Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
REST APIs > Get Incidents API > Request examples for the Get Incidents API
Request examples for the Get Incidents API
This section shows examples of requests to the API. For more information about each parameter shown in the request, see Input parameters for the Get Incidents API.
 
Request to get incidents by IDs (list one incident)
curl --location --request POST 'https://<DLP Manager IP>:<DLP Manager port>/dlp/rest/v1/incidents/' \
--header 'Authorization: Bearer <access token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"ids" : [262458],
"type" : "INCIDENTS"
}'
 
Request to get incidents by date range
curl --location --request POST 'https://<DLP Manager IP>:<DLP Manager port>/dlp/rest/v1/incidents/' \
--header 'Authorization: Bearer <access token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"type" : "INCIDENTS",
"from_date" : "31/10/2021 09:56:00",
"to_date" : "08/11/2021 09:57:00"
}'
 
Request to get incidents by action
curl --location --request POST 'https://<DLP Manager IP>:<DLP Manager port>/dlp/rest/v1/incidents/' \
--header 'Authorization: Bearer <access token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"type" : "INCIDENTS",
"from_date" : "01/08/2021 16:00:00",
"to_date" : "12/08/2021 20:00:00",
"action" : "BLOCKED"
}'
 
Request to get incidents by severity
curl --location --request POST 'https://<DLP Manager IP>:<DLP Manager port>/dlp/rest/v1/incidents/' \
--header 'Authorization: Bearer <access token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"type" : "INCIDENTS",
"from_date" : "01/08/2021 16:00:00",
"to_date" : "12/08/2021 20:00:00",
"severity" : "MEDIUM"
}'
 
Request to get incidents by status
curl --location --request POST 'https://<DLP Manager IP>:<DLP Manager port>/dlp/rest/v1/incidents/' \
--header 'Authorization: Bearer <access token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"type" : "INCIDENTS",
"from_date" : "01/08/2021 16:00:00",
"to_date" : "12/08/2021 20:00:00",
"status" : "NEW"
}'
 
Request to get incidents by policy name
curl --location --request POST 'https://<DLP Manager IP>:<DLP Manager port>/dlp/rest/v1/incidents/' \
--header 'Authorization: Bearer <access token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"type" : "INCIDENTS",
"from_date" : "01/08/2021 16:00:00",
"to_date" : "12/08/2021 20:00:00",
"policies" : "PCI"
}'
 
Request with date filters and sorting
curl --location --request POST 'https://<DLP Manager IP>:<DLP Manager port>/dlp/rest/v1/incidents/' \
--header 'Authorization: Bearer <access token> ' \
--header 'Content-Type: application/json' \
--data-raw '{
"sort_by": "INSERT_DATE",
"type" : "INCIDENTS",
"from_date" : "01/08/2021 16:00:00",
"to_date" : "12/08/2021 20:00:00",
}'
 
Request with a filter
Default hidden filter that excludes false positive incidents (same as in UI):
curl --location --request POST 'https://<DLP Manager IP>:<DLP Manager port>/dlp/rest/v1/incidents/' \
--header 'Authorization: Bearer <access token> ' \
--header 'Content-Type: application/json' \
--data-raw '{
"sort_by": "INSERT_DATE",
"type" : "INCIDENTS",
"from_date" : "01/08/2021 16:00:00",
"to_date" : "12/08/2021 20:00:00",
"detected_by" : "Endpoint Agent",
"analyzed_by": "Policy Engine 100190120a",
"event_id" : 5121411628328991975,
"destination" : "Windows Portable Device (WPD)",
"policies" : "PCI",
"action" : "BLOCKED",
"source" : "DESKTOP-3NG4NN6\\Lenovo",
"status" : "NEW",
"severity" : "MEDIUM",
"endpoint_type" : "LAPTOP",
"channel" : "ENDPOINT_REMOVABLE_MEDIA",
"assigned_to" : "admin",
"tag" : "Vadim tag"
}'

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
REST APIs > Get Incidents API > Request examples for the Get Incidents API
Copyright 2022 Forcepoint. All rights reserved.