Approve Incidents
Click here to see this page in full context


Approve Incidents API

Use this API for approving an incident. 

POST/fim/v3/incidents/{incidentId}/approve

Input ParametersInput Parameters

Parameter

Mandatory/Optional

Data Type

Description
approvalStatus  Mandatory  String

The approval status of the incident created by the rule.

Allowed values: "APPROVED", "POLICY_VIOLATION", "UNAPPROVED", "PENDING".
changeType  Mandatory String

Type of Incidents created by the rule.

Allowed values: "MANUAL", "AUTOMATED", "COMPROMISE", "STANDARD_CHANGE", "EMERGENCY_CHANGE", "NORMAL_CHANGE", "OTHER".
comment Mandatory String Comments for the incidents created by rule.
dispositionCategory Mandatory String

The category of the Incident created by the rule.

Allowed values: "PATCHING", "PRE_APPROVED_CHANGE_CONTROL",

"CONFIGURATION_CHANGE", "HUMAN_ERROR", "DATA_CORRUPTION", "EMERGENCY_CHANGE", "CHANGE_CONTROL_VIOLATION", "GENERAL_HACKING",

"MALWARE", "MALICIOUS_INTENT", "UNAUTHORIZED_ACCESS", "INAPPROPRIATE_USAGE_OR_FRAUD", "DATA_LOSS_OR_THEFT", "DISREGARD_OF_ORGANIZATIONAL_POLICY", "FALSE_POSITIVE", "OTHER"

Sample 1Sample 1

API Request

curl -X POST
<qualys_base_url>/fim/v3/incidents/{incidentId}/approve 
-H 'authorization: Bearer <token>' 
-H 'content-type: application/json' 
-d @request.json

Contents of request.json:

{
    "approvalStatus": "PENDING",
    "changeType": "NORMAL_CHANGE",
    "comment": "With additional approval values",
    "dispositionCategory": "DISREGARD_OF_ORGANIZATIONAL_POLICY"
}

Response

{
  "customerId": "<CUSTOMER ID>",
  "type": "DEFAULT",
  "id": "<ID>",
  "filterFromDate": "2022-11-15T16:07:00.000+0000",
  "filterToDate": "2022-12-15T16:07:00.000+0000",
  "name": "TEST WITH SPECIAL CHARS",
  "filters": [
    "dateTime:['2022-11-15T16:07:00.000Z'..'2022-12-15T16:07:00.000Z'] AND (action:Content)"
  ],
  "status": "CLOSED",
  "reviewers": [
    "<REVIEWER USERNAME OR EMAIL ID>"
  ],
  "comment": "With additional approval values",
  "assignDate": "2022-12-15T16:08:19.560+0000",
  "approvalDate": "2022-12-16T06:33:19.224+0000",
  "approvalStatus": "PENDING",
  "dispositionCategory": "DISREGARD_OF_ORGANIZATIONAL_POLICY",
  "changeType": "NORMAL_CHANGE",
  "approvalType": "MANUAL",
  "createdById": "<USER ID>",
  "createdByName": "<USER NAME>",
  "createdDate": "2022-12-15T16:08:19.560+0000",
  "lastUpdatedById": "<USER ID>",
  "lastUpdatedByName": "USER NAME",
  "lastUpdatedDate": "2022-12-16T06:17:36.953+0000",
  "filterUpdatedDate": "2022-12-15T16:08:19.560+0000",
  "deleted": false,
  "marked": true,
  "moved": null,
  "markupStatus": "COMPLETED",
  "ruleId": null,
  "ruleName": null
}

Sample 2Sample 2

API Request

curl -X POST '<qualys_base_url>/fim/v3/incidents/{incidentId}/approve
--header 'Authorization: Bearer <authToken>'
--header 'content-type: application/json' 
--data-raw 
'{
     "approvalStatus":"APPROVED",
     "changeType":"MANUAL",
     "comment":"Events under this incident have been reviewed ",
     "dispositionCategory":"PATCHING"
}'

Response

{
    "customerId":"25a14e60-80c1-4c25-8166-6653a4e2b094",
    "type":"AUTOMATED",
    "id":"486c1675-c752-4f5e-b34d-4b63774d252d",
    "filterFromDate":"2024-10-14T05:00:00.000+0000",
    "filterToDate":"2024-10-14T21:29:00.000+0000",
    "name":"test_4April-20241014-060712",
    "filters":[
        "dateTime: ['2024-10-14T05:00:00.000Z'..'2024-10-14T21:29:00.000Z'] and (action:Create )"
    ],
    "status":"CLOSED",
    "reviewers":[
        "john_doe",
        "Johndoe",
        "johnsmith@qualys.com"
    ],
    "comment":"Events under this incident have been reviewed ",
    "assignDate":"2024-10-14T06:07:12.894+0000",
    "approvalDate":"2024-10-15T05:14:14.888+0000",
    "approvalStatus":"APPROVED",
    "dispositionCategory":"PATCHING",
    "changeType":"MANUAL",
    "approvalType":"MANUAL",
    "createdById":"51fbdb4b-5fb5-fdf6-8141-5a7887ec557b",
    "createdByName":"FIM Automation",
    "createdDate":"2024-10-14T06:07:12.875+0000",
    "lastUpdatedById":"51fbdb4b-5fb5-fdf6-8141-5a7887ec557b",
    "lastUpdatedByName":"FIM Automation",
    "lastUpdatedDate":"2024-10-14T07:21:45.670+0000",
    "filterUpdatedDate":"2024-10-14T06:07:12.875+0000",
    "deleted":false,
    "marked":true,
    "moved":null,
    "markupStatus":"COMPLETED",
    "ruleId":"23db69b0-0876-48a2-bdf5-058913585bbb",
    "ruleName":"test_4April",
    "slaRequired":false,
    "slaDurationValue":0,
    "slaDurationKey":null,
    "slaViolationDate":null,
    "reviewedById":"51fbdb4b-5fb5-fdf6-8141-5a7887ec557b",
    "reviewedByName":"FIM Automation",
    "reviewedDate":"2024-10-15T05:14:14.876+0000"
}