Get Static Incident Details

5 min

description retrieve static attributes for a specified incident in symantec dlp, ensuring compliance with user permissions endpoint url /protectmanager/webservices/v2/incidents/{{id}}/staticattributes method get inputs path parameters (object) – required id (number) – required the incident id output example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "incidentid" 1, "infomap" { "attachmentinfo" \[ { "messagecomponentname" "ftpme txt", "messagecomponentid" 2, "wascracked" true, "documentformat" "ascii", "messagecomponenttype" 3, "originalsize" "640 bytes", "attachmentsize" "640 bytes" } ], "messageoriginatorid" 1, "filecreatedate" "2019 06 26t17 33 06 71", "uniquemessageid" "f1472cc7 cf59 405c 9f12 ce428b112978", "fileaccessdate" "2019 06 26t00 00 00", "messagetype" "endpointusb", "endpointfilepath" "e \\\ftpme txt", "endpointapplicationpath" "\\\device\\\harddiskvolume1\\\windows\\\explorer exe", "senderipaddress" "10 66 221 73", "endpointvolumename" "\\\device\\\harddisk1\\\dp(1)0 0+3", "filecreatedby" "levy xp 1\\\dirk", "domainusername" "levy xp 1\\\dirk", "policyid" 1, "policyname" "v9 hello world silent", "policyversion" 3, "policygroupname" "v9 automation policies", "policygroupid" 2, "filemodifiedby" "levy xp 1\\\dirk", "messageid" 1, "messagesource" "endpoint", "matchcount" 7, "creationdate" "2019 06 26t17 29 50 937", "isblockedstatussuperseded" false, "detectionservername" "v15 monitor (discover, endpoint)", "endpointconnectionstatus" "connected", "endpointfilename" "ftpme txt", "networksenderport" 0, "detectiondate" "2019 06 26t17 29 50 937", "messagetypeid" 13, "detectionserverid" 1, "endpointmachineipaddress" "10 66 221 73", "messagedate" "2019 06 26t17 33 07 796", "fileowner" "levy xp 1\\\dirk", "endpointmachinename" "levy xp 1", "endpointapplicationname" "explorer exe" } } } ] output parameters status code (number) reason (string) json body (object) incidentid (number) infomap (object) attachmentinfo (array) messagecomponentname (string) messagecomponentid (number) wascracked (boolean) documentformat (string) messagecomponenttype (number) originalsize (string) attachmentsize (string) messageoriginatorid (number) filecreatedate (string) uniquemessageid (string) fileaccessdate (string) messagetype (string) endpointfilepath (string) endpointapplicationpath (string) senderipaddress (string) endpointvolumename (string) filecreatedby (string) domainusername (string) policyid (number) policyname (string) policyversion (number) policygroupname (string) policygroupid (number) filemodifiedby (string) messageid (number) messagesource (string) matchcount (number) creationdate (string) isblockedstatussuperseded (boolean) detectionservername (string) endpointconnectionstatus (string) endpointfilename (string) networksenderport (number) detectiondate (string) messagetypeid (number) detectionserverid (number) endpointmachineipaddress (string) messagedate (string) fileowner (string) endpointmachinename (string) endpointapplicationname (string)

Get Policy Matches

Update a Policy