Skip to main content


The Incidents API includes the following methods allowing the management of Endpoint and Detection (EDR) features:

  • addToBlocklist: adds a new hash to the Blocklist.

  • getBlocklistItems: lists existing Blocklist items.

  • removeFromBlocklist: removes a specific entry from the Blocklist.

  • createIsolateEndpointTask: creates a task to isolate an endpoint.

  • createRestoreEndpointFromIsolationTask: creates a task to restore an isolated endpoint.

  • createCustomRule: creates a custom rule.

  • getCustomRulesList: lists existing custom rule items.

  • deleteCustomRule: removes a specific custom rule.

  • changeIncidentStatus: changes the status of a specific incident.

  • updateIncidentNote: assigns a note to a specific incident.

API URL for version 1.0: CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/incidents. This is the default version and is available for all Incidents API methods.

API URL for version 1.1: CONTROL_CENTER_APIs_ACCESS_URL/v1.1/jsonrpc/incidents. This version is available for the following methods:

  • createRestoreEndpointFromIsolationTask

  • createIsolateEndpointTask

  • updateIncidentNote