Skip to main content

Get Incidents

GET 

/v2/api/incidents

Similarly to how you can view DLP Incidents on Panorama or Strata Cloud Manager, you can view your DLP incidents programatically. The API retrieves all DLP incidents which you can filter using the query paramaters.

Request

Query Parameters

    ascending boolean

    Sort incidents in ascending order

    channel string

    Possible values: [ngfw, prisma-access]

    Source of the DLP incident you are viewing

    end_time date-time

    The end time of the incident(s) you want to query for in UTC, for example: 2023-10-17T02:29:04.402Z.

    file_shas string

    The file SHA assosciated with the incident

    page_number int32

    Pagination support to track the number incidents you retrieved

    page_size int32

    Pagination support to reduce the number incidents you retrieved

    region string

    Possible values: [us, eu, uk, jp, in, ap, ca, au, par]

    Region the incident was triggered in

    report_ids string[]

    ID of the retrieved report

    sort_by string

    Sorts incidents. The default sort order is by creation time.

    start_time date-time

    The start time of the incident(s) that you want to query for in UTC, for example: 2023-10-17T02:29:04.402Z.

    user_ids string[]

    User IDs assosciated with the incident.

Responses

OK

Schema
    page objectrequired

    Indicates the page of the current response.

    number int32

    Pagination support for the API, this enables you to limit the response size.

    size int32

    Indicates the size of the responose.

    total_elements int32

    Indicates the total number of incidents included.

    total_pages int32

    Indicates the total number of pages available.

    resources object[]

    Indicates the current status of the DLP incident whether it is open, under review, resolved, or closed

  • Array [
  • action string

    Possible values: [alert, block, none]

    The action taken on the Incident.

    app_id string

    The ID of the application.

    app_name string

    The name of the application.

    channel string

    Possible values: [ngfw, prisma-access]

    The product the indcident was recorded in.

    data_profile_id int64

    The ID of the data profile used to capture the incident.

    data_profile_name string

    The name of the data profile used to capture the incident.

    file_name string

    The file name of the capture file.

    file_sha string

    The SHA hash of the captured file.

    file_type string

    The specific file type of the captured file.

    incident_creation_time string

    The datetime of th incident.

    incident_id uuid

    The automatically generated incident ID.

    report_id string

    The automatically generated report ID.

    source string

    Source of the incident report.

    tenant_id string

    ID of the TSG enabled tentant.

    user string

    User identified by the DLP engine.

  • ]
Loading...