Get Incidents
GET/v2/api/incidents
Similarly to how you can view DLP Incidents on Panorama or Strata Cloud Manager, you can view your DLP incidents programatically. The API retrieves all DLP incidents which you can filter using the query paramaters.
Request
Query Parameters
Sort incidents in ascending order
Possible values: [ngfw
, prisma-access
]
Source of the DLP incident you are viewing
The end time of the incident(s) you want to query for in UTC, for example: 2023-10-17T02:29:04.402Z.
The file SHA assosciated with the incident
Pagination support to track the number incidents you retrieved
Pagination support to reduce the number incidents you retrieved
Possible values: [us
, eu
, uk
, jp
, in
, ap
, ca
, au
, par
]
Region the incident was triggered in
ID of the retrieved report
Sorts incidents. The default sort order is by creation time.
The start time of the incident(s) that you want to query for in UTC, for example: 2023-10-17T02:29:04.402Z.
User IDs assosciated with the incident.
Responses
- 200
- 400
- 401
- 403
- 404
- 500
OK
- application/json
- Schema
- Example (from schema)
- incidentResponseExample
Schema
- Array [
- ]
page objectrequired
Indicates the page of the current response.
Pagination support for the API, this enables you to limit the response size.
Indicates the size of the responose.
Indicates the total number of incidents included.
Indicates the total number of pages available.
resources object[]
Indicates the current status of the DLP incident whether it is open, under review, resolved, or closed
Possible values: [alert
, block
, none
]
The action taken on the Incident.
The ID of the application.
The name of the application.
Possible values: [ngfw
, prisma-access
]
The product the indcident was recorded in.
The ID of the data profile used to capture the incident.
The name of the data profile used to capture the incident.
The file name of the capture file.
The SHA hash of the captured file.
The specific file type of the captured file.
The datetime of th incident.
The automatically generated incident ID.
The automatically generated report ID.
Source of the incident report.
ID of the TSG enabled tentant.
User identified by the DLP engine.
{
"page": {
"number": 0,
"size": 0,
"total_elements": 0,
"total_pages": 0
},
"resources": [
{
"action": "alert",
"app_id": "string",
"app_name": "string",
"channel": "ngfw",
"data_profile_id": 0,
"data_profile_name": "string",
"file_name": "string",
"file_sha": "string",
"file_type": "string",
"incident_creation_time": "yyyy-MMM-dd HH:mm:ss z",
"incident_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"report_id": "string",
"source": "string",
"tenant_id": "string",
"user": "string"
}
]
}
{
"page": {
"number": 1,
"size": 10,
"total_elements": 290,
"total_pages": 29
},
"resources": [
{
"action": "alert",
"channel": "ngfw",
"data_profile_id": 11995044,
"data_profile_name": "PII",
"file_name": "SSNpattern",
"file_sha": "a4d58aa3caeb73b56028f597de2b3263d64e2835f277f31c97be53bc76a29e47",
"file_type": "pdf",
"incident_creation_time": "2023-Dec-07 18:41:12 UTC",
"incident_id": "7c3dca3d-1c08-4147-b171-9faba84739d4",
"report_id": "1572154781",
"source": "ngfw",
"tenant_id": "5886928188517009408"
},
{
"action": "alert",
"channel": "ngfw",
"data_profile_id": 11995410,
"data_profile_name": "Portugal_LNAME_high",
"file_name": "test_portugal_LNAME.txt",
"file_sha": "6c25d79cd1dee00b3a6ee6bbb985dae6ee5bdfa31a8dfcffa241786c8c3893a7",
"file_type": "txt",
"incident_creation_time": "2023-Dec-07 18:39:38 UTC",
"incident_id": "81985a40-dae5-4e80-8147-678892ccfc00",
"report_id": "2968440380",
"source": "ngfw",
"tenant_id": "5886928188517009408"
},
{
"action": "alert",
"channel": "ngfw",
"data_profile_id": 11995355,
"data_profile_name": "inline_timing_11_12_edm",
"file_name": "all_patterns_data_1_MB.txt",
"file_sha": "6c8d18c544aba3b44cfa487d5020ec102a6317a6a5164e270bbecf6ea37df925",
"file_type": "txt",
"incident_creation_time": "2023-Dec-06 19:39:46 UTC",
"incident_id": "08f014d8-ed13-490e-bfc4-7363f43a4af1",
"report_id": "1347859663",
"source": "ngfw",
"tenant_id": "5886928188517009408"
},
{
"action": "alert",
"channel": "ngfw",
"data_profile_id": 11995295,
"data_profile_name": "DemoWideNestedProfile",
"file_name": "SSNpattern",
"file_sha": "a4d58aa3caeb73b56028f597de2b3263d64e2835f277f31c97be53bc76a29e47",
"file_type": "pdf",
"incident_creation_time": "2023-Dec-05 21:54:21 UTC",
"incident_id": "6c7d838a-1b25-44fe-8917-1ff760c0eae5",
"report_id": "3741398016",
"source": "ngfw",
"tenant_id": "5886928188517009408"
}
]
}
Bad Request
Unauthorized
Forbidden
Not Found
Internal server error