Use this API to create manual incidents of type "DEFAULT".
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| comment |
Optional |
String |
Comments for approval of the Incidents. |
| filters |
Mandatory |
String |
(Required) Filter the events list by providing a query using Qualys syntax. Refer to the “How to Search” topic in the online help for assistance with creating your query. For example - "filters": [ "dateTime: ['2020-05-17T18:30:00.000Z'..'2020-05-18T18:29:59.999Z'] and (action:`Attributes`)"], |
| name |
Mandatory |
String |
(Required) The name of the incident. Accepted length: Between 1 to 128 characters. |
| reviewers |
(String) |
String |
Reviewers who will approve the incident. |
| type |
Optional |
String |
This is set to "DEFAULT" always. |
| userInfo |
Optional |
String |
Information about the user. |
API Request
curl -X POST
<qualys_base_url>/fim/v3/incidents/create
-H 'authorization: Bearer '
-H 'content-type: application/json'
-d @request.json
Contents of request.json:
{
"name": "<INCIDENT NAME>",
"reviewers": [
"<USERNAME>",
"<USER EMAIL ID>"
],
"filters": [
"dateTime: ['2020-01-14T18:30:00.000Z'..'2022-12-16T09:29:59.999Z'] and action:`Create`"
],
"comment": "<COMMENT>",
"type": "DEFAULT",
"userInfo": {
"user": {
"name": "<USERNAME>",
"id": "<INCIDENT ID>"
}
}
}
Response
{
"comment": "comment for an incident",
"approvalType": "MANUAL",
"type": "DEFAULT",
"id": "INCIDENT ID",
"userInfo": {
"date": 1671188983383
},
"customerId": "<CUSTOMER ID>",
"name": "<INCIDENT NAME>",
"filters": [
"dateTime: ['2020-01-14T18:30:00.000Z'..'2022-12-16T09:29:59.999Z'] and action:`Create`"
],
"reviewers": [
"<USERNAME>",
"<USER EMAIL ID>" ]
}