List Incidents - Cloud Security API

{"type":"api","title":"List Incidents","meta":{"id":"/apps/pubhub/media/cloud-security-apis-in-eft/9d37d008417d562ab46d4b67547a68457ce288d2/eadd0b56-ea60-32bd-a1aa-155c29b52bed","info":{"title":"Cisco Cloudlock API","description":"The Cloudlock API provides data about an organization's activities, apps, incidents, and policies.","version":"1.0.0","contact":{"name":"Cloud Security Developer Community"}},"tags":[{"name":"Activities"},{"name":"Apps"},{"name":"Entities"},{"name":"Incidents"},{"name":"Incident Aggregates"},{"name":"Incident Entities"},{"name":"IP Libraries"},{"name":"Policies"}],"openapi":"3.0.0","servers":[{"url":"https://api.cloudlock.com/api/v2"}]},"spec":{"tags":["Incidents"],"description":"Incidents are a key resource in CloudLock. Incidents are\ntriggered by the CloudLock policy engine when a policy's detection\ncriteria results in a match in object (document, field, folder, post, or\nfile).\nIncidents can be changed manually by a\nuser (by updating incidents fields such as status or severity) or\nautomatically as objects or events are reevaluated by the policy\nengine. Depending on the incident type, different incident information may be\navailable.\n\nKey information about an incident:\nSummary - Basic incident information and\nstatus\nDetails - Information about the relevant object(s) associated with this incident\nEntity - Information about the object related\nto the incident\nMatches - Matches represent the actual hits\nwithin the content (for content type policies)","operationId":"listIncidents","summary":"List Incidents","parameters":[{"name":"limit","in":"query","description":"The maximum number of records to return in the collection.","required":false,"schema":{"type":"string"},"$$ref":"#/components/parameters/limitParam"},{"name":"offset","schema":{"type":"string"},"in":"query","description":"A number that represents the index into the collection.","required":false,"$$ref":"#/components/parameters/offsetParam"},{"name":"incident_type","schema":{"type":"string"},"in":"query","description":"Filter based on the incident type.","example":"COMPLIANCE"},{"name":"severity","schema":{"type":"string"},"in":"query","description":"Filter based on the incident severity.","example":"CRITICAL"},{"name":"policy_id","schema":{"type":"string"},"in":"query","description":"Filter based on the policy ID.","example":"rNP3Dd3By0"},{"name":"created_before","in":"query","schema":{"type":"string"},"description":"Filter based on incidents created before a given date.","example":"2021-01-18T16:55","$$ref":"#/components/parameters/createdBeforeParam"},{"name":"created_after","schema":{"type":"string"},"in":"query","description":"Filter the collection by the creation date.","example":"2021-01-01","$$ref":"#/components/parameters/createdAfterParam"},{"name":"updated_before","in":"query","schema":{"type":"string"},"description":"Filter based on incidents updated before a given date.","example":"2021-01-18T16:55"},{"name":"updated_after","in":"query","schema":{"type":"string"},"description":"Filter based on incidents updated after a given date.","example":"2021-01-18T16:55"},{"name":"incident_status","schema":{"type":"string"},"in":"query","description":"Filter based on the incident status.","example":"RESOLVED"},{"name":"vendor","schema":{"type":"string"},"in":"query","description":"Filter based on the platform (for example: google, salesforce)","example":"salesforce"},{"name":"customer_key","schema":{"type":"string"},"in":"query","description":"Filter based on the customer_key field.","example":"123 abc"},{"name":"fields","schema":{"type":"string"},"in":"query","description":"Return only the selected parent fields. For example: id and entity fields.\nProvide a comma-delimited list of parent fields.","example":"id,entity"},{"name":"order","schema":{"type":"string"},"in":"query","description":"Sort by the date when the incident was created (A dash (`-`) denotes descending order).","example":"created_at"},{"name":"flat","schema":{"type":"string"},"in":"query","description":"If set to `true`, flatten the output to simplify ingestion of data by tabular systems.","example":"true"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"The internal CloudLock incident ID, which can be used to\ncall or update a specific incident."},"customer_key":{"type":"string","description":"An empty field to be used as a system ID (a customer can set this or leave it empty)."},"incident_status":{"type":"string","description":"The status of the incident. Possible values: NEW, RESOLVED, IN PROGRESS, DISMISSED."},"severity":{"type":"string","description":"The severity of the incident. Possible values: INFO, WARNING, CRITICAL, ALERT."},"created_at":{"type":"string","description":"The incident creation time, in UTC."},"updated_at":{"type":"string","description":"The incident last upate time, in UTC."},"match_count":{"type":"integer","description":"The total number of matches.\""},"entity":{"type":"object","description":"The information about the object relating to this incident.","properties":{"direct_url":{"type":"string","description":"The URL to the object."},"extra":{"type":"object","description":"The additional information related to the incident.","properties":{"origin_type_label":{"type":"string","description":"This field gives additional info regarding the scanned object that triggered the policy violation."},"origin_type_label_plural":{"type":"string","description":"Similar to the origin_type_label but for a plural label"}}},"id":{"type":"string","description":"This is Cloudlock Internal Identifier for an entity."},"mime_type":{"type":"string","description":"The mime type of the object/document (if any)"},"name":{"type":"string","description":"The name of the underlying object represented by this entity."},"origin_id":{"type":"string","description":"This is the identifier of the object in the vendor system."},"origin_type":{"type":"string","description":"The object type (i.e. document, post, app, event)."},"owner_email":{"type":"string","description":"Object owner's email address (e.g. user@cloudlock.com)."},"owner_name":{"type":"string","description":"Object owner's name (i.e. John Q. User)."},"vendor":{"type":"object","properties":{"name":{"type":"string","description":"The name of the vendor. For example: google."}},"$$ref":"#/components/schemas/Vendor"}},"$$ref":"#/components/schemas/Entity"},"policy":{"type":"object","description":"The policy that triggered the incident.","properties":{"id":{"type":"string","description":"The Cloudlock Internal Identifier for a policy."},"name":{"type":"string","description":"The name of the policy. Possible values: SSN, PCI or any policy name."}},"$$ref":"#/components/schemas/Policy"},"matches":{"description":"The list of matches for the incident.","type":"array","items":{"type":"object","description":"A Match represents an occurrence of a content pattern in an object (such as a file).\nThe content pattern is defined in a policy.","properties":{"created_at":{"type":"string","description":"The time when this match was detected. Time expressed as a timestamp in UTC."},"ctx_after":{"type":"string","description":"The characters after the match."},"ctx_before":{"type":"string","description":"The characters before the match."},"field_name":{"type":"string","description":"The field or object for this match."},"text":{"type":"string","description":"Provide string to identify object. Relevant for content detection criteria='Custom regex criteria' only."},"policy_criteria":{"type":"object","description":"A description of the policy criteria.","properties":{"id":{"type":"string"}}}},"$$ref":"#/components/schemas/Match"}}},"$$ref":"#/components/schemas/IncidentsCollection"}},"examples":{"response":{"value":[{"created_at":"2014-08-08T05:09:53.218594+00:00","customer_key":"","entity":{"direct_url":"https://na15.salesforce.com/00Qi00000088wrBEAQ","extra":{"origin_type_label":"Lead","origin_type_label_plural":"Leads"}},"id":"GM46KpY7xO","mime_type":"","name":"Gautum Trentson","origin_id":"00Qi00000088wrBEAQ","origin_type":"document","owner_email":"jennifer@cloudlock.com","owner_name":"Jennifer McClain","vendor":{"name":"salesforce","id":"320831601","incident_status":"IN PROGRESS","match_count":1},"matches":[{"created_at":"2014-08-08T05:09:53.218594+00:00","ctx_after":"can we use this on the up","ctx_before":"ard number on an old invoice","field_name":"Description","text":"XXXXXXXXXXXX6966"}],"policy":{"id":"eyaznBzYKv","name":"PCI"},"severity":"WARNING","updated_at":"2014-08-08T05:09:52.930752+00:00"}]}}}}},"400":{"description":"Invalid request","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/400Error"},"401":{"description":"Unauthorized request","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/401Error"},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/403Error"},"404":{"description":"Not Found","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/404Error"},"500":{"description":"Server error","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}},"$$ref":"#/components/responses/500Error"}},"__originalOperationId":"listIncidents","method":"get","path":"/incidents"}}