Incident - Incident Retrieve, Update, and Delete Methods

URI

https://164.99.19.131:8443/SentinelRESTServices/objects/incident/{IncidentId}

Supported Methods

GET
PUT
DELETE
GET

Authentication

Authentication Types
Sentinel Permissions Needed

Supported Formats

Response

URL Parameters

None.

Success Codes

Fault Codes

Response Data

Object type: incident
An Incident object contains information about abnormal or suspicious events in the system.
FieldDescription
annotationsList of annotations added to the incident.
attachmentsList of attachments associated with the incident.
categoryA classification or grouping for the incident.
createdateThe date and time when the object was created.
creatorThe URL of the Sentinel User object that represents the creator of the object.
crit-ratingReserved for future use.
descA description of the Incident.
eventsList of events associated with the incident.
external-datasList of external data items associated with the incident.
metaThe metadata for an object, including the object type name and the URL reference to the object. Definition
moddateThe date and time when the object was last modified.
modifierThe URL of the Sentinel User object that represents the last modifier of the object.
nameThe name or title of the incident.
notesList of notes added to or associated with the incident.
priorityThe level of attention that should be given to mitigating the incident.
resolutionActions taken to resolve the incident.
severityThe impact or degree of seriousness of the incident.
sev-ratingAverage of all the event severities that comprise an incident.
stateThe state of the incident. For example OPEN, ASSIGNED, CLOSED or REJECTED.
usersList of users responsible for mitigating the incident.
vuln-ratingReserved for future use.
workflow-infosList of workflows associated with the incident.
Object type: meta
The metadata for an object, including the object type name and the URL reference to the object.
FieldDescription
@hrefThe URL reference to the object.
typeThe name of the object type

Sample Request

GET https://164.99.19.131:8443/SentinelRESTServices/objects/incident/201
Sample Response for application/json
Status: 200
{
   "meta":{
      "type":"incident",
      "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident/42"
   },
   "sev-rating":"5",
   "category":"Denial of Service",
   "moddate":"2012-04-25T13:33:44.522Z",
   "desc":"Detected more that 100 failed logins in a 10 minute period.",
   "priority":1,
   "name":"Failed Logins",
   "createdate":"2012-04-25T13:33:44.522Z",
   "crit-rating":"Wildebeest",
   "severity":4,
   "resolution":"Locked user account.",
   "vuln-rating":"Wildebeest",
   "workflow-infos":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/workflow-info/42"
   ],
   "users":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/user/42"
   ],
   "events":{
      "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident-events?query=incident-id.e42"
   },
   "state":"Investigating",
   "attachments":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/attachment/42"
   ],
   "external-datas":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/external-data/42"
   ],
   "annotations":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42"
   ],
   "notes":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42"
   ]
}
PUT

Authentication

Authentication Types
Sentinel Permissions Needed

Supported Formats

Request

URL Parameters

None.

Success Codes

Fault Codes

Request Data

Object type: incident
An Incident object contains information about abnormal or suspicious events in the system.
FieldRequiredDescription
annotationsfalseList of annotations added to the incident.
attachmentsfalseList of attachments associated with the incident.
categoryfalseA classification or grouping for the incident.
crit-ratingfalseReserved for future use.
descfalseA description of the Incident.
eventsfalseList of events associated with the incident.
external-datasfalseList of external data items associated with the incident.
namefalseThe name or title of the incident.
notesfalseList of notes added to or associated with the incident.
priorityfalseThe level of attention that should be given to mitigating the incident.
resolutionfalseActions taken to resolve the incident.
severityfalseThe impact or degree of seriousness of the incident.
sev-ratingfalseAverage of all the event severities that comprise an incident.
statefalseThe state of the incident. For example OPEN, ASSIGNED, CLOSED or REJECTED.
usersfalseList of users responsible for mitigating the incident.
vuln-ratingfalseReserved for future use.
workflow-infosfalseList of workflows associated with the incident.

Object type: meta
The metadata for an object, including the object type name and the URL reference to the object.
FieldRequiredDescription
@hreffalseThe URL reference to the object.
typefalseThe name of the object type

Sample Request

PUT https://164.99.19.131:8443/SentinelRESTServices/objects/incident/201
{
   "sev-rating":"5",
   "category":"Denial of Service",
   "desc":"Detected more that 100 failed logins in a 10 minute period.",
   "priority":1,
   "name":"Failed Logins",
   "crit-rating":"Wildebeest",
   "severity":4,
   "resolution":"Locked user account.",
   "vuln-rating":"Wildebeest",
   "workflow-infos":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/workflow-info/42"
   ],
   "users":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/user/42"
   ],
   "events":{
      "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident-events?query=incident-id.e42"
   },
   "state":"Investigating",
   "attachments":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/attachment/42"
   ],
   "external-datas":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/external-data/42"
   ],
   "annotations":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42"
   ],
   "notes":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42"
   ]
}
Sample Response for application/json
Status: 200

DELETE

Authentication

Authentication Types
Sentinel Permissions Needed

URL Parameters

None.

Success Codes

Fault Codes

Sample Request

DELETE https://164.99.19.131:8443/SentinelRESTServices/objects/incident/201