Skip to main content

Incidents

The Incidents API includes the following methods, allowing the management of Endpoint Detection and Response (EDR) features:

  • addToBlocklist: adds a new hash to the Blocklist.

  • getBlocklistItems: lists existing Blocklist items.

  • removeFromBlocklist: removes a specific entry from the Blocklist.

  • createIsolateEndpointTask: creates a task to isolate an endpoint.

  • createRestoreEndpointFromIsolationTask: creates a task to restore an isolated endpoint.

  • createCustomRule: creates a custom rule.

  • getCustomRulesList: lists existing custom rule items.

  • updateCustomRule: edits any existing custom exclusion or detection rule.

  • deleteCustomRule: removes a specific custom rule.

  • changeIncidentStatus: changes the status of a specific incident.

  • updateIncidentNote: assigns a note to a specific incident.

  • createResponseAction: creates a response action for a specific user node within an incident.

  • getSimilarEmails: retrieves emails similar to a given email.

  • getResponseActionStatus: returns the status and the result of a response action.

API URL for version 1.0: CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/incidents. This is the default version and is available for all Incidents API methods.

API URL for version 1.1: CONTROL_CENTER_APIs_ACCESS_URL/v1.1/jsonrpc/incidents. This version is available for the following methods:

  • createRestoreEndpointFromIsolationTask

  • createIsolateEndpointTask

  • updateIncidentNote

API URL for version 1.2: CONTROL_CENTER_APIs_ACCESS_URL/v1.2/jsonrpc/incidents. This version is available for the following methods:

  • addToBlocklist

  • getBlocklistItems

  • removeFromBlocklist

In this section: