List Incidents Enhanced
Route
/v2/incidents/list
Description
List incidents with enhanced filtering capabilities. This endpoint provides advanced filtering, sorting, and pagination options for incident management.
Method
POST
Inputs
| Parameter | Type | Required | Description |
|---|---|---|---|
filters | object | No | Filter criteria for incidents |
page_size | integer | No | Number of results to return (max 100) |
page_id | string | No | Page ID for pagination |
sort_by | string | No | Field to sort by (created_at, severity, status) |
sort_order | string | No | Sort order (asc, desc) |
include_details | boolean | No | Include detailed incident information |
Filter Object
| Parameter | Type | Required | Description |
|---|---|---|---|
severity | array[string] | No | Filter by severity (informational, low, medium, high, critical) |
status | array[string] | No | Filter by status (open, investigating, resolved, closed) |
policy_ids | array[string] | No | Filter by policy IDs |
endpoint_ids | array[string] | No | Filter by endpoint IDs |
created_after | string | No | Filter incidents created after this time (ISO 8601) |
created_before | string | No | Filter incidents created before this time (ISO 8601) |
user_ids | array[string] | No | Filter by user IDs involved |
tags | array[string] | No | Filter by incident tags |
Request Body
{
"filters": {
"severity": ["high", "critical"],
"status": ["open", "investigating"],
"created_after": "2024-01-01T00:00:00Z",
"policy_ids": ["policy-123", "policy-456"]
},
"page_size": 25,
"sort_by": "created_at",
"sort_order": "desc",
"include_details": true
}
Output
| Field | Type | Description |
|---|---|---|
resources | array[Incident] | Array of incident objects |
size | integer | Number of incidents returned |
next_page_id | string | Token for next page |
total_count | integer | Total number of matching incidents |
errors | array[Error] | Any errors encountered |
Incident Object
| Field | Type | Description |
|---|---|---|
id | string | Unique incident identifier |
title | string | Incident title |
description | string | Incident description |
severity | string | Incident severity level |
status | string | Current incident status |
policy_id | string | Associated policy ID |
policy_name | string | Associated policy name |
endpoint_id | string | Associated endpoint ID |
endpoint_name | string | Associated endpoint name |
user_id | string | Associated user ID |
user_name | string | Associated user name |
created_at | string | Creation timestamp (ISO 8601) |
updated_at | string | Last update timestamp (ISO 8601) |
tags | array[string] | Incident tags |
details | object | Additional incident details (if include_details=true) |
Rate Limit
- 60 requests per minute per API key
- 5 concurrent requests per endpoint
Example Response
{
"resources": [
{
"id": "incident-123",
"title": "Sensitive Data Access Violation",
"description": "Unauthorized access to customer PII detected",
"severity": "high",
"status": "investigating",
"policy_id": "policy-456",
"policy_name": "Customer PII Protection",
"endpoint_id": "endpoint-789",
"endpoint_name": "DESKTOP-ABC123",
"user_id": "user-101",
"user_name": "john.doe@company.com",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T11:45:00Z",
"tags": ["data-breach", "pii", "urgent"],
"details": {
"file_path": "/Users/john.doe/Documents/customer_data.xlsx",
"action": "file_access",
"risk_score": 85
}
}
],
"size": 1,
"next_page_id": "next_token_ghi789",
"total_count": 42,
"errors": []
}