Get incident

{
  "$ref": "v2GetIncidentResponse",
  "incident": {
    "$ref": "v2Incident",
    "description": {
      "type": "string",
      "description": "Arbitrary text describing the incident."
    },
    "assigneeUuid": {
      "type": "string",
      "description": "User responsible for investigation and remediation. type: user_management.v1.User"
    },
    "createTime": {
      "type": "string",
      "description": "Timestamp for when the incident was created.",
      "format": "date-time",
      "readOnly": true
    },
    "detectionUuids": [
      {
        "type": "string"
      }
    ],
    "deviceUuids": [
      {
        "type": "string"
      }
    ],
    "displayName": {
      "type": "string",
      "description": "Human readable name of the incident."
    },
    "metrics": {
      "$ref": "v2IncidentMetrics",
      "description": "Metrics related to the incident.",
      "deviceCount": {
        "type": "integer",
        "description": "Count of devices related to the incident.",
        "format": "int64"
      },
      "executableCount": {
        "type": "integer",
        "description": "Count of executables related to the incident.",
        "format": "int64"
      },
      "processCount": {
        "type": "integer",
        "description": "Count of processes related to the incident.",
        "format": "int64"
      }
    },
    "resolveReason": {
      "$ref": "v2IncidentResolveReason",
      "type": "string",
      "description": "Possible reasons for resolved incident. INCIDENT_RESOLVE_REASON_UNSPECIFIED: fallback INCIDENT_RESOLVE_REASON_TRUE_POSITIVE: The incident was a true positive, indicating a genuine security threat. INCIDENT_RESOLVE_REASON_FALSE_POSITIVE: The incident was initially thought to be a security threat but later determined to be a false alarm. INCIDENT_RESOLVE_REASON_SUSPICIOUS: The incident is not a confirmed threat (true positive), but investigating it can provide valuable insights into user behavior patterns and help mitigate potential attacks.",
      "default": "INCIDENT_RESOLVE_REASON_UNSPECIFIED",
      "enum": [
        "INCIDENT_RESOLVE_REASON_UNSPECIFIED",
        "INCIDENT_RESOLVE_REASON_TRUE_POSITIVE",
        "INCIDENT_RESOLVE_REASON_FALSE_POSITIVE",
        "INCIDENT_RESOLVE_REASON_SUSPICIOUS"
      ]
    },
    "responseDuration": {
      "type": "string",
      "description": "How long did it take to respond to the incident.",
      "readOnly": true
    },
    "severity": {
      "$ref": "v2IncidentSeverityLevel",
      "type": "string",
      "description": "Severity levels abstracted to cover all the possible GUIs. Vocabulary is leaving interpretation of severity level completely to API client. Info: This approach is inevitable on SIEM level as there are many contributing sources. Keeping the local names for severity levels never fits all the GUIs. INCIDENT_SEVERITY_LEVEL_UNSPECIFIED: fallback INCIDENT_SEVERITY_LEVEL_LOW: In some GUIs known Warning INCIDENT_SEVERITY_LEVEL_MEDIUM: In some GUIs known as Error or Threat INCIDENT_SEVERITY_LEVEL_HIGH: In some GUIs known as Critical",
      "default": "INCIDENT_SEVERITY_LEVEL_UNSPECIFIED",
      "enum": [
        "INCIDENT_SEVERITY_LEVEL_UNSPECIFIED",
        "INCIDENT_SEVERITY_LEVEL_LOW",
        "INCIDENT_SEVERITY_LEVEL_MEDIUM",
        "INCIDENT_SEVERITY_LEVEL_HIGH"
      ]
    },
    "status": {
      "$ref": "v2IncidentStatus",
      "type": "string",
      "description": "Define an enumeration for incident status. INCIDENT_STATUS_UNSPECIFIED: fallback INCIDENT_STATUS_OPEN: The incident is OPEN (aka NEW) and has been reported or detected. INCIDENT_STATUS_IN_PROGRESS: The incident is currently in progress and being actively addressed. INCIDENT_STATUS_CLOSED: The incident has been closed, and the necessary actions have been taken.",
      "default": "INCIDENT_STATUS_UNSPECIFIED",
      "enum": [
        "INCIDENT_STATUS_UNSPECIFIED",
        "INCIDENT_STATUS_OPEN",
        "INCIDENT_STATUS_IN_PROGRESS",
        "INCIDENT_STATUS_CLOSED"
      ]
    },
    "tags": [
      {
        "type": "string"
      }
    ],
    "triageDuration": {
      "type": "string",
      "description": "How long incident remained in triage status.",
      "readOnly": true
    },
    "updateTime": {
      "type": "string",
      "description": "Represents the timestamp when the resource was most recently updated. Any change to the resource made by users (create/update/delete) must update this value; changes to a resource made internally by the service should refresh this value unless specified otherwise on entity level. Info: Modeled after: https://google.aip.dev/148#timestamps",
      "format": "date-time",
      "readOnly": true
    },
    "uuid": {
      "type": "string",
      "description": "Unique identifier of the entity. Must be collision free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
    }
  }
}

[]

[]

[]

[]

[]

[]

[]

[]

[]

[]