circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Incidents

hashtag
Incidents - Close

Closes the incident with the given id.

POST

https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/Incidents/{id}/close

hashtag
Parameters

Field
Label in UI
Type
Description

id

-

String

The incident id to close. Mandatory Field

incident_user_id

-

String

ID of the user on whose behalf you want to close the incident. Use Users - FetchUsers to obtain value for this parameter. Mandatory Field

hashtag
Request Example

{
    "data": {
        "incident_user_id": "5a46xxxx"
    }
}

hashtag
Success Response

{
    "status": "Success",
    "message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}

hashtag
API Response

hashtag
Incidents - Comment

Adds comment on the incident with the given id.

POST

hashtag
Parameters

Field
Label in UI
Type
Description

comment

Comment

String

Comment for the incident. Mandatory Field

id

-

String

The incident id to comment on. Mandatory Field

incident_user_id

-

String

ID of the user on whose behalf you want to comment on the incident. Use Users - FetchUsers to obtain value for this parameter. Mandatory Field

hashtag
Request Example

hashtag
Success Response

hashtag
API Response

hashtag
Incidents - FetchIncidentData

Fetches all the logs of the incident of the given id.

POST

hashtag
Parameters

Field
Label in UI
Type
Description

id

-

String

ID of the incident whose logs you want to fetch. Mandatory Field

hashtag
Request Example

hashtag
Success Response

hashtag
API Response

hashtag
Incidents - FetchIncidents

Fetches the incidents based on filter conditions.

POST

hashtag
Parameters

Field
Label in UI
Type
Description

assigned_to_users

USERS

[String]

List of IDs of the users who are assigned the incident. Optional Field

attack_category

ATTACK CATEGORY

[String]

List of attack categories. The API filters the incidents that match all the attack categories in the provided list. You can use the MitreAttack - FetchMitreAttacks API to fetch the details of the attack categories available in the Fabric-enabled LogPoint. Optional Field

attack_tag

ATTACK TAG

[String]

List of attack tags. The API filters the incidents that match all the attack tags in the provided list. You can use the MitreAttack - FetchMitreAttacks API to fetch the details of the attack tags available in the Fabric-enabled LogPoint. Optional Field

end_date

-

int

End Date in epoch. Mandatory only when start_date is present in the request. Optional Field

log_source

LOG SOURCES

[String]

List of log sources. The API filters the incidents that match all the log sources in the provided list. Optional Field

name

NAME (OR ID)

String

It can be name of the incident or ID of alertrule or ID of incident to fetch. It can be a regex. Optional Field

risk

RISK

[String]

List of the risk level of the Incident. Accepts values such as "low", "medium", "high" and "critical". Optional Field

start_date

-

int

Start Date in epoch. Mandatory only when end_date is present in the request. Optional Field

status

STATUS

[String]

List of the status of the incident. Accepts values such as "resolved", "unresolved" and "closed". Optional Field

type

TYPE

[String]

List of types from which incident is generated. Accepts values such as "alert", "search" and "UEBA". Optional Field

hashtag
Request Example

hashtag
Success Response

hashtag
API Response

hashtag
Incidents - GetIncidentData

List the contents of the incident data from given Incident.

circle-exclamation

You should perform FetchIncidentData API request before GetIncidentData to get the updated incident data.

GET

hashtag
Parameters

Field
Label in UI
Type
Description

id

String

Existing Incident id.

hashtag
Success Response

hashtag
Incidents - Reassign

Reassigns the incident with the given id to a new user.

POST

hashtag
Parameters

Field
Label in UI
Type
Description

id

-

String

The incident id to reassign. Mandatory Field

incident_user_id

-

String

ID of the user on whose behalf you want to reassign the incident. Use Users - FetchUsers to obtain value for this parameter. Mandatory Field

hashtag
Request Example

hashtag
Success Response

hashtag
API Response

hashtag
Incidents - Reopen

Reopens the incident with the given id.

POST

hashtag
Parameters

Field
Label in UI
Type
Description

id

-

String

The incident id to reopen. Mandatory Field

incident_user_id

-

String

ID of the user on whose behalf you want to reopen the incident. Use Users - FetchUsers to obtain value for this parameter. Mandatory Field

hashtag
Request Example

hashtag
Success Response

hashtag
API Response

hashtag
Incidents - Resolve

Resolves the incident with the given id.

POST

hashtag
Parameters

Field
Label in UI
Type
Description

id

-

String

The incident id to resolve. Mandatory Field

incident_user_id

-

String

ID of the user on whose behalf you want to resolve the incident. Use Users - FetchUsers to obtain value for this parameter. Mandatory Field

hashtag
Request Example

hashtag
Success Response

hashtag
API Response

hashtag
Incidents - SendForInvestigation

Manually trigger notifications for the incident with the given ID.

POST

hashtag
Parameters

Field
Label in UI
Type
Description

id

-

String

ID of the incident. Use the Incidents - FetchIncidents API to obtain the value of this parameter. Mandatory Field

incident_user_id

-

String

ID of the user on whose behalf you want to trigger the incident notification. Use the Users - FetchUsers API to obtain value for this parameter. Mandatory Field

hashtag
Request Example

hashtag
Success Response

hashtag
API Response

Last updated

Was this helpful?