Skip to main content
Skyhigh Security

Update Incident Status from SIEM to Cloud Connector

You can update the incident status from your SIEM to Skyhigh Cloud Connector.

To update the incident status, run the following curl command:

curl -k -X POST \
https://CC symbolic server name:port/incidentStatus/update \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-d '[
{
"incidentId": "incidentType-incidentNumber",
"changeRequests":{ "WORKFLOW_STATUS": "status" }},
//to add multiple incidents, add a curly bracket followed by the incidentId and ChangeReuest
{
"incidentId": "incidentType-incidentNumber",
"changeRequests":{ "WORKFLOW_STATUS": "status" }}
]
'

Example:

curl -k -X POST \
https://t5617-168678303.do.devshn.net:8459/incidentStatus/update \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-d '[
{
"incidentId": "DLP-234",
"changeRequests":{ "WORKFLOW_STATUS": "Resolved" }},
{
"incidentId": "DLP-231",
"changeRequests":{ "WORKFLOW_STATUS": "Resolved" }}
]
'

Statuses

List of valid status that can be updated:

  • Archived
  • Escalated
  • False positive
  • Opened
  • Pending
  • Resolved
  • Suppressed
  • Suspended
  • Under investigation
  • Viewed

List of API Incident Types

  • DLP. For DLP Policy Violations.
  • ANO. For Anomalies.
  • THR. For Threats.
  • AUD. For Config Audit Policy violations.
  • CAP. For Cloud Access Policy violations.
  • MAL. For Malware Policy violations.
  • APP. For Connected Apps violations.
  • VUL. For Vulnerability Policy violations.
  • Was this article helpful?