GET-Get Incident Details

Introduces the interface call method for the Get Incident Details interface.

Interface Introduction

The Get Incident Details interface is used to retrieve the details of a specific incident.

Request method

GET
URL

Interface URL

https://<ucwi_endpoint>:5443/skg/v1/dlp/incident/<Incident ID>

Request Parameters

Parameter Name Parameter Location Required Description
<Incident ID> URL Parameter Yes Specify the ID of the incident. Obtain the ID of each violation incident by getting the incident list.GET-Get Incident List
Parameter Name Parameter Location Required Description
authorization header Yes Authentication information in the request. See the section for details Authentication.
x-skg-timestamp header Yes Current Timestamp. See the section for details Authentication.

Python Request Example

The following example shows how to call the interface using Python code to request incident detail information.

This example aims to call the interface to request the detailed information of the incident with the UUID d829cb60-1571-4c72-b2c4-3de461698b73.

Note: In the following Python code example, the imported header files ucwi_config and ucwi_auth need to be created beforehand. For detailed reference examples, see Header File Examples.
# -*- coding: utf-8 -*-
                    from requests.packages.urllib3.exceptions import InsecureRequestWarning
                    from ucwi_config import UCWIConfig
                    from ucwi_auth import get_headers
                    import requests
                    import json
                    
                    requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
                    
                    incident_uuid = "d829cb60-1571-4c72-b2c4-3de461698b73"
                    # UUID of the incident
                    api = "/skg/v1/dlp/incident/{}".format(incident_uuid)
                    url = "{0}{1}".format(UCWIConfig.base_url, api)
                    
                    headers = get_headers()
                    response = requests.get(url, headers=headers, verify=False)
                    if response.status_code != 200:
                    print("Bad request, response code:", response.status_code)
                    print(response.text)
                    else:
                    print(json.dumps(response.json(), indent=4).encode('utf-8').decode('raw_unicode_escape'))

Return Results

The return values include: query ID, detection time, incident time, source, destination, policy name, channel, action, incident status, severity level, maximum matches, and file name.

The definitions of the return value parameters are shown in the table below:

Parameter Name Type Meaning
queryID String Query ID, this ID is consistent with the query ID sent in the metadata of the content inspection. The value of queryID is the traffic ID in the third-party cloud service.
forensicsName String Forensic file name
detectTime int Detection timestamp
incidentTime int Incident timestamp
source String Source of the incident - such as user IP or username
dest Array Destination of the incident - such as websites visited by users or recipient lists. This item is not available for WebService application channels.
action int 1 - Allow, 2 - Block
channel String Channel
policies Array Equipped policy names
incidentStatus int 1 - New incident, 2 - In progress, 3 - Closed, 4 - False positive, 5 - Escalated (incident status can be modified via WebUI)
severityTypeCode int 1 - High, 2 - Medium, 3 - Low, 4 - Information
maxMatches int Maximum number of matches

Return Example

Example of return values for incident detail requests:

  • Request successful:
                        {
                    "result" : 0,
                    "data" : {
                    "queryID" : "d829cb60-1571-4c72-b2c4-3de461698b73",
                    "forensicsName" : "76c68a52-dff3-47e0-b992-a3186fad2134.eml",
                    "detectTime" : 1484896943,
                    "incidentTime": 1484896943,
                    "source" : ["abc\\joe.doe"],
                    "dest" : ["www.baidu.com"],
                    "action" : 1/2,
                    "channel" : "http",
                    "policies" : ["test"],
                    "incidentStatus" : 1/2/3/4/5,
                    "severityTypeCode": 1/2/3/4,
                    "maxMatches": 10
                    }
                    }
  • Request failed
                        {
                    "result" : 1,
                    "errorCode" : 400,
                    "message" : "Invalid parameter"
                    }

Error code

If calling the API has an error, the following error codes are returned:
Error Code Description
400 Invalid parameter
404 Unknown Error
500 Invalid parameter