Download Incident Audit Events
Downloads a list of incidents which are not acknowledged (i.e., not in archived state) in CSV format. Prisma Cloud Compute analyzes individual audits and correlates them together to surface unfolding attacks. These chains of related audits are called incidents.
This endpoint maps to the CSV hyperlink in Monitor > Runtime > Incident explorer in the Console UI.
The following cURL command downloads all incidents and saves the result in a CSV file called
$ curl -k \
-u <USER> \
-H 'Content-Type: text/csv' \
-X GET \
-o incidents.csv \
A successful response displays the status of the download.
Offsets the result to a specific report count. Offset starts from 0.
Limit is the amount to fix.
Sorts the result using a key.
Sorts the result in reverse order.
Filters results from a start datetime.
Filters results from an end datetime.
Filters results by hostname where the incident occurred.
Filters results by incident category.
Filters results by incident type.
Filters results by runtime profile ID.
Filters results by incidents that have been acknowledged.
Filters results by region (for functions) Filters results by cluster name.
Filters results by ID.
Filters results by app IDs.
Filters results by container IDs.
Filters results by function IDs.
Filters results by custom rule names.