Skip to main content

Get Email Incident Details

GET 

/incident/api/v1/incidents

Retrieves information about Email DLP incidents.

You can combine the query parameters to drill down on your Email DLP incidents and limit your response sizes. For example:

curl https://api.us-west1.email.dlp.paloaltonetworks.com/incident/api/v1/incidents?limit=10&from=2023-10-17T02:29:04.402Z&to=2023-11-20T21:44:07.611Z&app_type=exchange-email,gmail-email
curl https://api.us-west1.email.dlp.paloaltonetworks.com/incident/api/v1/incidents?to=2023-11-20T19:44:04.395Z&from=2023-10-17T02:29:04.402Z&statuses=resolved,open&severities=very_low&limit=10

Using the limit query, the response contains a next-batch field that you can use to obtain the next page of results. The response will contain the next endpoint based on the delta:

"nextLink": "incident/api/incidents/delta?limit=100&from=2021-05-21T01:02:56Z&to=2021-05-22T01:02:56Z"

The report ID field in the response can be used to further inspect the incdent with the DLP API.

In order to the inspect the incident using the DLP API, you must ensure the current role for the service account is either a DLP Inicident Administrator or Superuser with access to Enterprise DLP.

Request

Responses

Ok