Incidents
The Incidents API includes the following methods allowing the management of Endpoint and Detection (EDR) features:
addToBlocklist
: adds a new hash to the Blocklist.getBlocklistItems
: lists existing Blocklist items.removeFromBlocklist
: removes a specific entry from the Blocklist.createIsolateEndpointTask
: creates a task to isolate an endpoint.createRestoreEndpointFromIsolationTask
: creates a task to restore an isolated endpoint.createCustomRule
: creates a custom rule.getCustomRulesList
: lists existing custom rule items.deleteCustomRule
: removes a specific custom rule.changeIncidentStatus
: changes the status of a specific incident.updateIncidentNote
: assigns a note to a specific incident.
API URL for version 1.0
: CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/incidents
. This is the default version and is available for all Incidents API methods.
API URL for version 1.1
: CONTROL_CENTER_APIs_ACCESS_URL/v1.1/jsonrpc/incidents
. This version is available for the following methods:
createRestoreEndpointFromIsolationTask
createIsolateEndpointTask