post
/public_api/v1/mth/child/get_reports_by_incident_id
Retrieves detailed information for one or more MTH/MDR reports based on the provided incident_id values. At least one incident_id must be specified.
Note
- Users with Instance Administrator privileges only can access this API.
Request headers
Authorization
String
required
{api_key}
{api_key}
Example:
YOUR_API_KEY_HERE
x-xdr-auth-id
String
required
{api_key_id}
{api_key_id}
Example:
241
CLIENT REQUEST
curl -X 'POST'
-H "Authorization: [[apiKey]]"
\
-H "x-xdr-auth-id: [[apiKey]]"
\
-H
'Accept: application/json'
-H
'Content-Type: application/json'
-H
'Authorization: YOUR_API_KEY_HERE'
-H
'x-xdr-auth-id: 241'
'https://api-yourfqdn/public_api/v1/mth/child/get_reports_by_incident_id'
-d
'{
"request_data" : {
"incident_ids" : [ "incident_ids", "incident_ids" ]
}
}'
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
payload = "{\"request_data\":{\"incident_ids\":[\"string\"]}}"
headers = {
'Authorization': "REPLACE_KEY_VALUE",
'x-xdr-auth-id': "241",
'content-type': "application/json"
}
conn.request("POST", "/public_api/v1/mth/child/get_reports_by_incident_id", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/public_api/v1/mth/child/get_reports_by_incident_id")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'REPLACE_KEY_VALUE'
request["x-xdr-auth-id"] = '241'
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"incident_ids\":[\"string\"]}}"
response = http.request(request)
puts response.read_bodyconst data = JSON.stringify({
"request_data": {
"incident_ids": [
"string"
]
}
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api-yourfqdn/public_api/v1/mth/child/get_reports_by_incident_id");
xhr.setRequestHeader("Authorization", "REPLACE_KEY_VALUE");
xhr.setRequestHeader("x-xdr-auth-id", "241");
xhr.setRequestHeader("content-type", "application/json");
xhr.send(data);HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/mth/child/get_reports_by_incident_id")
.header("Authorization", "REPLACE_KEY_VALUE")
.header("x-xdr-auth-id", "241")
.header("content-type", "application/json")
.body("{\"request_data\":{\"incident_ids\":[\"string\"]}}")
.asString();import Foundation
let headers = [
"Authorization": "REPLACE_KEY_VALUE",
"x-xdr-auth-id": "241",
"content-type": "application/json"
]
let parameters = ["request_data": ["incident_ids": ["string"]]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/mth/child/get_reports_by_incident_id")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/public_api/v1/mth/child/get_reports_by_incident_id",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"request_data\":{\"incident_ids\":[\"string\"]}}",
CURLOPT_HTTPHEADER => [
"Authorization: REPLACE_KEY_VALUE",
"content-type: application/json",
"x-xdr-auth-id: 241"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/mth/child/get_reports_by_incident_id");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: REPLACE_KEY_VALUE");
headers = curl_slist_append(headers, "x-xdr-auth-id: 241");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"incident_ids\":[\"string\"]}}");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/public_api/v1/mth/child/get_reports_by_incident_id");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "REPLACE_KEY_VALUE");
request.AddHeader("x-xdr-auth-id", "241");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"incident_ids\":[\"string\"]}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Body parameters
required
request_dataobject
incident_idsarray[string]required
application/json
Retrieves incident_id for one or more MTH/MDR reports.
request_dataobject
incident_idsarray[string]requiredList of incident IDs to retrieve
List of incident IDs to retrieve
REQUEST
{
"request_data": {
"incident_ids": [
"777773",
"15"
]
}
}Responses
Successful Response
Body
application/json
replyarray
[xsoar_source_idstring
report_typestring
insert_timeintegerint64
namestring
descriptionstring
incident_idinteger
update_timeintegerint64
created_bystring
severitystring
attachmentsstring
classificationstring
assigned_userstring
report_statusstring
assigned_user_prettystring
]
xsoar_source_idstringUnique identifier of the report
Unique identifier of the report
report_typestringType of the report
Type of the report
insert_timeintegerint64Creation timestamp in milliseconds (epoch)
Creation timestamp in milliseconds (epoch)
namestringName/title of the report
Name/title of the report
descriptionstringDetailed description of the report
Detailed description of the report
incident_idintegerAssociated incident ID
Associated incident ID
update_timeintegerint64Last update timestamp in milliseconds (epoch)
Last update timestamp in milliseconds (epoch)
created_bystringCreator of the report
Creator of the report
severitystringSeverity level of the report
Severity level of the report
attachmentsstringJSON-formatted string containing attachment information
JSON-formatted string containing attachment information
classificationstringClassification of the report (MTH or MDR)
Classification of the report (MTH or MDR)
assigned_userstringEmail of the assigned user
Email of the assigned user
report_statusstringCurrent status of the report
Current status of the report
assigned_user_prettystringDisplay name of the assigned user
Display name of the assigned user
RESPONSE
{
"reply": [
{
"xsoar_source_id": "777773",
"report_type": "Threat Report Update1",
"insert_time": 1763468832000,
"name": "Updated Report 5",
"description": "Updated description",
"incident_id": 777773,
"update_time": 1765983782000,
"created_by": "iavron@example.com",
"severity": "SEV_040_HIGH",
"attachments": "{\"update_report/1764864986901--f2ada4b9-d7f2-43cb-978c-91cc2eb4c97d\": {\"attachment_name\": \"\", \"attachment_size\": 0}}",
"classification": "MTH",
"assigned_user": "iavron@example.com",
"report_status": "ON_HOLD",
"assigned_user_pretty": "iavron iavron"
},
{
"xsoar_source_id": "15",
"report_type": "Threat Report Update2",
"insert_time": 1763468832002,
"name": "Updated Report 6",
"description": "Updated description",
"incident_id": 15,
"update_time": 1765983782003,
"created_by": "iavron1@example.com",
"severity": "SEV_040_HIGH",
"attachments": "{\"update_report/1764864986901--f2ada4b9-d7f2-43cb-978c-91cc2eb4c97e\": {\"attachment_name\": \"\", \"attachment_size\": 0}}",
"classification": "MTH",
"assigned_user": "iavron@example.com",
"report_status": "ON_HOLD",
"assigned_user_pretty": "iavron1 iavron1"
}
]
}Bad Request - Invalid parameters or missing required fields
Body
application/json
replyobject
err_codestringError code
Error code
err_msgstringError message
Error message
err_extrastringExtra information about the error
Extra information about the error
RESPONSE
{
"reply": {
"err_code": "example",
"err_msg": "example",
"err_extra": "example"
}
}Unauthorized - Invalid or missing API key
Body
application/json
replyobject
err_codestringError code
Error code
err_msgstringError message
Error message
err_extrastringExtra information about the error
Extra information about the error
RESPONSE
{
"reply": {
"err_code": "example",
"err_msg": "example",
"err_extra": "example"
}
}Forbidden - Tenant not authorized for this endpoint
Body
application/json
replyobject
err_codestringError code
Error code
err_msgstringError message
Error message
err_extrastringExtra information about the error
Extra information about the error
RESPONSE
{
"reply": {
"err_code": "example",
"err_msg": "example",
"err_extra": "example"
}
}Internal Server Error
Body
application/json
replyobject
err_codestringError code
Error code
err_msgstringError message
Error message
err_extrastringExtra information about the error
Extra information about the error
RESPONSE
{
"reply": {
"err_code": "example",
"err_msg": "example",
"err_extra": "example"
}
}