<string>",
"entityType": "User",
"affectedEntity": "<string>",
"isRecommended": true,
"status": "Pending",
"errorMessage": "<string>",
"sequence": 123,
"modificationDate": "2023-11-07T05:31:56Z",
"startingDate": "2023-11-07T05:31:56Z",
"finishingDate": "2023-11-07T05:31:56Z",
"executionTime": "<string>",
"tracingId": "<string>",
"parameters": {},
"isAdminRequired": true
}
],
"summary": "<string>"
},
"isPreviousRunAvailable": true,
"isRecommendedAvailable": true,
"aiRecommendedAvailable": true,
"serviceProviderRecommendedAvailable": true
}
},
"meta": {
"requestId": "<string>",
"timestamp": "<string>"
}
}Incidents
Get incident by id
GET
/
api
/
v2
/
workspaces
/
{workspaceId}
/
incidents
/
{source}
/
{incidentId}
Get incident by id
curl --request GET \
--url https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}{
"data": {
"source": "Sentinel",
"incident": {
"id": "<string>",
"name": "<string>",
"title": "<string>",
"description": "<string>",
"number": 123,
"type": "<string>",
"source": "Sentinel",
"sourceDisplayName": "<string>",
"lastModificationTime": "2023-11-07T05:31:56Z",
"creationTime": "2023-11-07T05:31:56Z",
"lastActivityTime": "2023-11-07T05:31:56Z",
"severity": "Informational",
"classification": "BenignPositive",
"comment": "<string>",
"classificationReason": "InaccurateData",
"classificationComment": "<string>",
"tactics": [
"<string>"
],
"ruleIds": [
"<string>"
],
"alertProductNames": [
"<string>"
],
"user": {
"id": "<string>",
"displayName": "<string>",
"email": "<string>"
},
"isAssigned": true,
"productId": "<string>",
"status": "Active",
"alertsCount": 123,
"entities": [
{
"id": "<string>",
"type": "User",
"kind": "<string>",
"displayName": "<string>",
"friendlyName": "<string>",
"fileName": "<string>",
"hostName": "<string>",
"accountEntityId": "<string>",
"deviceId": "<string>",
"deviceAzureId": "<string>",
"defenderAtpDeviceId": "<string>",
"defenderEndpointDeviceId": "<string>",
"networkMessageId": "<string>",
"hashAlgorithm": "<string>",
"aadUserId": "<string>",
"emailAddress": "<string>",
"userPrincipalName": "<string>",
"ipAddress": "<string>",
"fileHash": "<string>",
"emailId": "<string>",
"emailSubject": "<string>"
}
],
"workspaceName": "<string>",
"workspaceId": "<string>",
"isDefenderXDRSourced": true
},
"investigationDetails": {
"entities": [
{
"id": "<string>",
"displayName": "<string>",
"fileName": "<string>",
"fileHash": "<string>",
"type": "User",
"friendlyName": "<string>",
"hostName": "<string>",
"kind": "<string>",
"accountEntityId": "<string>",
"networkMessageId": "<string>",
"commandLine": "<string>",
"userUpn": "<string>",
"deviceId": "<string>",
"aadUserId": "<string>",
"entityType": "User",
"isValidEntraIdUser": true,
"isValidEntraIdDevice": true
}
],
"alerts": [
{
"id": "<string>",
"kind": "<string>",
"displayName": "<string>",
"alertName": "<string>",
"vendorName": "<string>",
"type": "<string>",
"description": "<string>",
"timeGenerated": "2023-11-07T05:31:56Z",
"tactics": [
"<string>"
],
"severity": "<string>",
"productName": "<string>",
"deviceId": "<string>"
}
],
"incident": {
"id": "<string>",
"name": "<string>",
"title": "<string>",
"description": "<string>",
"number": 123,
"type": "<string>",
"source": "Sentinel",
"sourceDisplayName": "<string>",
"lastModificationTime": "2023-11-07T05:31:56Z",
"creationTime": "2023-11-07T05:31:56Z",
"lastActivityTime": "2023-11-07T05:31:56Z",
"severity": "Informational",
"classification": "BenignPositive",
"comment": "<string>",
"classificationReason": "InaccurateData",
"classificationComment": "<string>",
"tactics": [
"<string>"
],
"ruleIds": [
"<string>"
],
"alertProductNames": [
"<string>"
],
"user": {
"id": "<string>",
"displayName": "<string>",
"email": "<string>"
},
"isAssigned": true,
"productId": "<string>",
"status": "Active",
"alertsCount": 123,
"entities": [
{
"id": "<string>",
"type": "User",
"kind": "<string>",
"displayName": "<string>",
"friendlyName": "<string>",
"fileName": "<string>",
"hostName": "<string>",
"accountEntityId": "<string>",
"deviceId": "<string>",
"deviceAzureId": "<string>",
"defenderAtpDeviceId": "<string>",
"defenderEndpointDeviceId": "<string>",
"networkMessageId": "<string>",
"hashAlgorithm": "<string>",
"aadUserId": "<string>",
"emailAddress": "<string>",
"userPrincipalName": "<string>",
"ipAddress": "<string>",
"fileHash": "<string>",
"emailId": "<string>",
"emailSubject": "<string>"
}
],
"workspaceName": "<string>",
"workspaceId": "<string>",
"isDefenderXDRSourced": true
},
"incidentComment": [
{
"id": "<string>",
"message": "<string>",
"createdTime": "2023-11-07T05:31:56Z",
"authorEmail": "<string>",
"authorName": "<string>",
"isActivityComment": true,
"isAgentComment": true,
"agentName": "<string>",
"isClosingComment": true,
"ticketNoteId": "<string>",
"ticketId": "<string>"
}
]
},
"evidence": {
"columns": [
"<string>"
],
"rows": [
"<array>"
]
},
"gamebookCatalog": {
"recommended": {
"aiGamebook": {
"id": "<string>",
"tracingId": "<string>",
"incidentId": "<string>",
"source": "Sentinel",
"incidentTitle": "<string>",
"incidentNumber": 123,
"isOcr": true,
"isRecover": true,
"triggedByUserId": "<string>",
"displayName": "<string>",
"modificationDate": "2023-11-07T05:31:56Z",
"creationDate": "2023-11-07T05:31:56Z",
"status": "Pending",
"title": "<string>",
"isAdminRequired": true,
"workspaceId": "<string>",
"workspaceName": "<string>",
"tenantId": "<string>",
"isAutoRun": true,
"originalGamebookId": "<string>",
"originalGamebookTitle": "<string>",
"isRetryGamebook": true,
"isQueued": true,
"playbooks": [
{
"id": "<string>",
"referenceId": "<string>",
"entityId": "<string>",
"name": "<string>",
"description": "<string>",
"entityType": "User",
"affectedEntity": "<string>",
"isRecommended": true,
"status": "Pending",
"errorMessage": "<string>",
"sequence": 123,
"modificationDate": "2023-11-07T05:31:56Z",
"startingDate": "2023-11-07T05:31:56Z",
"finishingDate": "2023-11-07T05:31:56Z",
"executionTime": "<string>",
"tracingId": "<string>",
"parameters": {},
"isAdminRequired": true
}
],
"summary": "<string>"
},
"serviceProviderGamebook": {
"id": "<string>",
"tracingId": "<string>",
"incidentId": "<string>",
"source": "Sentinel",
"incidentTitle": "<string>",
"incidentNumber": 123,
"isOcr": true,
"isRecover": true,
"triggedByUserId": "<string>",
"displayName": "<string>",
"modificationDate": "2023-11-07T05:31:56Z",
"creationDate": "2023-11-07T05:31:56Z",
"status": "Pending",
"title": "<string>",
"isAdminRequired": true,
"workspaceId": "<string>",
"workspaceName": "<string>",
"tenantId": "<string>",
"isAutoRun": true,
"originalGamebookId": "<string>",
"originalGamebookTitle": "<string>",
"isRetryGamebook": true,
"isQueued": true,
"playbooks": [
{
"id": "<string>",
"referenceId": "<string>",
"entityId": "<string>",
"name": "<string>",
"description": "<string>",
"entityType": "User",
"affectedEntity": "<string>",
"isRecommended": true,
"status": "Pending",
"errorMessage": "<string>",
"sequence": 123,
"modificationDate": "2023-11-07T05:31:56Z",
"startingDate": "2023-11-07T05:31:56Z",
"finishingDate": "2023-11-07T05:31:56Z",
"executionTime": "<string>",
"tracingId": "<string>",
"parameters": {},
"isAdminRequired": true
}
],
"summary": "<string>"
}
},
"lastGamebook": {
"id": "<string>",
"tracingId": "<string>",
"incidentId": "<string>",
"source": "Sentinel",
"incidentTitle": "<string>",
"incidentNumber": 123,
"isOcr": true,
"isRecover": true,
"triggedByUserId": "<string>",
"displayName": "<string>",
"modificationDate": "2023-11-07T05:31:56Z",
"creationDate": "2023-11-07T05:31:56Z",
"status": "Pending",
"title": "<string>",
"isAdminRequired": true,
"workspaceId": "<string>",
"workspaceName": "<string>",
"tenantId": "<string>",
"isAutoRun": true,
"originalGamebookId": "<string>",
"originalGamebookTitle": "<string>",
"isRetryGamebook": true,
"isQueued": true,
"playbooks": [
{
"id": "<string>",
"referenceId": "<string>",
"entityId": "<string>",
"name": "<string>",
"description": "<string>",
"entityType": "User",
"affectedEntity": "<string>",
"isRecommended": true,
"status": "Pending",
"errorMessage": "<string>",
"sequence": 123,
"modificationDate": "2023-11-07T05:31:56Z",
"startingDate": "2023-11-07T05:31:56Z",
"finishingDate": "2023-11-07T05:31:56Z",
"executionTime": "<string>",
"tracingId": "<string>",
"parameters": {},
"isAdminRequired": true
}
],
"summary": "<string>"
},
"isPreviousRunAvailable": true,
"isRecommendedAvailable": true,
"aiRecommendedAvailable": true,
"serviceProviderRecommendedAvailable": true
}
},
"meta": {
"requestId": "<string>",
"timestamp": "<string>"
}
}Documentation Index
Fetch the complete documentation index at: https://docs.contraforce.com/llms.txt
Use this file to discover all available pages before exploring further.
Path Parameters
Available options:
Sentinel, DefenderXDR, QRadar, Splunk, CrowdStrike, SentinelOne Query Parameters
⌘I
Assistant
Responses are generated using AI and may contain mistakes.