Object type: incident | |
---|---|
An Incident object contains information about abnormal or suspicious events in the system. | |
Field | Description |
annotations | List of annotations added to the incident. |
attachments | List of attachments associated with the incident. |
category | A classification or grouping for the incident. |
createdate | The date and time when the object was created. |
creator | The URL of the Sentinel User object that represents the creator of the object. |
crit-rating | Reserved for future use. |
desc | A description of the Incident. |
events | List of events associated with the incident. |
external-datas | List of external data items associated with the incident. |
meta | The metadata for an object, including the object type name and the URL reference to the object. Definition |
moddate | The date and time when the object was last modified. |
modifier | The URL of the Sentinel User object that represents the last modifier of the object. |
name | The name or title of the incident. |
notes | List of notes added to or associated with the incident. |
priority | The level of attention that should be given to mitigating the incident. |
resolution | Actions taken to resolve the incident. |
severity | The impact or degree of seriousness of the incident. |
sev-rating | Average of all the event severities that comprise an incident. |
state | The state of the incident. For example OPEN, ASSIGNED, CLOSED or REJECTED. |
users | List of users responsible for mitigating the incident. |
vuln-rating | Reserved for future use. |
workflow-infos | List of workflows associated with the incident. |
Object type: meta | |
---|---|
The metadata for an object, including the object type name and the URL reference to the object. | |
Field | Description |
@href | The URL reference to the object. |
type | The name of the object type |
GET https://164.99.19.131:8443/SentinelRESTServices/objects/incident/201
{ "meta":{ "type":"incident", "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident/42" }, "sev-rating":"5", "category":"Denial of Service", "moddate":"2012-04-25T13:33:44.522Z", "desc":"Detected more that 100 failed logins in a 10 minute period.", "priority":1, "name":"Failed Logins", "createdate":"2012-04-25T13:33:44.522Z", "crit-rating":"Wildebeest", "severity":4, "resolution":"Locked user account.", "vuln-rating":"Wildebeest", "workflow-infos":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/workflow-info/42" ], "users":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/user/42" ], "events":{ "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident-events?query=incident-id.e42" }, "state":"Investigating", "attachments":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/attachment/42" ], "external-datas":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/external-data/42" ], "annotations":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42" ], "notes":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42" ] }
Object type: incident | ||
---|---|---|
An Incident object contains information about abnormal or suspicious events in the system. | ||
Field | Required | Description |
annotations | false | List of annotations added to the incident. |
attachments | false | List of attachments associated with the incident. |
category | false | A classification or grouping for the incident. |
crit-rating | false | Reserved for future use. |
desc | false | A description of the Incident. |
events | false | List of events associated with the incident. |
external-datas | false | List of external data items associated with the incident. |
name | false | The name or title of the incident. |
notes | false | List of notes added to or associated with the incident. |
priority | false | The level of attention that should be given to mitigating the incident. |
resolution | false | Actions taken to resolve the incident. |
severity | false | The impact or degree of seriousness of the incident. |
sev-rating | false | Average of all the event severities that comprise an incident. |
state | false | The state of the incident. For example OPEN, ASSIGNED, CLOSED or REJECTED. |
users | false | List of users responsible for mitigating the incident. |
vuln-rating | false | Reserved for future use. |
workflow-infos | false | List of workflows associated with the incident. |
Object type: meta | ||
---|---|---|
The metadata for an object, including the object type name and the URL reference to the object. | ||
Field | Required | Description |
@href | false | The URL reference to the object. |
type | false | The name of the object type |
PUT https://164.99.19.131:8443/SentinelRESTServices/objects/incident/201
{ "sev-rating":"5", "category":"Denial of Service", "desc":"Detected more that 100 failed logins in a 10 minute period.", "priority":1, "name":"Failed Logins", "crit-rating":"Wildebeest", "severity":4, "resolution":"Locked user account.", "vuln-rating":"Wildebeest", "workflow-infos":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/workflow-info/42" ], "users":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/user/42" ], "events":{ "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident-events?query=incident-id.e42" }, "state":"Investigating", "attachments":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/attachment/42" ], "external-datas":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/external-data/42" ], "annotations":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42" ], "notes":[ "https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42" ] }
DELETE https://164.99.19.131:8443/SentinelRESTServices/objects/incident/201