{ "status": "OK", "messages": [ "Get incident details for incident ID [2293]" ], "result": { "data": { "totalIncidents": 1.0, "incidentItems": [ { "violatorText": "TESTAUTOCASE2", "lastUpdateDate": 1683203728925, "violatorId": "TESTAUTOCASE2", "incidentType": "HighRiskRTActivityAccount", "incidentId": "2293", "incidentStatus": "Do Not Change", "riskscore": 0.0, "assignedGroup": "TestAutomation_Group", "priority": "Low", "reason": [ "ResourceType: mvkApr10", "Policy: ActAcc4", "Threat: Abnormal DNS record type queries" ], "entity": "RTActivityAccount", "workflowName": "Test_INC", "url": "https://10.0.0.81:8479/Snypr/configurableDashboards/view?&type=incident&id=2293", "isWhitelisted": false, "watchlisted": false, "tenantInfo": { "tenantid": 1, "tenantname": "Optimus", "tenantcolor": "", "tenantshortcode": "OP" }, "statusCompleted": false, "sandBoxPolicy": false, "parentCaseId": "", "casecreatetime": 1683187893436, "bulkactionallowed": true, "type": "HighRiskRTActivityAccount", "caseEventStartTime": 1681736367757, "solrquery": "index = violation and @policyname=\"ActAcc4\" and @accountname=\"TESTAUTOCASE2\" and @tenantname=\"Optimus\" and generationtime between \"04/17/2023 07:59:27\" \"05/04/2023 17:33:04\"", "policystarttime": 1681736367757, "policyendtime": 1683239584337, "verboseinfo": "Account TESTAUTOCASE2 performed Logon failure 2 from ipaddress 111.93.188.91" } ] } }}
Preview this Workflow on desktop