Skip to main content

Download Incident Audit Events

GET 

/api/v32.05/audits/incidents/download

x-prisma-cloud-target-env: {"permission":"monitorRuntimeIncidents","saas":true,"self-hosted":true}
x-public: true

Downloads a list of incidents which are not acknowledged (i.e., not in archived state) in CSV format. Prisma Cloud Compute analyzes individual audits and correlates them together to surface unfolding attacks. These chains of related audits are called incidents.

This endpoint maps to the CSV hyperlink in Monitor > Runtime > Incident explorer in the Console UI.

cURL Request

The following cURL command downloads all incidents and saves the result in a CSV file called incidents.csv:

$ curl -k \
-u <USER> \
-H 'Content-Type: text/csv' \
-X GET \
-o incidents.csv \
https://<CONSOLE>/api/v<VERSION>/audits/incidents/download

A successful response displays the status of the download.

Request

Query Parameters

    offset integer

    Offsets the result to a specific report count. Offset starts from 0.

    limit integer

    Limit is the amount to fix.

    sort string

    Sorts the result using a key.

    reverse boolean

    Sorts the result in reverse order.

    from date-time

    Filters results from a start datetime.

    to date-time

    Filters results from an end datetime.

    hostname string[]

    Filters results by hostname where the incident occurred.

    category string[]

    Filters results by incident category.

    type string[]

    Filters results by incident type.

    profileID string[]

    Filters results by runtime profile ID.

    acknowledged string

    Filters results by incidents that have been acknowledged.

    cluster string[]

    Filters results by region (for functions) Filters results by cluster name.

    id string[]

    Filters results by ID.

    appID string[]

    Filters results by app IDs.

    containerID string[]

    Filters results by container IDs.

    functionID string[]

    Filters results by function IDs.

    customRuleName string[]

    Filters results by custom rule names.

Responses

OK

Loading...