Example
Show incidents with approved status
approvalStatus: APPROVED
Example
Show incidents with manual change type
changeType: MANUAL
dispositionCategorydispositionCategory
Example
Show incidents in the patching category
dispositionCategory: PATCHING
Example
Show incidents with this ID
id: a2608bbc-0887-4052-90d4-4cdb5c4fcff4
Examples
Show incidents with this name
name: Windows Security Incident
Show any incidents that contain parts of name
name: "Windows Security Incident"
Show incidents that match exact value
name: `Windows Security Incident`
Example
Show incidents with this rule ID
id: a2608bbc
Examples
Show incidents with this rule name
ruleName: Rule for create action
Show incidents that contain parts of name
ruleName: "create action"
Show incidents that match exact value
ruleName: 'create action'
Example
Show incidents that are open
status: OPEN
Example
Show incidents that are auto-approved
type: AUTOMATED
Example
Show approved incidents in patching category
approvalStatus: APPROVED and dispositionCategory:
PATCHING
Example
Show incidents that were not pre-approved
not changeType: PRE_APPROVED_CHANGE_CONTROL
Example
Show incidents with one of these categories
dispositionCategory: MALWARE or dispositionCategory:
GENERAL_HACKING
Example
reviewers: adavid@qualys
markupStatus shows the state of event marking for the incident. When the markupStatus is completed, It means all the events under the incident are marked and added to that incident.
Note: - Report for an incident can only be created when markupStatus is COMPLETED for that incident.
Example
markupStatus: COMPLETED
slaDurationKey token is used to filter incidents based on timeframes like DAYS, WEEKs, OR MONTHS.
Example
slaDuationKey: DAYS
slaDurationValueslaDurationValue
Note: It'll filter out incidents with SLA set as 1 Day, 1 week, or 1 Month.
Example
slaDurationValue: 1
Example
slaRequired: true