Get incident by id
curl --request GET \
--url https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}import requests
url = "https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}"
response = requests.get(url)
print(response.text)const options = {method: 'GET'};
fetch('https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}"
req, _ := http.NewRequest("GET", url, nil)
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
response = http.request(request)
puts response.read_body{
"data": {
"incident": {
"id": "<string>",
"name": "<string>",
"displayId": "<string>",
"title": "<string>",
"description": "<string>",
"number": 123,
"type": "<string>",
"sourceDisplayName": "<string>",
"lastModificationTime": "2023-11-07T05:31:56Z",
"creationTime": "2023-11-07T05:31:56Z",
"lastActivityTime": "2023-11-07T05:31:56Z",
"comment": "<string>",
"classificationComment": "<string>",
"tactics": [
"<string>"
],
"ruleIds": [
"<string>"
],
"alertProductNames": [
"<string>"
],
"user": {
"id": "<string>",
"displayName": "<string>",
"email": "<string>"
},
"isAssigned": true,
"productId": "<string>",
"alertsCount": 123,
"entities": [
{
"id": "<string>",
"kind": "<string>",
"displayName": "<string>",
"friendlyName": "<string>",
"fileName": "<string>",
"hostName": "<string>",
"accountEntityId": "<string>",
"deviceId": "<string>",
"deviceAzureId": "<string>",
"defenderAtpDeviceId": "<string>",
"defenderEndpointDeviceId": "<string>",
"networkMessageId": "<string>",
"hashAlgorithm": "<string>",
"aadUserId": "<string>",
"emailAddress": "<string>",
"userPrincipalName": "<string>",
"ipAddress": "<string>",
"fileHash": "<string>",
"emailId": "<string>",
"emailSubject": "<string>"
}
],
"workspaceName": "<string>",
"workspaceId": "<string>",
"isDefenderXDRSourced": true
},
"investigationDetails": {
"entities": [
{
"id": "<string>",
"displayName": "<string>",
"fileName": "<string>",
"fileHash": "<string>",
"friendlyName": "<string>",
"hostName": "<string>",
"kind": "<string>",
"accountEntityId": "<string>",
"networkMessageId": "<string>",
"commandLine": "<string>",
"userUpn": "<string>",
"deviceId": "<string>",
"aadUserId": "<string>",
"isValidEntraIdUser": true,
"isValidEntraIdDevice": true
}
],
"alerts": [
{
"id": "<string>",
"kind": "<string>",
"displayName": "<string>",
"alertName": "<string>",
"vendorName": "<string>",
"type": "<string>",
"description": "<string>",
"timeGenerated": "2023-11-07T05:31:56Z",
"tactics": [
"<string>"
],
"severity": "<string>",
"productName": "<string>",
"deviceId": "<string>"
}
],
"incident": {
"id": "<string>",
"name": "<string>",
"displayId": "<string>",
"title": "<string>",
"description": "<string>",
"number": 123,
"type": "<string>",
"sourceDisplayName": "<string>",
"lastModificationTime": "2023-11-07T05:31:56Z",
"creationTime": "2023-11-07T05:31:56Z",
"lastActivityTime": "2023-11-07T05:31:56Z",
"comment": "<string>",
"classificationComment": "<string>",
"tactics": [
"<string>"
],
"ruleIds": [
"<string>"
],
"alertProductNames": [
"<string>"
],
"user": {
"id": "<string>",
"displayName": "<string>",
"email": "<string>"
},
"isAssigned": true,
"productId": "<string>",
"alertsCount": 123,
"entities": [
{
"id": "<string>",
"kind": "<string>",
"displayName": "<string>",
"friendlyName": "<string>",
"fileName": "<string>",
"hostName": "<string>",
"accountEntityId": "<string>",
"deviceId": "<string>",
"deviceAzureId": "<string>",
"defenderAtpDeviceId": "<string>",
"defenderEndpointDeviceId": "<string>",
"networkMessageId": "<string>",
"hashAlgorithm": "<string>",
"aadUserId": "<string>",
"emailAddress": "<string>",
"userPrincipalName": "<string>",
"ipAddress": "<string>",
"fileHash": "<string>",
"emailId": "<string>",
"emailSubject": "<string>"
}
],
"workspaceName": "<string>",
"workspaceId": "<string>",
"isDefenderXDRSourced": true
},
"incidentComment": [
{
"id": "<string>",
"message": "<string>",
"createdTime": "2023-11-07T05:31:56Z",
"authorEmail": "<string>",
"authorName": "<string>",
"isActivityComment": true,
"isAgentComment": true,
"agentName": "<string>",
"isClosingComment": true,
"ticketNoteId": "<string>",
"ticketId": "<string>"
}
]
},
"evidence": {
"columns": [
"<string>"
],
"rows": [
"<array>"
]
},
"gamebookCatalog": {
"recommended": {
"aiGamebook": {
"id": "<string>",
"tracingId": "<string>",
"incidentId": "<string>",
"incidentTitle": "<string>",
"incidentNumber": 123,
"isOcr": true,
"isRecover": true,
"triggedByUserId": "<string>",
"displayName": "<string>",
"modificationDate": "2023-11-07T05:31:56Z",
"creationDate": "2023-11-07T05:31:56Z",
"title": "<string>",
"isAdminRequired": true,
"workspaceId": "<string>",
"workspaceName": "<string>",
"tenantId": "<string>",
"isAutoRun": true,
"originalGamebookId": "<string>",
"originalGamebookTitle": "<string>",
"isRetryGamebook": true,
"isQueued": true,
"playbooks": [
{
"id": "<string>",
"referenceId": "<string>",
"entityId": "<string>",
"name": "<string>",
"description": "<string>",
"affectedEntity": "<string>",
"isRecommended": true,
"errorMessage": "<string>",
"sequence": 123,
"modificationDate": "2023-11-07T05:31:56Z",
"startingDate": "2023-11-07T05:31:56Z",
"finishingDate": "2023-11-07T05:31:56Z",
"executionTime": "<string>",
"tracingId": "<string>",
"parameters": {},
"isAdminRequired": true
}
],
"summary": "<string>"
},
"serviceProviderGamebook": {
"id": "<string>",
"tracingId": "<string>",
"incidentId": "<string>",
"incidentTitle": "<string>",
"incidentNumber": 123,
"isOcr": true,
"isRecover": true,
"triggedByUserId": "<string>",
"displayName": "<string>",
"modificationDate": "2023-11-07T05:31:56Z",
"creationDate": "2023-11-07T05:31:56Z",
"title": "<string>",
"isAdminRequired": true,
"workspaceId": "<string>",
"workspaceName": "<string>",
"tenantId": "<string>",
"isAutoRun": true,
"originalGamebookId": "<string>",
"originalGamebookTitle": "<string>",
"isRetryGamebook": true,
"isQueued": true,
"playbooks": [
{
"id": "<string>",
"referenceId": "<string>",
"entityId": "<string>",
"name": "<string>",
"description": "<string>",
"affectedEntity": "<string>",
"isRecommended": true,
"errorMessage": "<string>",
"sequence": 123,
"modificationDate": "2023-11-07T05:31:56Z",
"startingDate": "2023-11-07T05:31:56Z",
"finishingDate": "2023-11-07T05:31:56Z",
"executionTime": "<string>",
"tracingId": "<string>",
"parameters": {},
"isAdminRequired": true
}
],
"summary": "<string>"
}
},
"lastGamebook": {
"id": "<string>",
"tracingId": "<string>",
"incidentId": "<string>",
"incidentTitle": "<string>",
"incidentNumber": 123,
"isOcr": true,
"isRecover": true,
"triggedByUserId": "<string>",
"displayName": "<string>",
"modificationDate": "2023-11-07T05:31:56Z",
"creationDate": "2023-11-07T05:31:56Z",
"title": "<string>",
"isAdminRequired": true,
"workspaceId": "<string>",
"workspaceName": "<string>",
"tenantId": "<string>",
"isAutoRun": true,
"originalGamebookId": "<string>",
"originalGamebookTitle": "<string>",
"isRetryGamebook": true,
"isQueued": true,
"playbooks": [
{
"id": "<string>",
"referenceId": "<string>",
"entityId": "<string>",
"name": "<string>",
"description": "<string>",
"affectedEntity": "<string>",
"isRecommended": true,
"errorMessage": "<string>",
"sequence": 123,
"modificationDate": "2023-11-07T05:31:56Z",
"startingDate": "2023-11-07T05:31:56Z",
"finishingDate": "2023-11-07T05:31:56Z",
"executionTime": "<string>",
"tracingId": "<string>",
"parameters": {},
"isAdminRequired": true
}
],
"summary": "<string>"
},
"isPreviousRunAvailable": true,
"isRecommendedAvailable": true,
"aiRecommendedAvailable": true,
"serviceProviderRecommendedAvailable": true
}
},
"meta": {
"requestId": "<string>",
"timestamp": "<string>"
}
}{
"type": "<string>",
"title": "<string>",
"status": 123,
"detail": "<string>",
"instance": "<string>",
"code": "<string>",
"requestId": "<string>",
"timestamp": "<string>",
"target": "<string>",
"errors": {}
}{
"type": "<string>",
"title": "<string>",
"status": 123,
"detail": "<string>",
"instance": "<string>",
"code": "<string>",
"requestId": "<string>",
"timestamp": "<string>",
"target": "<string>",
"errors": {}
}{
"type": "<string>",
"title": "<string>",
"status": 123,
"detail": "<string>",
"instance": "<string>",
"code": "<string>",
"requestId": "<string>",
"timestamp": "<string>",
"target": "<string>",
"errors": {}
}{
"type": "<string>",
"title": "<string>",
"status": 123,
"detail": "<string>",
"instance": "<string>",
"code": "<string>",
"requestId": "<string>",
"timestamp": "<string>",
"target": "<string>",
"errors": {}
}{
"type": "<string>",
"title": "<string>",
"status": 123,
"detail": "<string>",
"instance": "<string>",
"code": "<string>",
"requestId": "<string>",
"timestamp": "<string>",
"target": "<string>",
"errors": {}
}Incidents
Get incident by id
GET
/
api
/
v2
/
workspaces
/
{workspaceId}
/
incidents
/
{source}
/
{incidentId}
Get incident by id
curl --request GET \
--url https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}import requests
url = "https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}"
response = requests.get(url)
print(response.text)const options = {method: 'GET'};
fetch('https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}"
req, _ := http.NewRequest("GET", url, nil)
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.example.com/api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
response = http.request(request)
puts response.read_body{
"data": {
"incident": {
"id": "<string>",
"name": "<string>",
"displayId": "<string>",
"title": "<string>",
"description": "<string>",
"number": 123,
"type": "<string>",
"sourceDisplayName": "<string>",
"lastModificationTime": "2023-11-07T05:31:56Z",
"creationTime": "2023-11-07T05:31:56Z",
"lastActivityTime": "2023-11-07T05:31:56Z",
"comment": "<string>",
"classificationComment": "<string>",
"tactics": [
"<string>"
],
"ruleIds": [
"<string>"
],
"alertProductNames": [
"<string>"
],
"user": {
"id": "<string>",
"displayName": "<string>",
"email": "<string>"
},
"isAssigned": true,
"productId": "<string>",
"alertsCount": 123,
"entities": [
{
"id": "<string>",
"kind": "<string>",
"displayName": "<string>",
"friendlyName": "<string>",
"fileName": "<string>",
"hostName": "<string>",
"accountEntityId": "<string>",
"deviceId": "<string>",
"deviceAzureId": "<string>",
"defenderAtpDeviceId": "<string>",
"defenderEndpointDeviceId": "<string>",
"networkMessageId": "<string>",
"hashAlgorithm": "<string>",
"aadUserId": "<string>",
"emailAddress": "<string>",
"userPrincipalName": "<string>",
"ipAddress": "<string>",
"fileHash": "<string>",
"emailId": "<string>",
"emailSubject": "<string>"
}
],
"workspaceName": "<string>",
"workspaceId": "<string>",
"isDefenderXDRSourced": true
},
"investigationDetails": {
"entities": [
{
"id": "<string>",
"displayName": "<string>",
"fileName": "<string>",
"fileHash": "<string>",
"friendlyName": "<string>",
"hostName": "<string>",
"kind": "<string>",
"accountEntityId": "<string>",
"networkMessageId": "<string>",
"commandLine": "<string>",
"userUpn": "<string>",
"deviceId": "<string>",
"aadUserId": "<string>",
"isValidEntraIdUser": true,
"isValidEntraIdDevice": true
}
],
"alerts": [
{
"id": "<string>",
"kind": "<string>",
"displayName": "<string>",
"alertName": "<string>",
"vendorName": "<string>",
"type": "<string>",
"description": "<string>",
"timeGenerated": "2023-11-07T05:31:56Z",
"tactics": [
"<string>"
],
"severity": "<string>",
"productName": "<string>",
"deviceId": "<string>"
}
],
"incident": {
"id": "<string>",
"name": "<string>",
"displayId": "<string>",
"title": "<string>",
"description": "<string>",
"number": 123,
"type": "<string>",
"sourceDisplayName": "<string>",
"lastModificationTime": "2023-11-07T05:31:56Z",
"creationTime": "2023-11-07T05:31:56Z",
"lastActivityTime": "2023-11-07T05:31:56Z",
"comment": "<string>",
"classificationComment": "<string>",
"tactics": [
"<string>"
],
"ruleIds": [
"<string>"
],
"alertProductNames": [
"<string>"
],
"user": {
"id": "<string>",
"displayName": "<string>",
"email": "<string>"
},
"isAssigned": true,
"productId": "<string>",
"alertsCount": 123,
"entities": [
{
"id": "<string>",
"kind": "<string>",
"displayName": "<string>",
"friendlyName": "<string>",
"fileName": "<string>",
"hostName": "<string>",
"accountEntityId": "<string>",
"deviceId": "<string>",
"deviceAzureId": "<string>",
"defenderAtpDeviceId": "<string>",
"defenderEndpointDeviceId": "<string>",
"networkMessageId": "<string>",
"hashAlgorithm": "<string>",
"aadUserId": "<string>",
"emailAddress": "<string>",
"userPrincipalName": "<string>",
"ipAddress": "<string>",
"fileHash": "<string>",
"emailId": "<string>",
"emailSubject": "<string>"
}
],
"workspaceName": "<string>",
"workspaceId": "<string>",
"isDefenderXDRSourced": true
},
"incidentComment": [
{
"id": "<string>",
"message": "<string>",
"createdTime": "2023-11-07T05:31:56Z",
"authorEmail": "<string>",
"authorName": "<string>",
"isActivityComment": true,
"isAgentComment": true,
"agentName": "<string>",
"isClosingComment": true,
"ticketNoteId": "<string>",
"ticketId": "<string>"
}
]
},
"evidence": {
"columns": [
"<string>"
],
"rows": [
"<array>"
]
},
"gamebookCatalog": {
"recommended": {
"aiGamebook": {
"id": "<string>",
"tracingId": "<string>",
"incidentId": "<string>",
"incidentTitle": "<string>",
"incidentNumber": 123,
"isOcr": true,
"isRecover": true,
"triggedByUserId": "<string>",
"displayName": "<string>",
"modificationDate": "2023-11-07T05:31:56Z",
"creationDate": "2023-11-07T05:31:56Z",
"title": "<string>",
"isAdminRequired": true,
"workspaceId": "<string>",
"workspaceName": "<string>",
"tenantId": "<string>",
"isAutoRun": true,
"originalGamebookId": "<string>",
"originalGamebookTitle": "<string>",
"isRetryGamebook": true,
"isQueued": true,
"playbooks": [
{
"id": "<string>",
"referenceId": "<string>",
"entityId": "<string>",
"name": "<string>",
"description": "<string>",
"affectedEntity": "<string>",
"isRecommended": true,
"errorMessage": "<string>",
"sequence": 123,
"modificationDate": "2023-11-07T05:31:56Z",
"startingDate": "2023-11-07T05:31:56Z",
"finishingDate": "2023-11-07T05:31:56Z",
"executionTime": "<string>",
"tracingId": "<string>",
"parameters": {},
"isAdminRequired": true
}
],
"summary": "<string>"
},
"serviceProviderGamebook": {
"id": "<string>",
"tracingId": "<string>",
"incidentId": "<string>",
"incidentTitle": "<string>",
"incidentNumber": 123,
"isOcr": true,
"isRecover": true,
"triggedByUserId": "<string>",
"displayName": "<string>",
"modificationDate": "2023-11-07T05:31:56Z",
"creationDate": "2023-11-07T05:31:56Z",
"title": "<string>",
"isAdminRequired": true,
"workspaceId": "<string>",
"workspaceName": "<string>",
"tenantId": "<string>",
"isAutoRun": true,
"originalGamebookId": "<string>",
"originalGamebookTitle": "<string>",
"isRetryGamebook": true,
"isQueued": true,
"playbooks": [
{
"id": "<string>",
"referenceId": "<string>",
"entityId": "<string>",
"name": "<string>",
"description": "<string>",
"affectedEntity": "<string>",
"isRecommended": true,
"errorMessage": "<string>",
"sequence": 123,
"modificationDate": "2023-11-07T05:31:56Z",
"startingDate": "2023-11-07T05:31:56Z",
"finishingDate": "2023-11-07T05:31:56Z",
"executionTime": "<string>",
"tracingId": "<string>",
"parameters": {},
"isAdminRequired": true
}
],
"summary": "<string>"
}
},
"lastGamebook": {
"id": "<string>",
"tracingId": "<string>",
"incidentId": "<string>",
"incidentTitle": "<string>",
"incidentNumber": 123,
"isOcr": true,
"isRecover": true,
"triggedByUserId": "<string>",
"displayName": "<string>",
"modificationDate": "2023-11-07T05:31:56Z",
"creationDate": "2023-11-07T05:31:56Z",
"title": "<string>",
"isAdminRequired": true,
"workspaceId": "<string>",
"workspaceName": "<string>",
"tenantId": "<string>",
"isAutoRun": true,
"originalGamebookId": "<string>",
"originalGamebookTitle": "<string>",
"isRetryGamebook": true,
"isQueued": true,
"playbooks": [
{
"id": "<string>",
"referenceId": "<string>",
"entityId": "<string>",
"name": "<string>",
"description": "<string>",
"affectedEntity": "<string>",
"isRecommended": true,
"errorMessage": "<string>",
"sequence": 123,
"modificationDate": "2023-11-07T05:31:56Z",
"startingDate": "2023-11-07T05:31:56Z",
"finishingDate": "2023-11-07T05:31:56Z",
"executionTime": "<string>",
"tracingId": "<string>",
"parameters": {},
"isAdminRequired": true
}
],
"summary": "<string>"
},
"isPreviousRunAvailable": true,
"isRecommendedAvailable": true,
"aiRecommendedAvailable": true,
"serviceProviderRecommendedAvailable": true
}
},
"meta": {
"requestId": "<string>",
"timestamp": "<string>"
}
}{
"type": "<string>",
"title": "<string>",
"status": 123,
"detail": "<string>",
"instance": "<string>",
"code": "<string>",
"requestId": "<string>",
"timestamp": "<string>",
"target": "<string>",
"errors": {}
}{
"type": "<string>",
"title": "<string>",
"status": 123,
"detail": "<string>",
"instance": "<string>",
"code": "<string>",
"requestId": "<string>",
"timestamp": "<string>",
"target": "<string>",
"errors": {}
}{
"type": "<string>",
"title": "<string>",
"status": 123,
"detail": "<string>",
"instance": "<string>",
"code": "<string>",
"requestId": "<string>",
"timestamp": "<string>",
"target": "<string>",
"errors": {}
}{
"type": "<string>",
"title": "<string>",
"status": 123,
"detail": "<string>",
"instance": "<string>",
"code": "<string>",
"requestId": "<string>",
"timestamp": "<string>",
"target": "<string>",
"errors": {}
}{
"type": "<string>",
"title": "<string>",
"status": 123,
"detail": "<string>",
"instance": "<string>",
"code": "<string>",
"requestId": "<string>",
"timestamp": "<string>",
"target": "<string>",
"errors": {}
}Path Parameters
Available options:
Sentinel, DefenderXDR, QRadar, Splunk, CrowdStrike, SentinelOne ⌘I