Get Incident - Cloud Security API

{"type":"api","title":"Get Incident","meta":{"id":"/apps/pubhub/media/cloud-security-apis-in-eft/83e8a10367d157243cd1c3e478b807cb81262a3d/eadd0b56-ea60-32bd-a1aa-155c29b52bed","info":{"title":"Cisco Cloudlock API","description":"The Cloudlock API provides data about an organization's activities, apps, incidents, and policies.","version":"1.0.0","contact":{"name":"Cloud Security Developer Community"}},"tags":[{"name":"Activities"},{"name":"Apps"},{"name":"Entities"},{"name":"Incidents"},{"name":"Incident Aggregates"},{"name":"Incident Entities"},{"name":"IP Libraries"},{"name":"Policies"}],"openapi":"3.0.0","servers":[{"url":"https://api.cloudlock.com/api/v2"}]},"spec":{"tags":["Incidents"],"description":"Get the information about a specific incident.","operationId":"getIncident","summary":"Get Incident","parameters":[{"description":"The ID of the incident.","example":320831601,"in":"path","name":"id","required":true,"schema":{"type":"integer"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"id":{"type":"string","description":"The internal CloudLock incident ID, which can be used to\ncall or update a specific incident."},"customer_key":{"type":"string","description":"An empty field to be used as a system ID (a customer can set this or leave it empty)."},"incident_status":{"type":"string","description":"The status of the incident. Possible values: NEW, RESOLVED, IN PROGRESS, DISMISSED."},"severity":{"type":"string","description":"The severity of the incident. Possible values: INFO, WARNING, CRITICAL, ALERT."},"created_at":{"type":"string","description":"The incident creation time, in UTC."},"updated_at":{"type":"string","description":"The incident last upate time, in UTC."},"match_count":{"type":"integer","description":"The total number of matches.\""},"entity":{"type":"object","description":"The information about the object relating to this incident.","properties":{"direct_url":{"type":"string","description":"The URL to the object."},"extra":{"type":"object","description":"The additional information related to the incident.","properties":{"origin_type_label":{"type":"string","description":"This field gives additional info regarding the scanned object that triggered the policy violation."},"origin_type_label_plural":{"type":"string","description":"Similar to the origin_type_label but for a plural label"}}},"id":{"type":"string","description":"This is Cloudlock Internal Identifier for an entity."},"mime_type":{"type":"string","description":"The mime type of the object/document (if any)"},"name":{"type":"string","description":"The name of the underlying object represented by this entity."},"origin_id":{"type":"string","description":"This is the identifier of the object in the vendor system."},"origin_type":{"type":"string","description":"The object type (i.e. document, post, app, event)."},"owner_email":{"type":"string","description":"Object owner's email address (e.g. user@cloudlock.com)."},"owner_name":{"type":"string","description":"Object owner's name (i.e. John Q. User)."},"vendor":{"type":"object","properties":{"name":{"type":"string","description":"The name of the vendor. For example: google."}},"$$ref":"#/components/schemas/Vendor"}},"$$ref":"#/components/schemas/Entity"},"policy":{"type":"object","description":"The policy that triggered the incident.","properties":{"id":{"type":"string","description":"The Cloudlock Internal Identifier for a policy."},"name":{"type":"string","description":"The name of the policy. Possible values: SSN, PCI or any policy name."}},"$$ref":"#/components/schemas/Policy"},"matches":{"description":"The list of matches for the incident.","type":"array","items":{"type":"object","description":"A Match represents an occurrence of a content pattern in an object (such as a file).\nThe content pattern is defined in a policy.","properties":{"created_at":{"type":"string","description":"The time when this match was detected. Time expressed as a timestamp in UTC."},"ctx_after":{"type":"string","description":"The characters after the match."},"ctx_before":{"type":"string","description":"The characters before the match."},"field_name":{"type":"string","description":"The field or object for this match."},"text":{"type":"string","description":"Provide string to identify object. Relevant for content detection criteria='Custom regex criteria' only."},"policy_criteria":{"type":"object","description":"A description of the policy criteria.","properties":{"id":{"type":"string"}}}},"$$ref":"#/components/schemas/Match"}}},"$$ref":"#/components/schemas/IncidentsCollection"},"examples":{"response":{"value":{"created_at":"2014-08-08T05:09:58.861954+00:00","customer_key":"","entity":{"direct_url":"https://na15.salesforce.com/0D5i000000jY0GvCAK","extra":{"origin_type_label":"Feed Item","origin_type_label_plural":"Feed Items"},"id":"vXxjnWAexL","mime_type":"","name":"Feed Item by John Demo","origin_id":"0D5i000000jY0GvCAK","origin_type":"document","owner_email":"demoUser@cloudlockdemo.com","owner_name":"John Demo","vendor":{"name":"salesforce"}},"id":"320831601","incident_status":"IN PROGRESS","match_count":1,"matches":[{"created_at":"2014-08-08T05:09:58.861954+00:00","ctx_after":"638 1","ctx_before":"UPS Tracking Number: 1Z W18","field_name":"Body","policy_criteria":{"id":"23"},"text":"XXX XX 7502"}],"policy":{"id":"Bdb475zMDK","name":"SSN"},"severity":"WARNING","updated_at":"2014-08-08T05:09:58.572845+00:00"}}}}}},"400":{"description":"Invalid request","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/400Error"},"401":{"description":"Unauthorized request","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/401Error"},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/403Error"},"404":{"description":"Not Found","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/404Error"},"500":{"description":"Server error","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/500Error"}},"__originalOperationId":"getIncident","method":"get","path":"/incidents/{id}"}}