: Incident and Remediation API
Focus
Focus

Incident and Remediation API

Table of Contents

Incident and Remediation API

Learn about each example response and available response fields for incidents retrieval and remediation by an API client for
Data Security
.
A registered API client on
Data Security
can manage incident state and perform remediation actions based on the asset related to the corresponding incident:
All requests must use the region-specific host. The examples below use AMER region.

getIncidentState

Retrieves incident state. A
GET
request to the
incident/api/incidents/{id}/state
endpoint with
incident_api
scope is used to access the incident state.
Required Parameters
Path Parameter
Type
Description
incidentId
integer <int64>
Incident id
Response Fields
Field
Type
Description
state
String
Incident state, either
open
or
closed
.
category
String
Reason for the state of the corresponding incident.
resolved_by
String
Resolver’s name.
resolution_date
String
Date and time the incident was resolved.
Example Request
$ curl 'https://api.aperture.paloaltonetworks.com/incident/api/incidents/71780/state' -i -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhcGlfYWNjZXNzIl0sImp0aSI6IjA5ZjljN DVkLTA1NTYtNDY4MS05YWFhLWM4MGNiNWQ5ZjRiYSIsInRlbmFudCI6InRlc3QgdGVuYW50IiwiY2xpZW50X2l kIjoiYWNtZSJ9.lQpl3taZros7xzQNVMRaOy7KIrKGkwNKmTPq667kJUQ' -H 'Content-Type: application/json'
Example Response
{ "state": "open", "category": "new", "resolved_by": null, "resolution_date": null }

changeIncidentState

Modifies incident state. A
POST
request to the
incident/api/incidents/{id}/state
endpoint with
incident_api
scope is used to access the incident state.
Required Parameters
Path Parameter
Type
Description
incidentId
integer <int64>
Incident id
Body Parameter
Type
Description
state
String
Incident state. Only
closed
is allowed.
category
String
Reason for the
closed
state of the corresponding incident:
  • no_reason
  • business_justified
  • misidentified
Response Fields
Field
Type
Description
state
String
Incident state. Only
closed
is returned.
category
String
Reason for the
closed
state of the corresponding incident:
  • no_reason
  • business_justified
  • misidentified
resolved_by
String
Resolver’s name.
resolution_date
String
Date the incident was resolved.
Example Request
$ curl 'https://api.aperture.paloaltonetworks.com/incident/api/incidents/71780/state' -i -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhcGlfYWNjZXNzIl0sImp0aSI6IjA5ZjljN DVkLTA1NTYtNDY4MS05YWFhLWM4MGNiNWQ5ZjRiYSIsInRlbmFudCI6InRlc3QgdGVuYW50IiwiY2xpZW50X2l kIjoiYWNtZSJ9.lQpl3taZros7xzQNVMRaOy7KIrKGkwNKmTPq667kJUQ' --header 'Content-Type: application/json' --data-raw '{ "state":"closed", "category":"no_reason" }'
Example Response
{ "state": "closed", "category": "no_reason", "resolved_by": "api", "resolution_date": "2021-02-18T18:59:18.740Z" }

quarantineAsset

Performs admin quarantine actions on the corresponding asset. A
POST
request to the
remediation/api/assets/{id}/quarantine
endpoint with
remediation_api
scope is used to quarantine the asset to the administrator’s folder, with the following limitations:
  • Quarantine and restore processes are asynchronous—Response does not mean that
    Data Security
    successfully quarantined the asset; rather, the acknowledgment indicates that the request is accepted and quarantine process will be triggered.
  • Remediation support—Not all SaaS applications support admin quarantine, nor for all asset types.
Required Parameters
Path Parameter
Type
Description
id
integer <int64>
Asset id
Example Request
$ curl 'https://api.aperture.paloaltonetworks.com/remediation/api/assets/{id}/quarantine' -i -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhcGlfYWNjZXNzIl0sImp0aSI6IjA5ZjljN DVkLTA1NTYtNDY4MS05YWFhLWM4MGNiNWQ5ZjRiYSIsInRlbmFudCI6InRlc3QgdGVuYW50IiwiY2xpZW50X2l kIjoiYWNtZSJ9.lQpl3taZros7xzQNVMRaOy7KIrKGkwNKmTPq667kJUQ' -H 'Content-Type: application/json'
Example Response
Status: 202 Accepted

restoreAsset

Reverts admin quarantine action for the corresponding asset. A
POST
request to the
remediation/api/assets/{id}/restore
endpoint with
remediation_api
scope is used to restore the quarantined asset.
Required Parameters
Path Parameter
Type
Description
id
integer <int64>
Asset id
Example Request
$ curl 'https://api.aperture.paloaltonetworks.com/remediation/api/assets/{id}/restore' -i -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhcGlfYWNjZXNzIl0sImp0aSI6IjA5ZjljN DVkLTA1NTYtNDY4MS05YWFhLWM4MGNiNWQ5ZjRiYSIsInRlbmFudCI6InRlc3QgdGVuYW50IiwiY2xpZW50X2l kIjoiYWNtZSJ9.lQpl3taZros7xzQNVMRaOy7KIrKGkwNKmTPq667kJUQ' -H 'Content-Type: application/json'
Example Response
Status: 202 Accepted

Recommended For You