Get extra data fields of a specific incident including alerts and key artifacts.
Cortex XDR displays in the APIs response whether a PAN NGFW type alert contains a PCAP triggering packet. Use the Retrieve PCAP Packet API to retrieve a list of alert IDs and their associated PCAP data.
Note: The API includes a limit rate of 10 API requests per minute.
Required license: Cortex XDR Prevent, Cortex XDR Pro per Endpoint, or Cortex XDR Pro per GB
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/incidents/get_incident_extra_data" \
-d '{
"request_data" : {
"alerts_limit" : 0,
"incident_id" : "incident_id"
}
}'
{"request_data":{"incident_id":"","alerts_limit":5}}
OK
Bad Request. Got an invalid JSON.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Unauthorized access. User does not have the required license type to run this API.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
An error occurred while processing XDR public API - incident management - update_incident
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Internal Server Error