Select the tab

Close incident

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

Relative path: /v2/incidents/{incidentUuid}:close

Close an incident.

Base URL for Europe, Germany, United States, Canada and Japan regions:

https://eu.incident-management.eset.systems

https://de.incident-management.eset.systems

https://us.incident-management.eset.systems

https://ca.incident-management.eset.systems

https://jpn.incident-management.eset.systems

Request body

Display Schema instead of an Example or vice-versa

Type	Required	Example	Schema
application/json	Yes	{ "closureReason": "INCIDENT_RESOLVE_REASON_UNSPECIFIED", "finalComment": { "incidentUuid": "string", "isFinalComment": true, "text": "string", "uuid": "string" } }	{ "$ref": "IncidentsCloseIncidentBody", "closureReason": { "$ref": "v2IncidentResolveReason", "type": "string", "description": "Possible reasons for resolved incident. INCIDENT_RESOLVE_REASON_UNSPECIFIED: fallback INCIDENT_RESOLVE_REASON_TRUE_POSITIVE: The incident was a true positive, indicating a genuine security threat. INCIDENT_RESOLVE_REASON_FALSE_POSITIVE: The incident was initially thought to be a security threat but later determined to be a false alarm. INCIDENT_RESOLVE_REASON_SUSPICIOUS: The incident is not a confirmed threat (true positive), but investigating it can provide valuable insights into user behavior patterns and help mitigate potential attacks.", "default": "INCIDENT_RESOLVE_REASON_UNSPECIFIED", "enum": [ "INCIDENT_RESOLVE_REASON_UNSPECIFIED", "INCIDENT_RESOLVE_REASON_TRUE_POSITIVE", "INCIDENT_RESOLVE_REASON_FALSE_POSITIVE", "INCIDENT_RESOLVE_REASON_SUSPICIOUS" ] }, "finalComment": { "$ref": "v2IncidentComment", "description": "Incident comment is every comment connected to an incident. These comments are created during the life cycle of the incident and better describe what happened to the incident during each step of its life cycle (Preparation, Detection, Analysis, Containment, Eradication, Recovery, Post-incident activity).", "incidentUuid": { "type": "string", "description": "Reference to the root - [Incident]. type: v2.Incident" }, "isFinalComment": { "type": "boolean", "description": "Define whether a comment is added during the closing of an incident and should describe why and how the incident was resolved and closed. False means standard comment." }, "text": { "type": "string", "description": "Text content of the comment." }, "uuid": { "type": "string", "description": "Unique identifier of the entity. Must be collision-free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to the template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on Wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'" } } }

Type

Required

Example

Schema

application/json

Yes

{
  "closureReason": "INCIDENT_RESOLVE_REASON_UNSPECIFIED",
  "finalComment": {
    "incidentUuid": "string",
    "isFinalComment": true,
    "text": "string",
    "uuid": "string"
  }
}

{
"$ref": "IncidentsCloseIncidentBody",
"closureReason": {
"$ref": "v2IncidentResolveReason",
"type": "string",
"description": "Possible reasons for resolved incident. INCIDENT_RESOLVE_REASON_UNSPECIFIED: fallback INCIDENT_RESOLVE_REASON_TRUE_POSITIVE: The incident was a true positive, indicating a genuine security threat. INCIDENT_RESOLVE_REASON_FALSE_POSITIVE: The incident was initially thought to be a security threat but later determined to be a false alarm. INCIDENT_RESOLVE_REASON_SUSPICIOUS: The incident is not a confirmed threat (true positive), but investigating it can provide valuable insights into user behavior patterns and help mitigate potential attacks.",
"default": "INCIDENT_RESOLVE_REASON_UNSPECIFIED",
"enum": [
"INCIDENT_RESOLVE_REASON_UNSPECIFIED",
"INCIDENT_RESOLVE_REASON_TRUE_POSITIVE",
"INCIDENT_RESOLVE_REASON_FALSE_POSITIVE",
"INCIDENT_RESOLVE_REASON_SUSPICIOUS"
]
},
"finalComment": {
"$ref": "v2IncidentComment",
"description": "Incident comment is every comment connected to an incident. These comments are created during the life cycle of the incident and better describe what happened to the incident during each step of its life cycle (Preparation, Detection, Analysis, Containment, Eradication, Recovery, Post-incident activity).",
"incidentUuid": {
"type": "string",
"description": "Reference to the root - [Incident]. type: v2.Incident"
},
"isFinalComment": {
"type": "boolean",
"description": "Define whether a comment is added during the closing of an incident and should describe why and how the incident was resolved and closed. False means standard comment."
},
"text": {
"type": "string",
"description": "Text content of the comment."
},
"uuid": {
"type": "string",
"description": "Unique identifier of the entity. Must be collision-free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to the template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on Wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
}
}
}

Parameters in path

Name	Type	Required	Description
incidentUuid	string	Yes	Reference to [Incident]. type: Incident

Responses

Display Schema+Headers instead of an Example or vice-versa

Code	Description and Example	Description, Schema and Headers
200	Successful response.	Successful response. Response schema { "$ref": "v2CloseIncidentResponse", "title": "empty", "type": "object" } Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
202	Response took too long; request cached. Response can be retrieved later using the response-id header.	Response took too long; request cached. Response can be retrieved later using the response-id header. Response schema [] Headers { "response-id": { "description": "Unique ID of a pending request. Used to retrieve cached result.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } }, "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
400	One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided.	One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
401	Token has expired or is invalid.	Token has expired or is invalid. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
403	Access denied. Check permissions.	Access denied. Check permissions. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
404	Requested resource not found.	Requested resource not found. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
429	Rate limit reached. Try again later.	Rate limit reached. Try again later. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
500	Internal server failure. Try again later.	Internal server failure. Try again later. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
502	Internal server failure. Try again later.	Internal server failure. Try again later. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
503	Environment under maintenance. Try again later.	Environment under maintenance. Try again later. Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }
504	Action took too long; timeout reached	Action took too long; timeout reached Response schema [] Headers { "request-id": { "description": "Unique ID of the request. Include in support requests.", "style": "simple", "explode": false, "schema": { "type": "string", "format": "uuid" } } }

˄˅