| Object type: incident | |
|---|---|
| An Incident object contains information about abnormal or suspicious events in the system. | |
| Field | Description |
| annotations | List of annotations added to the incident. |
| attachments | List of attachments associated with the incident. |
| category | A classification or grouping for the incident. |
| createdate | The date and time when the object was created. |
| creator | The URL of the Sentinel User object that represents the creator of the object. |
| crit-rating | Reserved for future use. |
| desc | A description of the Incident. |
| events | List of events associated with the incident. |
| external-datas | List of external data items associated with the incident. |
| meta | The metadata for an object, including the object type name and the URL reference to the object. Definition |
| moddate | The date and time when the object was last modified. |
| modifier | The URL of the Sentinel User object that represents the last modifier of the object. |
| name | The name or title of the incident. |
| notes | List of notes added to or associated with the incident. |
| priority | The level of attention that should be given to mitigating the incident. |
| resolution | Actions taken to resolve the incident. |
| severity | The impact or degree of seriousness of the incident. |
| sev-rating | Average of all the event severities that comprise an incident. |
| state | The state of the incident. For example OPEN, ASSIGNED, CLOSED or REJECTED. |
| users | List of users responsible for mitigating the incident. |
| vuln-rating | Reserved for future use. |
| workflow-infos | List of workflows associated with the incident. |
| Object type: meta | |
|---|---|
| The metadata for an object, including the object type name and the URL reference to the object. | |
| Field | Description |
| @href | The URL reference to the object. |
| type | The name of the object type |
GET https://164.99.19.131:8443/SentinelRESTServices/objects/incident/201
{
"meta":{
"type":"incident",
"@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident/42"
},
"sev-rating":"5",
"category":"Denial of Service",
"moddate":"2012-04-25T13:33:44.522Z",
"desc":"Detected more that 100 failed logins in a 10 minute period.",
"priority":1,
"name":"Failed Logins",
"createdate":"2012-04-25T13:33:44.522Z",
"crit-rating":"Wildebeest",
"severity":4,
"resolution":"Locked user account.",
"vuln-rating":"Wildebeest",
"workflow-infos":[
"https://164.99.19.131:8443/SentinelRESTServices/objects/workflow-info/42"
],
"users":[
"https://164.99.19.131:8443/SentinelRESTServices/objects/user/42"
],
"events":{
"@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident-events?query=incident-id.e42"
},
"state":"Investigating",
"attachments":[
"https://164.99.19.131:8443/SentinelRESTServices/objects/attachment/42"
],
"external-datas":[
"https://164.99.19.131:8443/SentinelRESTServices/objects/external-data/42"
],
"annotations":[
"https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42"
],
"notes":[
"https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42"
]
}
| Object type: incident | ||
|---|---|---|
| An Incident object contains information about abnormal or suspicious events in the system. | ||
| Field | Required | Description |
| annotations | false | List of annotations added to the incident. |
| attachments | false | List of attachments associated with the incident. |
| category | false | A classification or grouping for the incident. |
| crit-rating | false | Reserved for future use. |
| desc | false | A description of the Incident. |
| events | false | List of events associated with the incident. |
| external-datas | false | List of external data items associated with the incident. |
| name | false | The name or title of the incident. |
| notes | false | List of notes added to or associated with the incident. |
| priority | false | The level of attention that should be given to mitigating the incident. |
| resolution | false | Actions taken to resolve the incident. |
| severity | false | The impact or degree of seriousness of the incident. |
| sev-rating | false | Average of all the event severities that comprise an incident. |
| state | false | The state of the incident. For example OPEN, ASSIGNED, CLOSED or REJECTED. |
| users | false | List of users responsible for mitigating the incident. |
| vuln-rating | false | Reserved for future use. |
| workflow-infos | false | List of workflows associated with the incident. |
| Object type: meta | ||
|---|---|---|
| The metadata for an object, including the object type name and the URL reference to the object. | ||
| Field | Required | Description |
| @href | false | The URL reference to the object. |
| type | false | The name of the object type |
PUT https://164.99.19.131:8443/SentinelRESTServices/objects/incident/201
{
"sev-rating":"5",
"category":"Denial of Service",
"desc":"Detected more that 100 failed logins in a 10 minute period.",
"priority":1,
"name":"Failed Logins",
"crit-rating":"Wildebeest",
"severity":4,
"resolution":"Locked user account.",
"vuln-rating":"Wildebeest",
"workflow-infos":[
"https://164.99.19.131:8443/SentinelRESTServices/objects/workflow-info/42"
],
"users":[
"https://164.99.19.131:8443/SentinelRESTServices/objects/user/42"
],
"events":{
"@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/incident-events?query=incident-id.e42"
},
"state":"Investigating",
"attachments":[
"https://164.99.19.131:8443/SentinelRESTServices/objects/attachment/42"
],
"external-datas":[
"https://164.99.19.131:8443/SentinelRESTServices/objects/external-data/42"
],
"annotations":[
"https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42"
],
"notes":[
"https://164.99.19.131:8443/SentinelRESTServices/objects/annotation/42"
]
}
DELETE https://164.99.19.131:8443/SentinelRESTServices/objects/incident/201