Message Image

Log in

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community

Skip main navigation (Press Enter).

IBM Security QRadar SOAR

View Only

Expand all | Collapse all

Incidents which has been updated recently (API)

LaveshTue August 13, 2019 02:51 AM

Hi all, I was wondering how do I go about checking for incidents which has been updated recently by ...

Mark ScherflingTue September 17, 2019 01:01 PM

Hi Lavesh, Starting in v32.1, you can use the incident query API and check the inc_last_modified_date ...

1. Incidents which has been updated recently (API)

0 Like
Lavesh
Posted Tue August 13, 2019 02:51 AM

Reply
Hi all,

I was wondering how do I go about checking for incidents which has been
updated recently by the users through API?

Many thanks,

------------------------------
Lavesh
------------------------------
2. RE: Incidents which has been updated recently (API)

0 Like
Mark Scherfling
Posted Tue September 17, 2019 01:01 PM

Reply
Hi Lavesh,

Starting in v32.1, you can use the incident query API and check the inc_last_modified_date field. I tested this with added notes and artifacts and confirmed that the date field was changed. The payload with the filters would look like the following.

https://<host>/rest/orgs/<org>/incidents/query?field_handle=-1&return_level=full

{
"filters": [
    {
       "conditions": [
         {
           "field_name": "inc_last_modified_date",
           "method": "gt",
           "value": 1568739158980
         }
       ]
    }
]
}

------------------------------
Mark Scherfling
------------------------------

Original Message

Powered by Higher Logic