Download Incident Audit Events
GET/api/v33.01/audits/incidents/download
x-prisma-cloud-target-env: {"permission":"monitorRuntimeIncidents"}
Downloads a list of incidents which are not acknowledged (i.e., not in archived state) in CSV format. Prisma Cloud Compute analyzes individual audits and correlates them together to surface unfolding attacks. These chains of related audits are called incidents.
This endpoint maps to the CSV hyperlink in Monitor > Runtime > Incident explorer in the Console UI.
cURL Request
The following cURL command downloads all incidents and saves the result in a CSV file called incidents.csv
:
$ curl -k \
-u <USER> \
-H 'Content-Type: text/csv' \
-X GET \
-o incidents.csv \
https://<CONSOLE>/api/v<VERSION>/audits/incidents/download
A successful response displays the status of the download.
Request
Query Parameters
Offsets the result to a specific report count. Offset starts from 0.
Limit is the amount to fix.
Sorts the result using a key.
Sorts the result in reverse order.
Filters results from a start datetime.
Filters results from an end datetime.
Filters results by hostname where the incident occurred.
Filters results by incident category.
Filters results by incident type.
Filters results by runtime profile ID.
Filters results by incidents that have been acknowledged.
Filters results by region (for functions) Filters results by cluster name.
Filters results by ID.
Filters results by app IDs.
Filters results by container IDs.
Filters results by function IDs.
Filters results by custom rule names.
Responses
- 200
- default
OK