Update one incident - Cisco XDR APIs

{"type":"api","title":"Update one incident","meta":{"id":"/apps/pubhub/media/cisco-xdr-api-docs/f4e065ff5977829c89df289df08411f83205f526/f4d118ae-a2d7-3c4b-98c4-c1e55e1f5e68","info":{"title":"Conure v2","description":"Cisco XDR Incidents and Investigation API","contact":{"name":"Cisco Security Business Group -- Advanced Threat","email":"cisco-intel-api-support@cisco.com"},"license":{"name":"All Rights Reserved","url":"https://www.cisco.com"},"version":"51-1-6bee0d16"},"security":[{"oAuth2":["integration:read","private-intel:read","profile:read","inspect:read","users:read","invite:read","enrich:read","oauth:read","response:read","global-intel:read","ao:read"]}],"x-parser-conf":{"serverConfig":"select","overview":{"markdownPath":"reference/conure/overview.md","uri":"incidents-and-investigations-api-guide"},"disableAuthEditing":true,"exampleAsDefault":true,"oAuth2":{"clientId":"client-546e34fc-c6bf-4951-ac69-f6d7987a7814","clientSecret":"MYw4_E_tBdFwUwrX6WFYKVD5LQrG2k7XrJ5J046wWE0s1gAKCxJ8VA","proxyEnabled":false},"meta":{"useProxy":true}},"openapi":"3.0.1","servers":[{"url":"https://conure.us.security.cisco.com/{basePath}","variables":{"basePath":{"default":""}}}],"securitySchemes":{"oAuth2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://visibility.amp.cisco.com/iroh/oauth2/token","scopes":{"telemetry":"Collect application data for analytics","integration:read":"Manage your modules","private-intel:read":"Access Private Intelligence","admin":"Provide admin privileges","cognitive":"Cognitive Integration","profile:read":"Get your profile information","inspect:read":"Extract Observables and data from text","asset":"Access and modify your assets","event":"Read IROH Events","feedback":"Submit Customer Feedback","sse":"SSE Integration. Manage your Devices.","registry":"Manage registry entries","users:read":"Manage users of your organization","investigation":"Perform threat analysis investigation","invite:read":"Invite users into your organization","casebook":"Access and modify your casebooks","orbital":"Orbital Integration.","enrich:read":"Query your configured modules for threat intelligence","oauth:read":"Manage OAuth2 Clients","vault":"Grants access to Module Vaults","response:read":"List and execute response actions using configured modules","notification":"Receive notifications from integrations","vglobal-intel:read":"Access AMP Global Intelligence","webhook":"Manage your Webhooks","ao:read":"AO Integration."}}}}}},"spec":{"tags":["Incident"],"summary":"Update one incident.","parameters":[{"name":"incident-id","description":"The short-id for an incident, e.g. incident-64322795-2xx5-49bd-8d0b-106680ae434a.","in":"path","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"required":["confidence","incident_time","status"],"type":"object","properties":{"assignees":{"type":"array","items":{"type":"string"}},"categories":{"type":"array","items":{"type":"string","enum":["Attrition","Denial of Service","Exercise","Exercise/Network Defense Testing","Explained Anomaly","Forensics","Improper Usage","Intelligence","Investigating","Investigation","Malicious Code","Malicious Logic","Non-Compliant","Reconnaissance","Root Level","Scans/Probes/Attempted Access","Unauthorized Access","Unsuccessful","User Level","eDiscovery"]}},"confidence":{"type":"string","enum":["High","Info","Low","Medium","None","Unknown"]},"discovery_method":{"type":"string","enum":["SecureX Threat Hunting","Agent Disclosure","Antivirus","Audit","Customer","External - Fraud Detection","Financial Audit","HIPS","IT Audit","Incident Response","Internal - Fraud Detection","Law Enforcement","Log Review","Monitoring Service","NIDS","Security Alarm","Unknown","Unrelated Party","User"]},"incident_time":{"required":["opened"],"type":"object","properties":{"opened":{"type":"string"},"closed":{"type":"string"},"discovered":{"type":"string"},"rejected":{"type":"string"},"remediated":{"type":"string"},"reported":{"type":"string"}}},"intended_effect":{"type":"string","enum":["Account Takeover","Advantage","Advantage - Economic","Advantage - Military","Advantage - Political","Brand Damage","Competitive Advantage","Degradation of Service","Denial and Deception","Destruction","Disruption","Embarrassment","Exposure","Extortion","Fraud","Harassment","ICS Control","Theft","Theft - Credential Theft","Theft - Identity Theft","Theft - Intellectual Property","Theft - Theft of Proprietary Information","Traffic Diversion","Unauthorized Access"]},"meta":{"type":"object","properties":{"ai_description":{"type":"boolean"}}},"promotion_method":{"type":"string","enum":["Automated","Manual"]},"scores":{"type":"object","properties":{"asset":{"maximum":10,"minimum":0,"type":"integer","format":"int64"},"global":{"maximum":1000,"minimum":0,"type":"integer","format":"int64"},"ttp":{"maximum":100,"minimum":0,"type":"integer","format":"int64"}}},"severity":{"type":"string","enum":["Critical","High","Info","Low","Medium","None","Unknown"]},"status":{"type":"string","enum":["Closed","Closed: Confirmed Threat","Closed: False Positive","Closed: Near-Miss","Closed: Other","Closed: Suspected","Closed: Under Review","Containment Achieved","Hold","Hold: External","Hold: Internal","Hold: Legal","Incident Reported","New","New: Presented","New: Processing","Open","Open: Contained","Open: Investigating","Open: Recovered","Open: Reported","Rejected","Restoration Achieved","Stalled"]},"tactics":{"type":"array","items":{"type":"string"}},"techniques":{"type":"array","items":{"type":"string"}},"description":{"type":"string"},"short_description":{"type":"string"},"source":{"type":"string"},"source_uri":{"type":"string"},"title":{"type":"string"},"language":{"type":"string"},"external_references":{"type":"array","items":{"required":["source_name"],"type":"object","properties":{"source_name":{"type":"string"},"hashes":{"type":"array","items":{"type":"string"}},"url":{"type":"string"},"description":{"type":"string"},"external_id":{"type":"string"}}}},"external_ids":{"type":"array","items":{"type":"string"}},"tlp":{"type":"string","enum":["amber","green","red","white"]}}}},"application/transit+msgpack":{"schema":{"required":["confidence","incident_time","status"],"type":"object","properties":{"assignees":{"type":"array","items":{"type":"string"}},"categories":{"type":"array","items":{"type":"string","enum":["Attrition","Denial of Service","Exercise","Exercise/Network Defense Testing","Explained Anomaly","Forensics","Improper Usage","Intelligence","Investigating","Investigation","Malicious Code","Malicious Logic","Non-Compliant","Reconnaissance","Root Level","Scans/Probes/Attempted Access","Unauthorized Access","Unsuccessful","User Level","eDiscovery"]}},"confidence":{"type":"string","enum":["High","Info","Low","Medium","None","Unknown"]},"discovery_method":{"type":"string","enum":["SecureX Threat Hunting","Agent Disclosure","Antivirus","Audit","Customer","External - Fraud Detection","Financial Audit","HIPS","IT Audit","Incident Response","Internal - Fraud Detection","Law Enforcement","Log Review","Monitoring Service","NIDS","Security Alarm","Unknown","Unrelated Party","User"]},"incident_time":{"required":["opened"],"type":"object","properties":{"opened":{"type":"string"},"closed":{"type":"string"},"discovered":{"type":"string"},"rejected":{"type":"string"},"remediated":{"type":"string"},"reported":{"type":"string"}}},"intended_effect":{"type":"string","enum":["Account Takeover","Advantage","Advantage - Economic","Advantage - Military","Advantage - Political","Brand Damage","Competitive Advantage","Degradation of Service","Denial and Deception","Destruction","Disruption","Embarrassment","Exposure","Extortion","Fraud","Harassment","ICS Control","Theft","Theft - Credential Theft","Theft - Identity Theft","Theft - Intellectual Property","Theft - Theft of Proprietary Information","Traffic Diversion","Unauthorized Access"]},"meta":{"type":"object","properties":{"ai_description":{"type":"boolean"}}},"promotion_method":{"type":"string","enum":["Automated","Manual"]},"scores":{"type":"object","properties":{"asset":{"maximum":10,"minimum":0,"type":"integer","format":"int64"},"global":{"maximum":1000,"minimum":0,"type":"integer","format":"int64"},"ttp":{"maximum":100,"minimum":0,"type":"integer","format":"int64"}}},"severity":{"type":"string","enum":["Critical","High","Info","Low","Medium","None","Unknown"]},"status":{"type":"string","enum":["Closed","Closed: Confirmed Threat","Closed: False Positive","Closed: Near-Miss","Closed: Other","Closed: Suspected","Closed: Under Review","Containment Achieved","Hold","Hold: External","Hold: Internal","Hold: Legal","Incident Reported","New","New: Presented","New: Processing","Open","Open: Contained","Open: Investigating","Open: Recovered","Open: Reported","Rejected","Restoration Achieved","Stalled"]},"tactics":{"type":"array","items":{"type":"string"}},"techniques":{"type":"array","items":{"type":"string"}},"description":{"type":"string"},"short_description":{"type":"string"},"source":{"type":"string"},"source_uri":{"type":"string"},"title":{"type":"string"},"language":{"type":"string"},"external_references":{"type":"array","items":{"required":["source_name"],"type":"object","properties":{"source_name":{"type":"string"},"hashes":{"type":"array","items":{"type":"string"}},"url":{"type":"string"},"description":{"type":"string"},"external_id":{"type":"string"}}}},"external_ids":{"type":"array","items":{"type":"string"}},"tlp":{"type":"string","enum":["amber","green","red","white"]}}}},"application/transit+json":{"schema":{"required":["confidence","incident_time","status"],"type":"object","properties":{"assignees":{"type":"array","items":{"type":"string"}},"categories":{"type":"array","items":{"type":"string","enum":["Attrition","Denial of Service","Exercise","Exercise/Network Defense Testing","Explained Anomaly","Forensics","Improper Usage","Intelligence","Investigating","Investigation","Malicious Code","Malicious Logic","Non-Compliant","Reconnaissance","Root Level","Scans/Probes/Attempted Access","Unauthorized Access","Unsuccessful","User Level","eDiscovery"]}},"confidence":{"type":"string","enum":["High","Info","Low","Medium","None","Unknown"]},"discovery_method":{"type":"string","enum":["SecureX Threat Hunting","Agent Disclosure","Antivirus","Audit","Customer","External - Fraud Detection","Financial Audit","HIPS","IT Audit","Incident Response","Internal - Fraud Detection","Law Enforcement","Log Review","Monitoring Service","NIDS","Security Alarm","Unknown","Unrelated Party","User"]},"incident_time":{"required":["opened"],"type":"object","properties":{"opened":{"type":"string"},"closed":{"type":"string"},"discovered":{"type":"string"},"rejected":{"type":"string"},"remediated":{"type":"string"},"reported":{"type":"string"}}},"intended_effect":{"type":"string","enum":["Account Takeover","Advantage","Advantage - Economic","Advantage - Military","Advantage - Political","Brand Damage","Competitive Advantage","Degradation of Service","Denial and Deception","Destruction","Disruption","Embarrassment","Exposure","Extortion","Fraud","Harassment","ICS Control","Theft","Theft - Credential Theft","Theft - Identity Theft","Theft - Intellectual Property","Theft - Theft of Proprietary Information","Traffic Diversion","Unauthorized Access"]},"meta":{"type":"object","properties":{"ai_description":{"type":"boolean"}}},"promotion_method":{"type":"string","enum":["Automated","Manual"]},"scores":{"type":"object","properties":{"asset":{"maximum":10,"minimum":0,"type":"integer","format":"int64"},"global":{"maximum":1000,"minimum":0,"type":"integer","format":"int64"},"ttp":{"maximum":100,"minimum":0,"type":"integer","format":"int64"}}},"severity":{"type":"string","enum":["Critical","High","Info","Low","Medium","None","Unknown"]},"status":{"type":"string","enum":["Closed","Closed: Confirmed Threat","Closed: False Positive","Closed: Near-Miss","Closed: Other","Closed: Suspected","Closed: Under Review","Containment Achieved","Hold","Hold: External","Hold: Internal","Hold: Legal","Incident Reported","New","New: Presented","New: Processing","Open","Open: Contained","Open: Investigating","Open: Recovered","Open: Reported","Rejected","Restoration Achieved","Stalled"]},"tactics":{"type":"array","items":{"type":"string"}},"techniques":{"type":"array","items":{"type":"string"}},"description":{"type":"string"},"short_description":{"type":"string"},"source":{"type":"string"},"source_uri":{"type":"string"},"title":{"type":"string"},"language":{"type":"string"},"external_references":{"type":"array","items":{"required":["source_name"],"type":"object","properties":{"source_name":{"type":"string"},"hashes":{"type":"array","items":{"type":"string"}},"url":{"type":"string"},"description":{"type":"string"},"external_id":{"type":"string"}}}},"external_ids":{"type":"array","items":{"type":"string"}},"tlp":{"type":"string","enum":["amber","green","red","white"]}}}},"application/edn":{"schema":{"required":["confidence","incident_time","status"],"type":"object","properties":{"assignees":{"type":"array","items":{"type":"string"}},"categories":{"type":"array","items":{"type":"string","enum":["Attrition","Denial of Service","Exercise","Exercise/Network Defense Testing","Explained Anomaly","Forensics","Improper Usage","Intelligence","Investigating","Investigation","Malicious Code","Malicious Logic","Non-Compliant","Reconnaissance","Root Level","Scans/Probes/Attempted Access","Unauthorized Access","Unsuccessful","User Level","eDiscovery"]}},"confidence":{"type":"string","enum":["High","Info","Low","Medium","None","Unknown"]},"discovery_method":{"type":"string","enum":["SecureX Threat Hunting","Agent Disclosure","Antivirus","Audit","Customer","External - Fraud Detection","Financial Audit","HIPS","IT Audit","Incident Response","Internal - Fraud Detection","Law Enforcement","Log Review","Monitoring Service","NIDS","Security Alarm","Unknown","Unrelated Party","User"]},"incident_time":{"required":["opened"],"type":"object","properties":{"opened":{"type":"string"},"closed":{"type":"string"},"discovered":{"type":"string"},"rejected":{"type":"string"},"remediated":{"type":"string"},"reported":{"type":"string"}}},"intended_effect":{"type":"string","enum":["Account Takeover","Advantage","Advantage - Economic","Advantage - Military","Advantage - Political","Brand Damage","Competitive Advantage","Degradation of Service","Denial and Deception","Destruction","Disruption","Embarrassment","Exposure","Extortion","Fraud","Harassment","ICS Control","Theft","Theft - Credential Theft","Theft - Identity Theft","Theft - Intellectual Property","Theft - Theft of Proprietary Information","Traffic Diversion","Unauthorized Access"]},"meta":{"type":"object","properties":{"ai_description":{"type":"boolean"}}},"promotion_method":{"type":"string","enum":["Automated","Manual"]},"scores":{"type":"object","properties":{"asset":{"maximum":10,"minimum":0,"type":"integer","format":"int64"},"global":{"maximum":1000,"minimum":0,"type":"integer","format":"int64"},"ttp":{"maximum":100,"minimum":0,"type":"integer","format":"int64"}}},"severity":{"type":"string","enum":["Critical","High","Info","Low","Medium","None","Unknown"]},"status":{"type":"string","enum":["Closed","Closed: Confirmed Threat","Closed: False Positive","Closed: Near-Miss","Closed: Other","Closed: Suspected","Closed: Under Review","Containment Achieved","Hold","Hold: External","Hold: Internal","Hold: Legal","Incident Reported","New","New: Presented","New: Processing","Open","Open: Contained","Open: Investigating","Open: Recovered","Open: Reported","Rejected","Restoration Achieved","Stalled"]},"tactics":{"type":"array","items":{"type":"string"}},"techniques":{"type":"array","items":{"type":"string"}},"description":{"type":"string"},"short_description":{"type":"string"},"source":{"type":"string"},"source_uri":{"type":"string"},"title":{"type":"string"},"language":{"type":"string"},"external_references":{"type":"array","items":{"required":["source_name"],"type":"object","properties":{"source_name":{"type":"string"},"hashes":{"type":"array","items":{"type":"string"}},"url":{"type":"string"},"description":{"type":"string"},"external_id":{"type":"string"}}}},"external_ids":{"type":"array","items":{"type":"string"}},"tlp":{"type":"string","enum":["amber","green","red","white"]}}}}},"required":true},"responses":{"200":{"description":"","content":{"application/json":{"schema":{"required":["confidence","groups","id","incident_time","schema_version","status","type"],"type":"object","properties":{"assignees":{"type":"array","items":{"type":"string"}},"categories":{"type":"array","items":{"type":"string","enum":["Attrition","Denial of Service","Exercise","Exercise/Network Defense Testing","Explained Anomaly","Forensics","Improper Usage","Intelligence","Investigating","Investigation","Malicious Code","Malicious Logic","Non-Compliant","Reconnaissance","Root Level","Scans/Probes/Attempted Access","Unauthorized Access","Unsuccessful","User Level","eDiscovery"]}},"confidence":{"type":"string","enum":["High","Info","Low","Medium","None","Unknown"]},"discovery_method":{"type":"string","enum":["SecureX Threat Hunting","Agent Disclosure","Antivirus","Audit","Customer","External - Fraud Detection","Financial Audit","HIPS","IT Audit","Incident Response","Internal - Fraud Detection","Law Enforcement","Log Review","Monitoring Service","NIDS","Security Alarm","Unknown","Unrelated Party","User"]},"incident_time":{"required":["opened"],"type":"object","properties":{"opened":{"type":"string"},"closed":{"type":"string"},"discovered":{"type":"string"},"rejected":{"type":"string"},"remediated":{"type":"string"},"reported":{"type":"string"}}},"intended_effect":{"type":"string","enum":["Account Takeover","Advantage","Advantage - Economic","Advantage - Military","Advantage - Political","Brand Damage","Competitive Advantage","Degradation of Service","Denial and Deception","Destruction","Disruption","Embarrassment","Exposure","Extortion","Fraud","Harassment","ICS Control","Theft","Theft - Credential Theft","Theft - Identity Theft","Theft - Intellectual Property","Theft - Theft of Proprietary Information","Traffic Diversion","Unauthorized Access"]},"meta":{"type":"object","properties":{"ai_description":{"type":"boolean"}}},"promotion_method":{"type":"string","enum":["Automated","Manual"]},"scores":{"type":"object","properties":{"asset":{"maximum":10,"minimum":0,"type":"integer","format":"int64"},"global":{"maximum":1000,"minimum":0,"type":"integer","format":"int64"},"ttp":{"maximum":100,"minimum":0,"type":"integer","format":"int64"}}},"severity":{"type":"string","enum":["Critical","High","Info","Low","Medium","None","Unknown"]},"status":{"type":"string","enum":["Closed","Closed: Confirmed Threat","Closed: False Positive","Closed: Near-Miss","Closed: Other","Closed: Suspected","Closed: Under Review","Containment Achieved","Hold","Hold: External","Hold: Internal","Hold: Legal","Incident Reported","New","New: Presented","New: Processing","Open","Open: Contained","Open: Investigating","Open: Recovered","Open: Reported","Rejected","Restoration Achieved","Stalled"]},"tactics":{"type":"array","items":{"type":"string"}},"techniques":{"type":"array","items":{"type":"string"}},"description":{"type":"string"},"short_description":{"type":"string"},"source":{"type":"string"},"source_uri":{"type":"string"},"title":{"type":"string"},"language":{"type":"string"},"external_references":{"type":"array","items":{"required":["source_name"],"type":"object","properties":{"source_name":{"type":"string"},"hashes":{"type":"array","items":{"type":"string"}},"url":{"type":"string"},"description":{"type":"string"},"external_id":{"type":"string"}}}},"external_ids":{"type":"array","items":{"type":"string"}},"tlp":{"type":"string","enum":["amber","green","red","white"]},"id":{"type":"string"},"client_id":{"type":"string"},"modified":{"type":"string","format":"date-time","x-anyOf":[{"type":"string","format":"date-time"},{"type":"string"}]},"created":{"type":"string","format":"date-time","x-anyOf":[{"type":"string","format":"date-time"},{"type":"string"}]},"owner":{"type":"string","nullable":true,"x-anyOf":[{"type":"string"},{"type":"boolean"}]},"groups":{"type":"array","items":{"type":"string"}},"schema_version":{"type":"string"},"revision":{"minimum":0,"type":"integer","format":"int64"},"type":{"type":"string","enum":["incident"]},"timestamp":{"type":"string","format":"date-time","x-anyOf":[{"type":"string","format":"date-time"},{"type":"string"}]}}}},"application/transit+msgpack":{"schema":{"required":["confidence","groups","id","incident_time","schema_version","status","type"],"type":"object","properties":{"assignees":{"type":"array","items":{"type":"string"}},"categories":{"type":"array","items":{"type":"string","enum":["Attrition","Denial of Service","Exercise","Exercise/Network Defense Testing","Explained Anomaly","Forensics","Improper Usage","Intelligence","Investigating","Investigation","Malicious Code","Malicious Logic","Non-Compliant","Reconnaissance","Root Level","Scans/Probes/Attempted Access","Unauthorized Access","Unsuccessful","User Level","eDiscovery"]}},"confidence":{"type":"string","enum":["High","Info","Low","Medium","None","Unknown"]},"discovery_method":{"type":"string","enum":["SecureX Threat Hunting","Agent Disclosure","Antivirus","Audit","Customer","External - Fraud Detection","Financial Audit","HIPS","IT Audit","Incident Response","Internal - Fraud Detection","Law Enforcement","Log Review","Monitoring Service","NIDS","Security Alarm","Unknown","Unrelated Party","User"]},"incident_time":{"required":["opened"],"type":"object","properties":{"opened":{"type":"string"},"closed":{"type":"string"},"discovered":{"type":"string"},"rejected":{"type":"string"},"remediated":{"type":"string"},"reported":{"type":"string"}}},"intended_effect":{"type":"string","enum":["Account Takeover","Advantage","Advantage - Economic","Advantage - Military","Advantage - Political","Brand Damage","Competitive Advantage","Degradation of Service","Denial and Deception","Destruction","Disruption","Embarrassment","Exposure","Extortion","Fraud","Harassment","ICS Control","Theft","Theft - Credential Theft","Theft - Identity Theft","Theft - Intellectual Property","Theft - Theft of Proprietary Information","Traffic Diversion","Unauthorized Access"]},"meta":{"type":"object","properties":{"ai_description":{"type":"boolean"}}},"promotion_method":{"type":"string","enum":["Automated","Manual"]},"scores":{"type":"object","properties":{"asset":{"maximum":10,"minimum":0,"type":"integer","format":"int64"},"global":{"maximum":1000,"minimum":0,"type":"integer","format":"int64"},"ttp":{"maximum":100,"minimum":0,"type":"integer","format":"int64"}}},"severity":{"type":"string","enum":["Critical","High","Info","Low","Medium","None","Unknown"]},"status":{"type":"string","enum":["Closed","Closed: Confirmed Threat","Closed: False Positive","Closed: Near-Miss","Closed: Other","Closed: Suspected","Closed: Under Review","Containment Achieved","Hold","Hold: External","Hold: Internal","Hold: Legal","Incident Reported","New","New: Presented","New: Processing","Open","Open: Contained","Open: Investigating","Open: Recovered","Open: Reported","Rejected","Restoration Achieved","Stalled"]},"tactics":{"type":"array","items":{"type":"string"}},"techniques":{"type":"array","items":{"type":"string"}},"description":{"type":"string"},"short_description":{"type":"string"},"source":{"type":"string"},"source_uri":{"type":"string"},"title":{"type":"string"},"language":{"type":"string"},"external_references":{"type":"array","items":{"required":["source_name"],"type":"object","properties":{"source_name":{"type":"string"},"hashes":{"type":"array","items":{"type":"string"}},"url":{"type":"string"},"description":{"type":"string"},"external_id":{"type":"string"}}}},"external_ids":{"type":"array","items":{"type":"string"}},"tlp":{"type":"string","enum":["amber","green","red","white"]},"id":{"type":"string"},"client_id":{"type":"string"},"modified":{"type":"string","format":"date-time","x-anyOf":[{"type":"string","format":"date-time"},{"type":"string"}]},"created":{"type":"string","format":"date-time","x-anyOf":[{"type":"string","format":"date-time"},{"type":"string"}]},"owner":{"type":"string","nullable":true,"x-anyOf":[{"type":"string"},{"type":"boolean"}]},"groups":{"type":"array","items":{"type":"string"}},"schema_version":{"type":"string"},"revision":{"minimum":0,"type":"integer","format":"int64"},"type":{"type":"string","enum":["incident"]},"timestamp":{"type":"string","format":"date-time","x-anyOf":[{"type":"string","format":"date-time"},{"type":"string"}]}}}},"application/transit+json":{"schema":{"required":["confidence","groups","id","incident_time","schema_version","status","type"],"type":"object","properties":{"assignees":{"type":"array","items":{"type":"string"}},"categories":{"type":"array","items":{"type":"string","enum":["Attrition","Denial of Service","Exercise","Exercise/Network Defense Testing","Explained Anomaly","Forensics","Improper Usage","Intelligence","Investigating","Investigation","Malicious Code","Malicious Logic","Non-Compliant","Reconnaissance","Root Level","Scans/Probes/Attempted Access","Unauthorized Access","Unsuccessful","User Level","eDiscovery"]}},"confidence":{"type":"string","enum":["High","Info","Low","Medium","None","Unknown"]},"discovery_method":{"type":"string","enum":["SecureX Threat Hunting","Agent Disclosure","Antivirus","Audit","Customer","External - Fraud Detection","Financial Audit","HIPS","IT Audit","Incident Response","Internal - Fraud Detection","Law Enforcement","Log Review","Monitoring Service","NIDS","Security Alarm","Unknown","Unrelated Party","User"]},"incident_time":{"required":["opened"],"type":"object","properties":{"opened":{"type":"string"},"closed":{"type":"string"},"discovered":{"type":"string"},"rejected":{"type":"string"},"remediated":{"type":"string"},"reported":{"type":"string"}}},"intended_effect":{"type":"string","enum":["Account Takeover","Advantage","Advantage - Economic","Advantage - Military","Advantage - Political","Brand Damage","Competitive Advantage","Degradation of Service","Denial and Deception","Destruction","Disruption","Embarrassment","Exposure","Extortion","Fraud","Harassment","ICS Control","Theft","Theft - Credential Theft","Theft - Identity Theft","Theft - Intellectual Property","Theft - Theft of Proprietary Information","Traffic Diversion","Unauthorized Access"]},"meta":{"type":"object","properties":{"ai_description":{"type":"boolean"}}},"promotion_method":{"type":"string","enum":["Automated","Manual"]},"scores":{"type":"object","properties":{"asset":{"maximum":10,"minimum":0,"type":"integer","format":"int64"},"global":{"maximum":1000,"minimum":0,"type":"integer","format":"int64"},"ttp":{"maximum":100,"minimum":0,"type":"integer","format":"int64"}}},"severity":{"type":"string","enum":["Critical","High","Info","Low","Medium","None","Unknown"]},"status":{"type":"string","enum":["Closed","Closed: Confirmed Threat","Closed: False Positive","Closed: Near-Miss","Closed: Other","Closed: Suspected","Closed: Under Review","Containment Achieved","Hold","Hold: External","Hold: Internal","Hold: Legal","Incident Reported","New","New: Presented","New: Processing","Open","Open: Contained","Open: Investigating","Open: Recovered","Open: Reported","Rejected","Restoration Achieved","Stalled"]},"tactics":{"type":"array","items":{"type":"string"}},"techniques":{"type":"array","items":{"type":"string"}},"description":{"type":"string"},"short_description":{"type":"string"},"source":{"type":"string"},"source_uri":{"type":"string"},"title":{"type":"string"},"language":{"type":"string"},"external_references":{"type":"array","items":{"required":["source_name"],"type":"object","properties":{"source_name":{"type":"string"},"hashes":{"type":"array","items":{"type":"string"}},"url":{"type":"string"},"description":{"type":"string"},"external_id":{"type":"string"}}}},"external_ids":{"type":"array","items":{"type":"string"}},"tlp":{"type":"string","enum":["amber","green","red","white"]},"id":{"type":"string"},"client_id":{"type":"string"},"modified":{"type":"string","format":"date-time","x-anyOf":[{"type":"string","format":"date-time"},{"type":"string"}]},"created":{"type":"string","format":"date-time","x-anyOf":[{"type":"string","format":"date-time"},{"type":"string"}]},"owner":{"type":"string","nullable":true,"x-anyOf":[{"type":"string"},{"type":"boolean"}]},"groups":{"type":"array","items":{"type":"string"}},"schema_version":{"type":"string"},"revision":{"minimum":0,"type":"integer","format":"int64"},"type":{"type":"string","enum":["incident"]},"timestamp":{"type":"string","format":"date-time","x-anyOf":[{"type":"string","format":"date-time"},{"type":"string"}]}}}},"application/edn":{"schema":{"required":["confidence","groups","id","incident_time","schema_version","status","type"],"type":"object","properties":{"assignees":{"type":"array","items":{"type":"string"}},"categories":{"type":"array","items":{"type":"string","enum":["Attrition","Denial of Service","Exercise","Exercise/Network Defense Testing","Explained Anomaly","Forensics","Improper Usage","Intelligence","Investigating","Investigation","Malicious Code","Malicious Logic","Non-Compliant","Reconnaissance","Root Level","Scans/Probes/Attempted Access","Unauthorized Access","Unsuccessful","User Level","eDiscovery"]}},"confidence":{"type":"string","enum":["High","Info","Low","Medium","None","Unknown"]},"discovery_method":{"type":"string","enum":["SecureX Threat Hunting","Agent Disclosure","Antivirus","Audit","Customer","External - Fraud Detection","Financial Audit","HIPS","IT Audit","Incident Response","Internal - Fraud Detection","Law Enforcement","Log Review","Monitoring Service","NIDS","Security Alarm","Unknown","Unrelated Party","User"]},"incident_time":{"required":["opened"],"type":"object","properties":{"opened":{"type":"string"},"closed":{"type":"string"},"discovered":{"type":"string"},"rejected":{"type":"string"},"remediated":{"type":"string"},"reported":{"type":"string"}}},"intended_effect":{"type":"string","enum":["Account Takeover","Advantage","Advantage - Economic","Advantage - Military","Advantage - Political","Brand Damage","Competitive Advantage","Degradation of Service","Denial and Deception","Destruction","Disruption","Embarrassment","Exposure","Extortion","Fraud","Harassment","ICS Control","Theft","Theft - Credential Theft","Theft - Identity Theft","Theft - Intellectual Property","Theft - Theft of Proprietary Information","Traffic Diversion","Unauthorized Access"]},"meta":{"type":"object","properties":{"ai_description":{"type":"boolean"}}},"promotion_method":{"type":"string","enum":["Automated","Manual"]},"scores":{"type":"object","properties":{"asset":{"maximum":10,"minimum":0,"type":"integer","format":"int64"},"global":{"maximum":1000,"minimum":0,"type":"integer","format":"int64"},"ttp":{"maximum":100,"minimum":0,"type":"integer","format":"int64"}}},"severity":{"type":"string","enum":["Critical","High","Info","Low","Medium","None","Unknown"]},"status":{"type":"string","enum":["Closed","Closed: Confirmed Threat","Closed: False Positive","Closed: Near-Miss","Closed: Other","Closed: Suspected","Closed: Under Review","Containment Achieved","Hold","Hold: External","Hold: Internal","Hold: Legal","Incident Reported","New","New: Presented","New: Processing","Open","Open: Contained","Open: Investigating","Open: Recovered","Open: Reported","Rejected","Restoration Achieved","Stalled"]},"tactics":{"type":"array","items":{"type":"string"}},"techniques":{"type":"array","items":{"type":"string"}},"description":{"type":"string"},"short_description":{"type":"string"},"source":{"type":"string"},"source_uri":{"type":"string"},"title":{"type":"string"},"language":{"type":"string"},"external_references":{"type":"array","items":{"required":["source_name"],"type":"object","properties":{"source_name":{"type":"string"},"hashes":{"type":"array","items":{"type":"string"}},"url":{"type":"string"},"description":{"type":"string"},"external_id":{"type":"string"}}}},"external_ids":{"type":"array","items":{"type":"string"}},"tlp":{"type":"string","enum":["amber","green","red","white"]},"id":{"type":"string"},"client_id":{"type":"string"},"modified":{"type":"string","format":"date-time","x-anyOf":[{"type":"string","format":"date-time"},{"type":"string"}]},"created":{"type":"string","format":"date-time","x-anyOf":[{"type":"string","format":"date-time"},{"type":"string"}]},"owner":{"type":"string","nullable":true,"x-anyOf":[{"type":"string"},{"type":"boolean"}]},"groups":{"type":"array","items":{"type":"string"}},"schema_version":{"type":"string"},"revision":{"minimum":0,"type":"integer","format":"int64"},"type":{"type":"string","enum":["incident"]},"timestamp":{"type":"string","format":"date-time","x-anyOf":[{"type":"string","format":"date-time"},{"type":"string"}]}}}}}},"400":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"object"}}}}}},"401":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Unauthorized"]}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Unauthorized"]}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Unauthorized"]}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Unauthorized"]}}}}}},"403":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Forbidden"]}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Forbidden"]}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Forbidden"]}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Forbidden"]}}}}}},"404":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Found"]}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Found"]}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Found"]}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Found"]}}}}}},"405":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Method Not Allowed"]}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Method Not Allowed"]}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Method Not Allowed"]}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Method Not Allowed"]}}}}}},"406":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Acceptable"]}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Acceptable"]}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Acceptable"]}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Not Acceptable"]}}}}}},"429":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Too many requests"]}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Too many requests"]}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Too many requests"]}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["Too many requests"]}}}}}},"500":{"description":"","content":{"application/json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["exception","default exception","sql exception","JSON too large","schema","external_request"]},"exception":{"type":"string","example":"SqlException"},"data":{"type":"object","description":"Any specific error information passed by custom errors.","example":""},"uri":{"type":"string","description":"The URI the error was seen at","example":"/global/v1/incident/?/incident-summary"}}}},"application/transit+msgpack":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["exception","default exception","sql exception","JSON too large","schema","external_request"]},"exception":{"type":"string","example":"SqlException"},"data":{"type":"object","description":"Any specific error information passed by custom errors.","example":""},"uri":{"type":"string","description":"The URI the error was seen at","example":"/global/v1/incident/?/incident-summary"}}}},"application/transit+json":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["exception","default exception","sql exception","JSON too large","schema","external_request"]},"exception":{"type":"string","example":"SqlException"},"data":{"type":"object","description":"Any specific error information passed by custom errors.","example":""},"uri":{"type":"string","description":"The URI the error was seen at","example":"/global/v1/incident/?/incident-summary"}}}},"application/edn":{"schema":{"required":["message"],"type":"object","properties":{"message":{"type":"string","enum":["exception","default exception","sql exception","JSON too large","schema","external_request"]},"exception":{"type":"string","example":"SqlException"},"data":{"type":"object","description":"Any specific error information passed by custom errors.","example":""},"uri":{"type":"string","description":"The URI the error was seen at","example":"/global/v1/incident/?/incident-summary"}}}}}}},"security":[{"JWT-Bearer":[]},{"oauth2":[]}],"x-codegen-request-body-name":"body","method":"put","path":"/v2/incident/{incident-id}"}}