Connectors
...
Actions
Get Incident History
5 min
description retrieves the history and notes for a specified incident in symantec dlp using the provided incident id endpoint url /protectmanager/webservices/v2/incidents/{{id}}/history method get inputs path parameters (object) – required id (number) – required the incident id output example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" \[ { "incidenthistorydate" "2022 08 26t15 17 37 369", "dlpusername" "administrator", "incidenthistoryaction" "set status", "incidenthistorydetail" "new", "policygroupid" 1, "detectionservername" "vontu monitor one", "incidentid" 1, "messagesource" "network", "messagedate" "2017 07 27t16 08 09", "incidenthistoryactionstring" "status changed" }, { "incidenthistorydate" "2022 08 26t15 17 23 19", "dlpusername" "administrator", "incidenthistoryaction" "message not retained", "policygroupid" 1, "detectionservername" "vontu monitor one", "incidentid" 1, "messagesource" "network", "messagedate" "2017 07 27t16 08 09", "incidenthistoryactionstring" "the original message content was not retained due to default retention behavior or due to the limit incident data retention response rule action" }, { "incidenthistorydate" "2022 08 26t15 17 23 186", "dlpusername" "administrator", "incidenthistoryaction" "set severity", "incidenthistorydetail" "high", "policygroupid" 1, "detectionservername" "vontu monitor one", "incidentid" 1, "messagesource" "network", "messagedate" "2017 07 27t16 08 09", "incidenthistoryactionstring" "severity changed" }, { "incidenthistorydate" "2022 08 26t15 17 23 153", "dlpusername" "administrator", "incidenthistoryaction" "detected", "policygroupid" 1, "detectionservername" "vontu monitor one", "incidentid" 1, "messagesource" "network", "messagedate" "2017 07 27t16 08 09", "incidenthistoryactionstring" "detected" } ] } ] output parameters status code (number) reason (string) json body (array) incidenthistorydate (string) dlpusername (string) incidenthistoryaction (string) incidenthistorydetail (string) policygroupid (number) detectionservername (string) incidentid (number) messagesource (string) messagedate (string) incidenthistoryactionstring (string)