Get incident
Relative path: /v2/incidents/{incidentUuid}
Get details of a specific incident.
Base URL for Europe, Germany, United States, Canada and Japan regions:
|
https://eu.incident-management.eset.systems |
|
https://de.incident-management.eset.systems |
|
https://us.incident-management.eset.systems |
|
https://ca.incident-management.eset.systems |
|
https://jpn.incident-management.eset.systems |
Parameters in path
Name |
Type |
Required |
Description |
|---|---|---|---|
incidentUuid |
string |
Yes |
Reference to the requested incident. type: Incident |
Responses
Display Schema+Headers instead of an Example or vice-versa
Code |
Description and Example |
Description, Schema and Headers |
|---|---|---|
200 |
Successful response.
{
"incident": {
"assigneeUuid": "string",
"createTime": "string",
"description": "string",
"detectionUuids": [
"string"
],
"deviceUuids": [
"string"
],
"displayName": "string",
"metrics": {
"deviceCount": 0,
"executableCount": 0,
"processCount": 0
},
"resolveReason": "INCIDENT_RESOLVE_REASON_UNSPECIFIED",
"responseDuration": "string",
"severity": "INCIDENT_SEVERITY_LEVEL_UNSPECIFIED",
"status": "INCIDENT_STATUS_UNSPECIFIED",
"tags": [
"string"
],
"triageDuration": "string",
"updateTime": "string",
"uuid": "string"
}
}
|
Successful response.
{
"$ref": "v2GetIncidentResponse",
"incident": {
"$ref": "v2Incident",
"description": {
"type": "string",
"description": "Arbitrary text describing the incident."
},
"assigneeUuid": {
"type": "string",
"description": "User responsible for investigation and remediation. type: user_management.v1.User"
},
"createTime": {
"type": "string",
"description": "Timestamp for when the incident was created.",
"format": "date-time",
"readOnly": true
},
"detectionUuids": [
{
"type": "string"
}
],
"deviceUuids": [
{
"type": "string"
}
],
"displayName": {
"type": "string",
"description": "Human-readable name of the incident."
},
"metrics": {
"$ref": "v2IncidentMetrics",
"description": "Metrics related to the incident.",
"deviceCount": {
"type": "integer",
"description": "Count of devices related to the incident.",
"format": "int64"
},
"executableCount": {
"type": "integer",
"description": "Count of executables related to the incident.",
"format": "int64"
},
"processCount": {
"type": "integer",
"description": "Count of processes related to the incident.",
"format": "int64"
}
},
"resolveReason": {
"$ref": "v2IncidentResolveReason",
"type": "string",
"description": "Possible reasons for resolved incident. INCIDENT_RESOLVE_REASON_UNSPECIFIED: fallback INCIDENT_RESOLVE_REASON_TRUE_POSITIVE: The incident was a true positive, indicating a genuine security threat. INCIDENT_RESOLVE_REASON_FALSE_POSITIVE: The incident was initially thought to be a security threat but later determined to be a false alarm. INCIDENT_RESOLVE_REASON_SUSPICIOUS: The incident is not a confirmed threat (true positive), but investigating it can provide valuable insights into user behavior patterns and help mitigate potential attacks.",
"default": "INCIDENT_RESOLVE_REASON_UNSPECIFIED",
"enum": [
"INCIDENT_RESOLVE_REASON_UNSPECIFIED",
"INCIDENT_RESOLVE_REASON_TRUE_POSITIVE",
"INCIDENT_RESOLVE_REASON_FALSE_POSITIVE",
"INCIDENT_RESOLVE_REASON_SUSPICIOUS"
]
},
"responseDuration": {
"type": "string",
"description": "How long it took to respond to the incident.",
"readOnly": true
},
"severity": {
"$ref": "v2IncidentSeverityLevel",
"type": "string",
"description": "Severity levels abstracted to cover all the possible GUIs. Vocabulary is leaving interpretation of severity level completely to API client. Info: This approach is inevitable on SIEM level as there are many contributing sources. Keeping the local names for severity levels never fits all the GUIs. INCIDENT_SEVERITY_LEVEL_UNSPECIFIED: fallback INCIDENT_SEVERITY_LEVEL_LOW: In some GUIs known as Warning INCIDENT_SEVERITY_LEVEL_MEDIUM: In some GUIs known as Error or Threat INCIDENT_SEVERITY_LEVEL_HIGH: In some GUIs known as Critical",
"default": "INCIDENT_SEVERITY_LEVEL_UNSPECIFIED",
"enum": [
"INCIDENT_SEVERITY_LEVEL_UNSPECIFIED",
"INCIDENT_SEVERITY_LEVEL_LOW",
"INCIDENT_SEVERITY_LEVEL_MEDIUM",
"INCIDENT_SEVERITY_LEVEL_HIGH"
]
},
"status": {
"$ref": "v2IncidentStatus",
"type": "string",
"description": "Defines an enumeration for incident status. INCIDENT_STATUS_UNSPECIFIED: fallback INCIDENT_STATUS_OPEN: The incident is OPEN (also known as NEW) and has been reported or detected. INCIDENT_STATUS_IN_PROGRESS: The incident is currently in progress and being actively addressed. INCIDENT_STATUS_CLOSED: The incident has been closed, and the necessary actions have been taken. INCIDENT_STATUS_WAITING_FOR_INPUT: The incident is awaiting input from the customer.",
"default": "INCIDENT_STATUS_UNSPECIFIED",
"enum": [
"INCIDENT_STATUS_UNSPECIFIED",
"INCIDENT_STATUS_OPEN",
"INCIDENT_STATUS_IN_PROGRESS",
"INCIDENT_STATUS_CLOSED",
"INCIDENT_STATUS_WAITING_FOR_INPUT"
]
},
"tags": [
{
"type": "string"
}
],
"triageDuration": {
"type": "string",
"description": "How long incident remained in triage status.",
"readOnly": true
},
"updateTime": {
"type": "string",
"description": "Represents the timestamp when the resource was most recently updated. Any change to the resource made by users (create/update/delete) must update this value; changes to a resource made internally by the service should refresh this value unless specified otherwise on the entity level. Info: Modeled after Standard fields: Timestamps",
"format": "date-time",
"readOnly": true
},
"uuid": {
"type": "string",
"description": "Unique identifier of the entity. Must be collision-free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to the template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on Wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
}
}
}
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
202 |
Response took too long; request cached. Response can be retrieved later using the response-id header. |
Response took too long; request cached. Response can be retrieved later using the response-id header.
[]
{
"response-id": {
"description": "Unique ID of a pending request. Used to retrieve cached result.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
},
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
400 |
One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided. |
One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
401 |
Token has expired or is invalid. |
Token has expired or is invalid.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
403 |
Access denied. Check permissions. |
Access denied. Check permissions.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
404 |
Requested resource not found. |
Requested resource not found.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
429 |
Rate limit reached. Try again later. |
Rate limit reached. Try again later.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
500 |
Internal server failure. Try again later. |
Internal server failure. Try again later.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
502 |
Internal server failure. Try again later. |
Internal server failure. Try again later.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
503 |
Environment under maintenance. Try again later. |
Environment under maintenance. Try again later.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
504 |
Action took too long; timeout reached |
Action took too long; timeout reached
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|