Closes the incident with the given id.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/Incidents/{id}/close
Parameter
Field |
Label in UI |
Type |
Description |
|---|---|---|---|
id |
- |
String |
The incident id to close. Mandatory Field |
incident_user_id |
- |
String |
ID of the user on whose behalf you want to close the incident. Use Users - FetchUsers to obtain value for this parameter. Mandatory Field |
Request Example
{
"data": {
"incident_user_id": "5a466e9dd8aaa4748d3977c7"
}
}
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}
Adds comment on the incident with the given id.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/Incidents/{id}/comment
Parameter
Field |
Label in UI |
Type |
Description |
|---|---|---|---|
comment |
Comment |
String |
Comment for the incident. Mandatory Field |
id |
- |
String |
The incident id to comment on. Mandatory Field |
incident_user_id |
- |
String |
ID of the user on whose behalf you want to comment on the incident. Use Users - FetchUsers to obtain value for this parameter. Mandatory Field |
Request Example
{
"data": {
"comment": "Newly Created Incident",
"incident_user_id": "5a466e9dd8aaa4748d3977c7"
}
}
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}
Fetches all the logs of the incident of the given id.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/Incidents/{id}/fetchIncidentData
Parameter
Field |
Label in UI |
Type |
Description |
|---|---|---|---|
id |
- |
String |
ID of the incident whose logs you want to fetch. Mandatory Field |
Request Example
{
"data": {}
}
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}/{data_node}-Logs/fetchLogData"
}
Fetches the incidents based on filter conditions.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/Incidents/fetch
Parameter
Field |
Label in UI |
Type |
Description |
|---|---|---|---|
assigned_to_users |
USERS |
[String] |
List of IDs of the users who are assigned the incident. Optional Field |
attack_category |
ATTACK CATEGORY |
[String] |
List of attack categories. The API filters the incidents that match all the attack categories in the provided list. You can use the MitreAttack - FetchMitreAttacks API to fetch the details of the attack categories available in the Fabric-enabled LogPoint. Optional Field |
attack_tag |
ATTACK TAG |
[String] |
List of attack tags. The API filters the incidents that match all the attack tags in the provided list. You can use the MitreAttack - FetchMitreAttacks API to fetch the details of the attack tags available in the Fabric-enabled LogPoint. Optional Field |
end_date |
- |
int |
End Date in epoch. Mandatory only when start_date is present in the request. Optional Field |
log_source |
LOG SOURCES |
[String] |
List of log sources. The API filters the incidents that match all the log sources in the provided list. Optional Field |
name |
NAME (OR ID) |
String |
It can be name of the incident or ID of alertrule or ID of incident to fetch. It can be a regex. Optional Field |
risk |
RISK |
[String] |
List of the risk level of the Incident. Accepts values such as “low”, “medium”, “high” and “critical”. Optional Field |
start_date |
- |
int |
Start Date in epoch. Mandatory only when end_date is present in the request. Optional Field |
status |
STATUS |
[String] |
List of the status of the incident. Accepts values such as “resolved”, “unresolved” and “closed”. Optional Field |
type |
TYPE |
[String] |
List of types from which incident is generated. Accepts values such as “alert”, “search” and “UEBA”. Optional Field |
Request Example
{
"data": {
"assigned_to_users": [
"574fceedd8aaa40740736302",
"624fceedd8aaa40740736304"
],
"attack_category": [
"Defense Evasion",
"Persistence"
],
"attack_tag": [
"Security Account Manager",
"LSASS Memory"
],
"end_date": 1568943700,
"log_source": [
"log123",
"log233"
],
"name": "MyIncident",
"risk": [
"critical",
"high"
],
"start_date": 1538793210,
"status": [
"resolved",
"unresolved"
],
"type": [
"alert"
]
}
}
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}/{data_node}"
}
List the contents of the incident data from given Incident.
Important
You should perform FetchIncidentData API request before GetIncidentData to get the updated incident data.
GET
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/Incidents/IncidentData/{id}
Parameter
Field |
Label in UI |
Type |
Description |
|---|---|---|---|
id |
String |
Existing Incident id . |
Success Response
[
{
"action": "indexing speed",
"col_ts": "2020/07/15 08:38:27",
"col_type": "filesystem",
"collected_at": "LogPoint",
"device_ip": "127.0.0.1",
"device_name": "localhost",
"indexing_mps": "0",
"log_ts": "2020/07/15 08:38:22",
"logpoint_name": "LogPoint",
"msg": "2020-07-15 08:38:22.00399 IndexSearcherBenchmarker; indexing speed;service=indexsearcher__logpoint; number_of_indexed_logs=0; time=60 s; indexing_mps=0; thread=Thread-2",
"norm_id": "LogPoint",
"number_of_indexed_logs": "0",
"object": "IndexSearcherBenchmarker",
"repo_name": "_logpoint",
"service": "indexsearcher__logpoint",
"sig_id": "10537",
"source_name": "/opt/immune/var/log/benchmarker/indexsearcher__logpoint.log",
"thread": "Thread-2",
"time": "60"
},
{
"col_ts": "2020/07/15 08:38:27",
"col_type": "filesystem",
"collected_at": "LogPoint",
"device_ip": "127.0.0.1",
"device_name": "localhost",
"log_ts": "2020/07/15 08:38:20",
"logpoint_name": "LogPoint",
"msg": "2020-07-15_08:38:20.75642 Wed Jul 15 08:38:20 2020 UDPv4 link remote:[AF_INET]89.188.79.98:1193",
"repo_name": "_logpoint",
"source_name": "/opt/immune/var/log/service/support_con_client/current"
}
]
Reassigns the incident with the given id to a new user.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/Incidents/{id}/reassign
Parameter
Field |
Label in UI |
Type |
Description |
|---|---|---|---|
id |
- |
String |
The incident id to reassign. Mandatory Field |
incident_user_id |
- |
String |
ID of the user on whose behalf you want to reassign the incident. Use Users - FetchUsers to obtain value for this parameter. Mandatory Field |
Request Example
{
"data": {
"incident_user_id": "5a466e9dd8aaa4748d3977c7"
}
}
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}
Reopens the incident with the given id.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/Incidents/{id}/reopen
Parameter
Field |
Label in UI |
Type |
Description |
|---|---|---|---|
id |
- |
String |
The incident id to reopen. Mandatory Field |
incident_user_id |
- |
String |
ID of the user on whose behalf you want to reopen the incident. Use Users - FetchUsers to obtain value for this parameter. Mandatory Field |
Request Example
{
"data": {
"incident_user_id": "5a466e9dd8aaa4748d3977c7"
}
}
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}
Resolves the incident with the given id.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/Incidents/{id}/resolve
Parameter
Field |
Label in UI |
Type |
Description |
|---|---|---|---|
id |
- |
String |
The incident id to resolve. Mandatory Field |
incident_user_id |
- |
String |
ID of the user on whose behalf you want to resolve the incident. Use Users - FetchUsers to obtain value for this parameter. Mandatory Field |
Request Example
{
"data": {
"incident_user_id": "5a466e9dd8aaa4748d3977c7"
}
}
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}
Manually trigger notifications for the incident with the given ID.
POST
https://api-server-host-name/configapi/{pool_UUID}/{logpoint_identifier}/Incidents/{id}/sendForInvestigation
Parameter
Field |
Label in UI |
Type |
Description |
|---|---|---|---|
id |
- |
String |
ID of the incident. Use the Incidents - FetchIncidents API to obtain the value of this parameter. Mandatory Field |
incident_user_id |
- |
String |
ID of the user on whose behalf you want to trigger the incident notification. Use the Users - FetchUsers API to obtain value for this parameter. Mandatory Field |
Request Example
{
"data": {
"incident_user_id": "5a466e9dd8aaa4748d3977c7"
}
}
Success Response
{
"status": "Success",
"message": "/monitorapi/{pool_UUID}/{logpoint_identifier}/orders/{request_id}"
}