changeIncidentStatus

This method changes the status of an incident.

Parameters

Parameter	Type	Optional	Description
`type`	String	No	The type of the target incident. Possible values: `incidents` - incidents generated as a result of a new Root Cause Analysis (RCA) being displayed under the Incidents section of GravityZone Control Center. You can find these incidents under the Endpoint Incidents or Detected Threats tabs. `extendedIncidents` - These incidents can be found in the Incidents page in GravityZone Control Center, under the Extended Incidents tab.
`incidentId`	String	No	The ID of the incident, obtained from the Event Push details. The value corresponds to the `incident_id` parameter from New Incident event types.
`status`	Integer	No	The status to be assigned to the incident. Possible values: `1` - open `2` - investigating `3` - closed `4` - false positive

Return value

This method returns a Boolean which is True if the status of the targeted incident is changed successfully.

Note

This method will still return a True value if the target incident already had the specified status assigned prior to your request.

Example

Request:

{
    "params": {
        "type" : "incidents",
        "incidentId": "6245af36b6503a00d07a4e53",
        "status": 1
    },
    "jsonrpc": "2.0",
    "method": "changeIncidentStatus",
    "id": "0df7568c-59c1-48e0-a31b-18d83e6d9810"
}

Response:

{
    "id": "0df7568c-59c1-48e0-a31b-18d83e6d9810",
    "jsonrpc": "2.0",
    "result": true
}

In this section:

changeIncidentStatus

Parameters

Return value

Note

Example

Search results