Skip to main content

Incidents

The Incidents API includes the following methods allowing the management of Endpoint and Detection (EDR) features:

  • addToBlocklist: adds a new hash to the Blocklist.

  • getBlocklistItems: lists existing Blocklist items.

  • removeFromBlocklist: removes a specific entry from the Blocklist.

  • createIsolateEndpointTask: creates a task to isolate an endpoint.

  • createRestoreEndpointFromIsolationTask: creates a task to restore an isolated endpoint.

  • createCustomRule: creates a custom rule.

  • getCustomRulesList: lists existing custom rule items.

  • deleteCustomRule: removes a specific custom rule.

  • changeIncidentStatus: changes the status of a specific incident.

  • updateIncidentNote: assigns a note to a specific incident.

API url: CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/incidents

In this section: