> ## Documentation Index > Fetch the complete documentation index at: https://docs.contraforce.com/llms.txt > Use this file to discover all available pages before exploring further. # Get incidents by entity ## OpenAPI ````yaml /api-reference/openapi.json get /api/v2/workspaces/{workspaceId}/incidents/{source}/by-entity openapi: 3.1.1 info: title: ContraForce API description: ContraForce platform API for security operations management. version: '2.0' servers: [] security: [] tags: - name: Incidents - name: Gamebooks - name: Data sources - name: Service tickets - name: Investigation - name: Cross-workspace incidents - name: Cross-workspace gamebooks - name: Cross-workspace data sources - name: Webhooks - name: Service accounts - name: Users - name: Azure resources paths: /api/v2/workspaces/{workspaceId}/incidents/{source}/by-entity: get: tags: - Incidents summary: Get incidents by entity operationId: v2-get-incidents-by-entity parameters: - name: workspaceId in: path required: true schema: type: string format: uuid - name: source in: path required: true schema: $ref: '#/components/schemas/IncidentSource' - name: IncidentId in: query schema: type: string - name: EntityKind in: query schema: type: string - name: EntityFilter in: query schema: type: string - name: TimeFilteringType in: query schema: $ref: '#/components/schemas/TimeFilteringType' - name: StartDate in: query schema: type: string format: date-time - name: EndDate in: query schema: type: string format: date-time - name: EntityName in: query schema: type: string - name: EntityType in: query schema: $ref: '#/components/schemas/EntityType' responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/ApiResponseOfIncidentsByEntityResultDto' '400': description: Bad request — validation or parameter binding failed. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '401': description: Unauthorized — missing or invalid Bearer token. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '403': description: Forbidden — insufficient scope or workspace access. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '404': description: Not found — workspace or resource is missing. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '500': description: Internal server error. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' components: schemas: IncidentSource: enum: - Sentinel - DefenderXDR - QRadar - Splunk - CrowdStrike - SentinelOne TimeFilteringType: enum: - ThreeHours - SixHours - TwelveHours - TwentyFourHours - FourtyEightHours - Custom - null EntityType: enum: - User - IP - File - Process - Device - Malware - CloudApplication - DomainName - AzureResource - FileHash - RegistryKey - RegistryValue - SecurityGroup - URL - IoTDevice - Mailbox - MailCluster - MailMessage - Submission - SentinelEntities - DnsResolution - Registry - OAuthApplication - AmazonResource - BlobContainer - Blob - Container - ContainerRegistry - ContainerImage - GoogleCloudResource - KubernetesCluster - KubernetesController - KubernetesNamespace - KubernetesPod - KubernetesService - KubernetesSecret - KubernetesServiceAccount - AnalyzedMessage - DNS - Unknown ApiResponseOfIncidentsByEntityResultDto: type: object properties: data: $ref: '#/components/schemas/IncidentsByEntityResultDto' meta: $ref: '#/components/schemas/ResponseMeta' description: Standard v2 API response envelope for single-item responses. ApiProblemDetails: type: object properties: type: type: - 'null' - string title: type: - 'null' - string status: pattern: ^-?(?:0|[1-9]\d*)$ type: - 'null' - integer - string format: int32 detail: type: - 'null' - string instance: type: - 'null' - string code: type: - 'null' - string requestId: type: - 'null' - string timestamp: type: - 'null' - string target: type: - 'null' - string errors: type: - 'null' - object additionalProperties: type: array items: type: string description: "API extension of ProblemDetails that surfaces the stable error code,\r\ntrace identifier, timestamp, optional target, and optional field-keyed validation\r\nerror map alongside the RFC 7807 members." IncidentsByEntityResultDto: type: object properties: incidents: type: - 'null' - array items: $ref: '#/components/schemas/EntityIncidentDto' ResponseMeta: type: object properties: requestId: type: - 'null' - string timestamp: type: - 'null' - string EntityIncidentDto: type: object properties: creationTime: type: string format: date-time number: pattern: ^-?(?:0|[1-9]\d*)$ type: - integer - string format: int32 title: type: - 'null' - string description: type: - 'null' - string severity: $ref: '#/components/schemas/Severity' status: $ref: '#/components/schemas/Status' id: type: - 'null' - string source: $ref: '#/components/schemas/IncidentSource' workspaceId: type: - 'null' - string classificationComment: type: - 'null' - string classification: oneOf: - type: 'null' - $ref: '#/components/schemas/Classification' Severity: enum: - Informational - Low - Medium - High Status: enum: - Active - New - Closed Classification: enum: - BenignPositive - FalsePositive - TruePositive - Undetermined - InformationalExpectedActivity - Unknown - NonIssue - PolicyViolation - QradarFalsePositive - Undefined - Suspicious - null ````