Skip to main content
McAfee MVISION Cloud

Update Incident Status from SIEM to MVISION Cloud Connector

You can update the incident status from your SIEM to MVISION Cloud Connector. To update the incident status, run the following curl command:

curl -k -X POST \
https://CC symbolic server name:port/incidentStatus/update \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-d '[
{
"incidentId": "incidentType-incidentNumber",
"changeRequests":{ "WORKFLOW_STATUS": "status" }},
//to add multiple incidents, add a curly bracket followed by the incidentId and ChangeReuest
{
"incidentId": "incidentType-incidentNumber",
"changeRequests":{ "WORKFLOW_STATUS": "status" }}
]
'

Example:

curl -k -X POST \
https://t5617-168678303.do.devshn.net:8459/incidentStatus/update \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-d '[
{
"incidentId": "DLP-234",
"changeRequests":{ "WORKFLOW_STATUS": "Resolved" }},
{
"incidentId": "DLP-231",
"changeRequests":{ "WORKFLOW_STATUS": "Resolved" }}
]
'

Statuses

List of valid status that can be updated:

  • Archived
  • Escalated
  • False positive
  • Opened
  • Pending
  • Resolved
  • Suppressed
  • Suspended
  • Under investigation
  • Viewed

List of API Incident Types

  • DLP. For DLP Policy Violations.
  • ANO. For Anomalies.
  • THR. For Threats.
  • AUD. For Config Audit Policy violations.
  • CAP. For Cloud Access Policy violations.
  • MAL. For Malware Policy violations.
  • APP. For Connected Apps violations.
  • Was this article helpful?