{"type":"model","meta":{"id":"/apps/pubhub/media/cisco-xdr-api-docs/f4e065ff5977829c89df289df08411f83205f526/d7d3e58b-2412-342e-a80a-991bae0c0b01","info":{"title":"PrivateIntel Service","description":"A proxy to private-intel CTIA with various IROH hooks","contact":{"name":"Cisco Security Business Group -- Advanced Threat","email":"cisco-intel-api-support@cisco.com"},"license":{"name":"All Rights Reserved","url":"https://www.cisco.com"},"version":"1.0.107"},"security":[{"oAuth2":["integration:read","private-intel:read","profile:read","inspect:read","users:read","invite:read","enrich:read","oauth:read","response:read","global-intel:read","ao:read","playbook:read"]}],"tags":[{"name":"Private Intel","description":"Access private-intel"}],"x-parser-conf":{"serverConfig":"select","overview":{"markdownPath":"reference/incident-management/overview.md","uri":"incident-management-api-guide"},"disableAuthEditing":true,"exampleAsDefault":true,"oAuth2":{"clientId":"client-546e34fc-c6bf-4951-ac69-f6d7987a7814","clientSecret":"MYw4_E_tBdFwUwrX6WFYKVD5LQrG2k7XrJ5J046wWE0s1gAKCxJ8VA","proxyEnabled":false},"meta":{"useProxy":true}},"openapi":"3.0.1","servers":[{"url":"https://visibility.amp.cisco.com"}],"securitySchemes":{"oAuth2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://visibility.amp.cisco.com/iroh/oauth2/token","scopes":{"telemetry":"Collect application data for analytics","integration:read":"Manage your modules","private-intel:read":"Access Private Intelligence","admin":"Provide admin privileges","cognitive":"Cognitive Integration","profile:read":"Get your profile information","inspect:read":"Extract Observables and data from text","asset":"Access and modify your assets","event":"Read IROH Events","feedback":"Submit Customer Feedback","sse":"SSE Integration. Manage your Devices.","registry":"Manage registry entries","users:read":"Manage users of your organization","investigation":"Perform threat analysis investigation","invite:read":"Invite users into your organization","casebook":"Access and modify your casebooks","playbook":"Access and modify your playbooks","orbital":"Orbital Integration.","enrich:read":"Query your configured modules for threat intelligence","oauth:read":"Manage OAuth2 Clients","vault":"Grants access to Module Vaults","response:read":"List and execute response actions using configured modules","notification":"Receive notifications from integrations","global-intel:read":"Access AMP Global Intelligence","webhook":"Manage your Webhooks","ao:read":"AO Integration."}}}}}},"spec":{"required":["status"],"type":"object","properties":{"status":{"type":"string","description":"The `status` field represents the current state of an incident within the incident management process. Its values help in tracking and reporting the progress of the incident from its discovery to its resolution.","example":"Closed","enum":["New","Closed","Open: Recovered","Closed: Other","Hold: Internal","Hold: Legal","Closed: Under Review","Rejected","Open","Restoration Achieved","Incident Reported","Closed: Suspected","Stalled","Open: Contained","Closed: Near-Miss","Hold: External","Containment Achieved","New: Processing","Closed: Confirmed Threat","Closed: False Positive","Open: Reported","Open: Investigating","Hold","New: Presented"]}},"additionalProperties":{"type":"object"},"$$ref":"#/components/schemas/IncidentStatusUpdate","title":"IncidentStatusUpdate"}}