/ns1:pa-xml-rpc/ns1:request/ns1:params/evt:incident/ evt:dataAtRest/evt:incidentInfo/evt:resourceType	Contains NETWORK or ENDPOINT – depending on the type of discovery incident. Can enable the creation of scripts that work on both types.
/ns1:pa-xml-rpc/ns1:request/ns1:params/evt:incident/ evt:dataAtRest/evt:rules/	A list of the violated rules.
…evt:rules/evt:rule/evt:classifierMatches /ns1:pa-xml-rpc/ns1:request/ns1:params/evt:incident/	A list of the matched classifier in a specific rule.
evt:dataAtRest/evt:properties/ /ns1:pa-xml-rpc/ns1:request/ns1:params/evt:incident/	A list of properties such as file owner, file ACL, discovery task name.
evt:dataAtRest/evt:file/evt:filepath /ns1:pa-xml-rpc/ns1:request/ns1:params/evt:incident/	The path to the file, in a URI format. Converting it back to a UNC format means that the slashes needs to be turned around into backslashes.
evt:dataAtRest/evt:file/evt:dateModifies /ns1:pa-xml-rpc/ns1:request/ns1:params/evt:incident/	The date the file was last modified in YYYY-MM-DDTHH:MM:SS.
evt:dataAtRest/evt:file/evt:owner/evt: incidentUser/ evt:detail	In the network it contains an evt:detail node with a value attribute of DOMAIN\Username (type 5). On the endpoint it contains a value attribute of the user's SID (type 8).