Get Email Incident Details
GET/incident/api/v1/incidents
Retrieves information about Email DLP incidents.
You can combine the query parameters to drill down on your Email DLP incidents and limit your response sizes. For example:
curl https://api.us-west1.email.dlp.paloaltonetworks.com/incident/api/v1/incidents?limit=10&from=2023-10-17T02:29:04.402Z&to=2023-11-20T21:44:07.611Z&app_type=exchange-email,gmail-email
curl https://api.us-west1.email.dlp.paloaltonetworks.com/incident/api/v1/incidents?to=2023-11-20T19:44:04.395Z&from=2023-10-17T02:29:04.402Z&statuses=resolved,open&severities=very_low&limit=10
Using the limit query, the response contains a next-batch
field that you can use to obtain the next page of results. The response will contain the next endpoint based on the delta:
"nextLink": "incident/api/incidents/delta?limit=100&from=2021-05-21T01:02:56Z&to=2021-05-22T01:02:56Z"
The report ID field in the response can be used to further inspect the incdent with the DLP API.
In order to the inspect the incident using the DLP API, you must ensure the current role for the service account is either a DLP Inicident Administrator or Superuser with access to Enterprise DLP.
Request
Responses
- 200
- 400
- 401
- 403
- 500
Ok
Invalid Request
Unauthorized
Forbidden
Internal Server Error