GET-Get Incident List

Interface Introduction

The Get Incident List interface is used to retrieve a list of all security violation incidents.

After obtaining the incident list, you can subsequently query the detailed information of a specific incident through the Get Incident Detail interface. For more details, refer to Get Incident Detail.

Request method

GET

URL

Interface URL

https://<ucwi_endpoint>:5443/skg/v1/dlp/incident?<incident_attribute>

Note: You can use the GET-Get Incident Details interface to view the details of a specific incident.

Request Parameters

Parameter Name	Parameter Location	Required	Description
`authorization`	header	Yes	Authentication information in the request. See the section for details Authentication.
`x-skg-timestamp`	header	Yes	Current Timestamp. See the section for details Authentication.

Parameter Name	Parameter Location	Required	Description
`<incident_attribute>`	URL Parameter	Yes	The incident attribute can simply specify a channel type, such as web, email, or webserviceapp, to list all violation incidents under that type. Use the Get Channel interface to view all channel types. The incident attribute provides multiple parameters for more detailed queries, refer to the list below for specific parameters.

The list of incident attribute parameters is as follows:

page_from(Optional): The starting page for incident pagination (default is 0)
page_sizetype(Optional): The number of incidents returned per page (1 corresponds to 20 incidents, 2 corresponds to 50 incidents, 3 corresponds to 100 incidents. Default is 1)
start_timestamp(Optional): The start time of the incident as an epoch timestamp
end_timestamp(Optional): The end time of the incident as an epoch timestamp
user(Optional): The username that generated the incident
action(Optional): The action taken against the violation incident: 1 - Allow (Audit Mode) 2 - Block (Block Mode)
source(Optional): The source of the incident
dest(Optional): The target of the incident
policy(Optional): The policy name
channel(Optional): The channel

Python Request Example

The following example demonstrates using Python code to call the interface to request information about the incident list.

This example aims to retrieve all incidents where user joe.doe@abc.com was blocked between the start timestamp 1484895553 and the end timestamp 1484896943.

import requests
                    auth_headers = {
                    "Authorization": "<Authorization>",
                    "x-skg-timestamp": "<timestamp>",
                    }
                    ucwi_endpoint = "<ENDPOINT>"
                    url = ucwi_endpoint + "/skg/v1/dlp/incident?start_timestamp=1484895553&end_timestamp=1484896943&user=abc\\joe.
                    doe&action=2"
                    r = requests.get(url, headers=auth_headers)
                    print(r.json())

Return Results

The return results include the following parameters:


Name	Description
result	Indicates whether the request was successful, 0 for success, 1 for failure
incidents	The incident IDs of security violation incidents
errorCode	The error code returned when the request fails
message	The error message returned when the request fails

The above incident list request results are as follows:

Request Successful:

                    {
                    "result" : 0,
                    "incidents" : ["d829cb60-1571-4c72-b2c4-3de461698b73", "912ed858-2a6d-4faaa41e-debccf9e163c"]
                    }

Request Failed:

{
                    "result" : 1,
                    "errorCode" : 400,
                    "message" : "Invalid parameter"
                    }

Error code

If calling the API has an error, the following error codes are returned:


Error Code	Description
400	Invalid parameter
404	Unknown Error
500	Invalid parameter