List Incidents - Blink Documentation

Basic Parameters
Advanced Parameters
Example Output
Workflow Library Example

Check Point XDR-XPR
Actions
List Incidents

On this page Retrieves all incidents. Note: Retrieves only actions that were created after 01-01-2023.

To learn more, visit the Check Point XDR-XPR documentation.

Basic Parameters

Parameter	Description
Date From	The start date of the time frame by default is 7 days ago.
Date Until	The end date of the time frame by default is today.
Filter By	The field to filter by.

Advanced Parameters

Parameter	Description
Limit	The number of results to return, max is 1000.
Offset	The number of some incidents to skip.

Example Output

{    "summary": "Server server1 was detected running a suspicious jal.exe command immediately after IPS detected a RCE attack from 194.200.154.221.",    "assignee": "12345678-1234-1234-1234-987654321987",    "tenantId": "12345678-1234-1234-1234-123456789012",    "display_id": 1,    "created_at": "2023-01-01T00:00:00.000Z",    "updated_at": "2023-01-01T00:00:00.000Z",    "followUp": true,    "is_prevented": false,    "status": "new",    "mitre_tactics": [        "TA0001",        "TA0002"    ],    "mitre_techniques": [        "T1111",        "T1112"    ],    "sensors": [        "checkpoint_network_security"    ],    "indicators": [        {            "type": "ip",            "value": "192.168.1.1"        }    ],    "assets": [        {            "type": "host",            "value": "server1"        }    ],    "insights": [        {            "detection_time": "2023-01-01T00:00:00.000Z",            "summary": "Server server1 was detected running a suspicious jal.exe command immediately after IPS detected a RCE attack from 194.200.154.221.",            "severity": "informational",            "confidence": "low",            "indicators": [                {                    "type": "ip",                    "value": "192.168.1.1"                }            ],            "assets": [                {                    "type": "host",                    "value": "server1"                }            ]        }    ],    "severity": "informational",    "confidence": "low",    "priority": "informational",    "id": "123456789123456789123456",    "firstSeen": "2023-01-01T00:00:00.000Z",    "lastSeen": "2023-01-01T00:00:00.000Z"}

Workflow Library Example

List Incidents with Check Point Xdr Xpr and Send Results Via Email

Preview this Workflow on desktop

Get Incident Check Point Management

⌘I

Integrations

​Basic Parameters​

​Advanced Parameters​

​Example Output​

​Workflow Library Example​

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example