Incident and Remediation API

Learn about each example response and available response fields for incidents retrieval and remediation by an API client for SaaS Security API.
A registered API client on SaaS Security API can manage incident state and perform remediation actions based on the asset related to the corresponding incident:

getIncidentState

Retrieves incident state. A
GET
request to the
incident/api/incidents/{id}/state
endpoint with
incident_api
scope is used to access the incident state.
Required Parameters
Path Parameter
Type
Description
incidentId
integer <int64>
Incident id
Response Fields
Field
Type
Description
state
String
Incident state, either
open
or
closed
.
category
String
Reason for the state of the corresponding incident.
resolved_by
String
Resolver’s name.
resolution_date
String
Date and time the incident was resolved.
Example Request
$ curl 'https://api.aperture.paloaltonetworks.com/incident/api/incidents/71780/state' -i -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhcGlfYWNjZXNzIl0sImp0aSI6IjA5ZjljN DVkLTA1NTYtNDY4MS05YWFhLWM4MGNiNWQ5ZjRiYSIsInRlbmFudCI6InRlc3QgdGVuYW50IiwiY2xpZW50X2l kIjoiYWNtZSJ9.lQpl3taZros7xzQNVMRaOy7KIrKGkwNKmTPq667kJUQ' -H 'Content-Type: application/json'
Example Response
{ "state": "open", "category": "new", "resolved_by": null, "resolution_date": null }

changeIncidentState

Modifies incident state. A
POST
request to the
incident/api/incidents/{id}/state
endpoint with
incident_api
scope is used to access the incident state.
Required Parameters
Path Parameter
Type
Description
incidentId
integer <int64>
Incident id
Body Parameter
Type
Description
state
String
Incident state. Only
closed
is allowed.
category
String
Reason for the
closed
state of the corresponding incident:
  • no_reason
  • business_justified
  • misidentified
Response Fields
Field
Type
Description
state
String
Incident state. Only
closed
is returned.
category
String
Reason for the
closed
state of the corresponding incident:
  • no_reason
  • business_justified
  • misidentified
resolved_by
String
Resolver’s name.
resolution_date
String
Date the incident was resolved.
Example Request
$ curl 'https://api.aperture.paloaltonetworks.com/incident/api/incidents/71780/state' -i -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhcGlfYWNjZXNzIl0sImp0aSI6IjA5ZjljN DVkLTA1NTYtNDY4MS05YWFhLWM4MGNiNWQ5ZjRiYSIsInRlbmFudCI6InRlc3QgdGVuYW50IiwiY2xpZW50X2l kIjoiYWNtZSJ9.lQpl3taZros7xzQNVMRaOy7KIrKGkwNKmTPq667kJUQ' --header 'Content-Type: application/json' --data-raw '{ "state":"closed", "category":"no_reason" }'
Example Response
{ "state": "closed", "category": "no_reason", "resolved_by": "api", "resolution_date": "2021-02-18T18:59:18.740Z" }

quarantineAsset

Performs admin quarantine actions on the corresponding asset. A
POST
request to the
remediation/api/assets/{id}/quarantine
endpoint with
remediation_api
scope is used to quarantine the asset to the administrator’s folder, with the following limitations:
  • Quarantine and restore processes are asynchronous—Response does not mean that SaaS Security API successfully quarantined the asset; rather, the acknowledgment indicates that the request is accepted and quarantine process will be triggered.
  • Remediation support—Not all SaaS applications support admin quarantine, nor for all asset types.
Required Parameters
Path Parameter
Type
Description
id
integer <int64>
Asset id
Example Request
$ curl 'https://api.aperture.paloaltonetworks.com/remediation/api/assets/{id}/quarantine' -i -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhcGlfYWNjZXNzIl0sImp0aSI6IjA5ZjljN DVkLTA1NTYtNDY4MS05YWFhLWM4MGNiNWQ5ZjRiYSIsInRlbmFudCI6InRlc3QgdGVuYW50IiwiY2xpZW50X2l kIjoiYWNtZSJ9.lQpl3taZros7xzQNVMRaOy7KIrKGkwNKmTPq667kJUQ' -H 'Content-Type: application/json'
Example Response
Status: 202 Accepted

restoreAsset

Reverts admin quarantine action for the corresponding asset. A
POST
request to the
remediation/api/assets/{id}/restore
endpoint with
remediation_api
scope is used to restore the quarantined asset.
Required Parameters
Path Parameter
Type
Description
id
integer <int64>
Asset id
Example Request
$ curl 'https://api.aperture.paloaltonetworks.com/remediation/api/assets/{id}/restore' -i -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhcGlfYWNjZXNzIl0sImp0aSI6IjA5ZjljN DVkLTA1NTYtNDY4MS05YWFhLWM4MGNiNWQ5ZjRiYSIsInRlbmFudCI6InRlc3QgdGVuYW50IiwiY2xpZW50X2l kIjoiYWNtZSJ9.lQpl3taZros7xzQNVMRaOy7KIrKGkwNKmTPq667kJUQ' -H 'Content-Type: application/json'
Example Response
Status: 202 Accepted

Recommended For You