Incident - Incident List and Create Methods

URI

https://164.99.19.131:8443/SentinelRESTServices/objects/incident

Supported Methods

GET
POST
GET

Authentication

Authentication Types
Sentinel Permissions Needed

Supported Formats

Response

URL Parameters

Required

None.

Optional

ParameterTypeDefault ValueDescription
query string [no filter] The TinyQ language filter that specifies a subset of all available records.
field string not present The name or names of fields whose values are to be returned. The field item may appear zero or more times in the URI query parameters. A single value of "[none]" indicates return only metadata. The absence of any field parameter indicates return all field values,
page integer 1 The 1-based offset into the total records based on page size. Actual offset is (page - 1) * pagesize.
pagesize integer [unlimited] The maximum number of object records to return as a result of the request.

Success Codes

Fault Codes

Response Data

Object type: page
A container for one or more objects in the result listing. There may be multiple pages in a listing if a page size is specified that is less than the total number of objects in the listing.
FieldDescription
nextA URL addressing the subsequent page of objects in the total set of available objects.
objectsThe list of objects returned in the page of results.
prevA URL addressing the previous page of objects in the total set of available objects.
Object type: incident
An Incident object contains information about abnormal or suspicious events in the system.
FieldDescription
annotationsList of annotations added to the incident.
attachmentsList of attachments associated with the incident.
categoryA classification or grouping for the incident.
createdateThe date and time when the object was created.
creatorThe URL of the Sentinel User object that represents the creator of the object.
crit-ratingReserved for future use.
descA description of the Incident.
eventsList of events associated with the incident.
external-datasList of external data items associated with the incident.
metaThe metadata for an object, including the object type name and the URL reference to the object. Definition
moddateThe date and time when the object was last modified.
modifierThe URL of the Sentinel User object that represents the last modifier of the object.
nameThe name or title of the incident.
notesList of notes added to or associated with the incident.
priorityThe level of attention that should be given to mitigating the incident.
resolutionActions taken to resolve the incident.
severityThe impact or degree of seriousness of the incident.
sev-ratingAverage of all the event severities that comprise an incident.
stateThe state of the incident. For example OPEN, ASSIGNED, CLOSED or REJECTED.
usersList of users responsible for mitigating the incident.
vuln-ratingReserved for future use.
workflow-infosList of workflows associated with the incident.
Object type: meta
The metadata for an object, including the object type name and the URL reference to the object.
FieldDescription
@hrefThe URL reference to the object.
typeThe name of the object type

Sample Request

GET https://164.99.19.131:8443/SentinelRESTServices/objects/incident?page=2&pagesize=1
Sample Response for application/json
Status: 200
{
   "objects":[
      {
         "meta":{
            "type":"incident",
            "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident/42"
         },
         "sev-rating":"5",
         "category":"Denial of Service",
         "moddate":"2012-04-25T13:33:44.514Z",
         "desc":"Detected more that 100 failed logins in a 10 minute period.",
         "priority":1,
         "name":"Failed Logins",
         "createdate":"2012-04-25T13:33:44.514Z",
         "crit-rating":"Wildebeest",
         "severity":4,
         "resolution":"Locked user account.",
         "vuln-rating":"Wildebeest",
         "workflow-infos":[
            "https://164.99.19.131:8443/SentinelRESTServices/objects/workflow-info/42"
         ],
         "users":[
            "https://164.99.19.131:8443/SentinelRESTServices/objects/user/42"
         ],
         "events":{
            "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident-events?query=incident-id.e42"
         },
         "state":"Investigating",
         "attachments":[
            "https://164.99.19.131:8443/SentinelRESTServices/objects/attachment/42"
         ],
         "external-datas":[
            "https://164.99.19.131:8443/SentinelRESTServices/objects/external-data/42"
         ],
         "annotations":[
            "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42"
         ],
         "notes":[
            "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42"
         ]
      }
   ],
   "prev":{
      "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident?pagesize=1&page=1"
   },
   "next":{
      "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident?pagesize=1&page=3"
   }
}
POST

Authentication

Authentication Types
Sentinel Permissions Needed

Supported Formats

Request

Response

URL Parameters

None.

Success Codes

Fault Codes

Request Data

Object type: incident
An Incident object contains information about abnormal or suspicious events in the system.
FieldRequiredDescription
annotationsfalseList of annotations added to the incident.
attachmentsfalseList of attachments associated with the incident.
categoryfalseA classification or grouping for the incident.
crit-ratingfalseReserved for future use.
descfalseA description of the Incident.
eventsfalseList of events associated with the incident.
external-datasfalseList of external data items associated with the incident.
namefalseThe name or title of the incident.
notesfalseList of notes added to or associated with the incident.
priorityfalseThe level of attention that should be given to mitigating the incident.
resolutionfalseActions taken to resolve the incident.
severityfalseThe impact or degree of seriousness of the incident.
sev-ratingfalseAverage of all the event severities that comprise an incident.
statefalseThe state of the incident. For example OPEN, ASSIGNED, CLOSED or REJECTED.
usersfalseList of users responsible for mitigating the incident.
vuln-ratingfalseReserved for future use.
workflow-infosfalseList of workflows associated with the incident.

Object type: meta
The metadata for an object, including the object type name and the URL reference to the object.
FieldRequiredDescription
@hreffalseThe URL reference to the object.
typefalseThe name of the object type

Response Data

Object type:
The metadata representation of the newly-created incident object, including the URL reference to the new object.
FieldDescription
metaThe metadata for an object, including the object type name and the URL reference to the object. Definition
Object type: meta
The metadata for an object, including the object type name and the URL reference to the object.
FieldDescription
@hrefThe URL reference to the object.
typeThe name of the object type

Sample Request

POST https://164.99.19.131:8443/SentinelRESTServices/objects/incident
{
   "sev-rating":"5",
   "category":"Denial of Service",
   "desc":"Detected more that 100 failed logins in a 10 minute period.",
   "priority":1,
   "name":"Failed Logins",
   "crit-rating":"Wildebeest",
   "severity":4,
   "resolution":"Locked user account.",
   "vuln-rating":"Wildebeest",
   "workflow-infos":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/workflow-info/42"
   ],
   "users":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/user/42"
   ],
   "events":{
      "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident-events?query=incident-id.e42"
   },
   "state":"Investigating",
   "attachments":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/attachment/42"
   ],
   "external-datas":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/external-data/42"
   ],
   "annotations":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42"
   ],
   "notes":[
      "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42"
   ]
}
Sample Response for application/json
Status: 201
Location:https://164.99.19.131:8443/SentinelRESTServices/objects/incident/42
{
   "meta":{
      "type":"incident",
      "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident/42"
   }
}