changeIncidentStatus

This method changes the status of an incident.

Parameters

Parameter	Type	Optional	Description
`type`	String	No	The type of the target incident. Possible values: `incidents` - incidents generated as a result of a new Root Cause Analysis (RCA) being displayed under the Incidents section of GravityZone Control Center. You can find these incidents under the Endpoint Incidents or Detected Threats tabs. `extendedIncidents` - These incidents can be found in the Incidents page in GravityZone Control Center, under the Extended Incidents tab.
`incidentId`	String	No	The ID of the incident, obtained from the Event Push details. The value corresponds to the `incident_id` parameter from New Incident and New extended incident event types. Tip You can get the ID of a specific incident form the GravityZone console by following these steps: Log in to GravityZone. Go to the Incidents page and locate the incident you want to change the status for. Select the menu item on the right side of the table on the row of the target incident. Select View events and alerts. A new browser window is open with the details of the incident. The incident ID is included in the URL of the page. Example https://cloudgz.gravityzone.bitdefender.com/#!/xdr/events/65dc39197a4a51fb2b7f15ee
`status`	Integer	No	The status to be assigned to the incident. Possible values: `1` - open `2` - investigating `3` - closed `4` - false positive

Parameter

Type

Optional

Description

type

String

The type of the target incident. Possible values:

incidents - incidents generated as a result of a new Root Cause Analysis (RCA) being displayed under the Incidents section of GravityZone Control Center. You can find these incidents under the Endpoint Incidents or Detected Threats tabs.
extendedIncidents - These incidents can be found in the Incidents page in GravityZone Control Center, under the Extended Incidents tab.

incidentId

String

The ID of the incident, obtained from the Event Push details.

The value corresponds to the incident_id parameter from New Incident and New extended incident event types.

Tip

You can get the ID of a specific incident form the GravityZone console by following these steps:

Log in to GravityZone.
Go to the Incidents page and locate the incident you want to change the status for.
Select the menu item on the right side of the table on the row of the target incident.
Select View events and alerts.
A new browser window is open with the details of the incident. The incident ID is included in the URL of the page.
Example
```
https://cloudgz.gravityzone.bitdefender.com/#!/xdr/events/65dc39197a4a51fb2b7f15ee
```

status

Integer

The status to be assigned to the incident. Possible values:

1 - open
2 - investigating
3 - closed
4 - false positive

Return value

This method returns a Boolean which is True if the status of the targeted incident is changed successfully.

Note

This method will still return a True value if the target incident already had the specified status assigned prior to your request.

Example

Request:

{
    "params": {
        "type" : "incidents",
        "incidentId": "6245af36b6503a00d07a4e53",
        "status": 1
    },
    "jsonrpc": "2.0",
    "method": "changeIncidentStatus",
    "id": "0df7568c-59c1-48e0-a31b-18d83e6d9810"
}

Response:

{
    "id": "0df7568c-59c1-48e0-a31b-18d83e6d9810",
    "jsonrpc": "2.0",
    "result": true
}

In this section:

changeIncidentStatus

Parameters

Tip

Return value

Note

Example

Search results