Scribd
Upload
54 views5 pages

GC Doc

The document outlines the API endpoint for retrieving incident data, specifically using the GET method at /incidents. It provides examples of query parameters such as incident id, severity, incident group, and asset details, along with the expected response format for successful and erroneous requests. The response includes details about affected assets, closed times, and pagination information for the incidents retrieved.

Uploaded by

vdhivakaran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
54 views5 pages

GC Doc

The document outlines the API endpoint for retrieving incident data, specifically using the GET method at /incidents. It provides examples of query parameters such as incident id, severity, incident group, and asset details, along with the expected response format for successful and erroneous requests. The response includes details about affected assets, closed times, and pagination information for the incidents retrieved.

Uploaded by

vdhivakaran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Incidents

Get incidents
Incidents

List incidents
GET /incidents

List all incidents

Examples:

https://{management_server}/api/v3.0/incidents?id=b36d449c-7e1c-
471a-ad85-f04c7d5e2af1&severity=Medium&incident_group=GRP-
595e18cf&incident_type=Network%20Scan&assets=172.17.0.4,172.17.0.1&
destination=security.ubuntu.com&tag=Arp%20Scan&tag__not=Listed%20IP
&offset=0&limit=20&sort=incident_type,-
start_time&from_time=1509271980000&to_time=1511819999999

https://{management_server}/api/v3.0/incidents?id=808&from_time=150
9271980000&to_time=1511819999999
id: string
in query
Incident id value
Array values passed separated by comma: ?id=aaa,bbb
severity: string Low, Medium, High
in query
Incident severity
Array values passed separated by comma: ?severity=aaa,bbb
incident_group: string
in query
Incident group
Array values passed separated by comma: ?incident_group=aaa,bbb
incident_type: string Incident, Deception, Network Scan, Reveal, Experimental
in query
Incident type
Array values passed separated by comma: ?incident_type=aaa,bbb
assets: string
in query
Incident source/destination asset
Array values passed separated by comma: ?assets=aaa,bbb
source: string
in query
Incident source asset
Array values passed separated by comma: ?source=aaa,bbb
destination: string
in query
Incident destination asset
Array values passed separated by comma: ?destination=aaa,bbb
tag: string
in query
Incident included tags
Array values passed separated by comma: ?tag=aaa,bbb
tags__not: string
in query
Incident excluded tags
Array values passed separated by comma: ?tags__not=aaa,bbb
limit: integer (int32)
in query
Maximal number of assets to return
offset: integer (int32)
in query
Offset of the returned list
sort: string
in query
Sort results by value in ascending or descending order. Supports multiple sorting (up to
three values)
from_time: integer (timestamp)
in query
incident start time min value
to_time: integer (timestamp)
in query
incident start time max value
from_closed_time: integer (timestamp)
in query
incident closed time min value
to_closed_time: integer (timestamp)
in query
incident closed time max value
200 OK
Successful operation Paginated ( Incident )
400 Bad Request
ApiErrorResponse
Invalid request

Response Content-Types: application/json

Response Example (200 OK)

{
"objects": [
{
"affected_assets": [
{
"country": "Israel",
"country_code": "IL",
"ip": "172.17.0.3",
"is_inner": true,
"labels": [
"source"
],
"vm": {
"full_name": "192.168.0.102/Attacker2",
"id": "b40db74f-5f2d-4cda-9c9b-c2cdd8158b1f",
"name": "Attacker2",
"nics": [
{
"discovered_ip_addresses": [
"192.168.0.1"
],
"ip_addresses": [
"192.168.0.1"
],
"mac_address": "00:50:56:bb:2d:ab",
"network_id": "fe3ef6a8-858f-407d-bd6e-30fb9cc30522",
"network_name": "CommandsNet",
"network_orchestration_id": "dvportgroup-105",
"orchestration_details": [
{
"orchestration_id": "7f43c9a2-e8b9-4ce7-a2d1-908bd5182d51",
"orchestration_type": "vSphere",
"orchestration_obj_id": "vm-280588",
"revision_id": 190709142948
}
],
"switch_id": "dvs-102",
"vif_id": "0",
"vlan_id": 1001
}
],
"orchestration_details": [
{
"orchestration_id": "7f43c9a2-e8b9-4ce7-a2d1-908bd5182d51",
"orchestration_type": "vSphere",
"orchestration_obj_id": "vm-280588",
"revision_id": 190709142948
}
],
"recent_domains": [
"mydomain.com"
],
"tenant_name": "192.168.0.102"
},
"vm_id": "b40db74f-5f2d-4cda-9c9b-c2cdd8158b1f"
}
],
"closed_time": 1510979377066,
"concatenated_tags": [
{
"display_name": "Internal",
"tag_class": "ENRICHER"
}
],
"destination_asset": {
"ip": "172.17.0.3",
"is_inner": true,
"labels": [
"destination"
],
"vm": {
"full_name": "192.168.0.102/Attacker2",
"id": "b40db74f-5f2d-4cda-9c9b-c2cdd8158b1f",
"name": "Attacker2",
"nics": [
{
"discovered_ip_addresses": [
"192.168.0.1"
],
"ip_addresses": [
"192.168.0.1"
],
"mac_address": "00:50:56:bb:2d:ab",
"network_id": "fe3ef6a8-858f-407d-bd6e-30fb9cc30522",
"network_name": "CommandsNet",
"network_orchestration_id": "dvportgroup-105",
"orchestration_details": [
{
"orchestration_id": "7f43c9a2-e8b9-4ce7-a2d1-908bd5182d51",
"orchestration_type": "vSphere",
"orchestration_obj_id": "vm-280588",
"revision_id": 190709142948
}
],
"switch_id": "dvs-102",
"vif_id": "0"
}
]
}
}
}
],
"current_page": 1,
"db_query_time": "0.012 seconds",
"dict_mapping_time": "0.02 seconds",
"filters": "object",
"from": 0,
"to": 20,
"is_count_exact": true,
"objects_mapping_time": "0.002 seconds",
"results_in_page": 20,
"total_count": 53,
"sort": [
"name"
]
}

Response Example (400 Bad Request)

{
"code": 4,
"message": "The limit parameter was set too high, please use a limit parameter
of 1000 or below",
"error": "string"
}

https://cus-
2284.cloud.guardicore.com/api/v3.0/incidents?severity=Medium,High&offset=0&limit=100&sort=incident_type,-
start_time&from_time=1574002246000&to_time=1576013146000&incident_type=Deception,Reveal,Incident

You might also like