Batch export incidents to csv

Cortex XSOAR 6 API

post /incident/batch/exportToCsv

Exports an incidents batch to CSV file (returns file ID)

CURL
curl -X POST \ -H "Authorization: [[apiKey]]" \ -H "Accept: application/json" \ -H "Content-Type: application/json,application/xml" \ "https://hostname:443/incident/batch/exportToCsv" \ -d '{ "all" : true, "filter" : { "parent" : [ "parent", "parent" ], "reason" : [ "reason", "reason" ], "notInvestigation" : [ "notInvestigation", "notInvestigation" ], "totalOnly" : true, "type" : [ "type", "type" ], "fromActivatedDate" : "2000-01-23T04:56:07.000+00:00", "notCategory" : [ "notCategory", "notCategory" ], "fromDateLicense" : "2000-01-23T04:56:07.000+00:00", "andOp" : true, "searchAfterElastic" : [ "searchAfterElastic", "searchAfterElastic" ], "searchBefore" : [ "searchBefore", "searchBefore" ], "details" : "details", "id" : [ "id", "id" ], "toActivatedDate" : "2000-01-23T04:56:07.000+00:00", "period" : { "fromValue" : "fromValue", "toValue" : "toValue", "byFrom" : "byFrom", "field" : "field", "by" : "by", "byTo" : "byTo" }, "searchAfterMapOrder" : { "key" : 6 }, "level" : [ 4, 4 ], "query" : "query", "notStatus" : [ 2, 2 ], "sort" : [ { "asc" : true, "field" : "field", "fieldType" : "fieldType" }, { "asc" : true, "field" : "field", "fieldType" : "fieldType" } ], "users" : [ "users", "users" ], "fromDate" : "2000-01-23T04:56:07.000+00:00", "size" : 1, "fromReminder" : "2000-01-23T04:56:07.000+00:00", "name" : [ "name", "name" ], "files" : [ "files", "files" ], "searchAfter" : [ "searchAfter", "searchAfter" ], "fromClosedDate" : "2000-01-23T04:56:07.000+00:00", "page" : 0, "fields" : [ "fields", "fields" ], "Cache" : { "key" : [ "Cache", "Cache" ] }, "status" : [ 2, 2 ], "ignoreWorkers" : true, "filterobjectquery" : "filterobjectquery", "urls" : [ "urls", "urls" ], "systems" : [ "systems", "systems" ], "includeTmp" : true, "toClosedDate" : "2000-01-23T04:56:07.000+00:00", "searchAfterMap" : { "key" : [ "searchAfterMap", "searchAfterMap" ] }, "toDueDate" : "2000-01-23T04:56:07.000+00:00", "fromDueDate" : "2000-01-23T04:56:07.000+00:00", "searchBeforeElastic" : [ "searchBeforeElastic", "searchBeforeElastic" ], "toDate" : "2000-01-23T04:56:07.000+00:00", "trim_events" : 5, "toReminder" : "2000-01-23T04:56:07.000+00:00", "timeFrame" : 5, "investigation" : [ "investigation", "investigation" ], "accounts" : { "key" : "{}" }, "category" : [ "category", "category" ] }, "CustomFields" : { "key" : "{}" }, "overrideInvestigation" : true, "closeNotes" : "closeNotes", "data" : { "key" : "{}" }, "columns" : [ "columns", "columns" ], "line" : "line", "ids" : [ "ids", "ids" ], "force" : true, "originalIncidentId" : "originalIncidentId", "closeReason" : "closeReason" }' \ -d ' UNDEFINED_EXAMPLE_VALUE true aeiou aeiou aeiou UNDEFINED_EXAMPLE_VALUE UNDEFINED_EXAMPLE_VALUE UNDEFINED_EXAMPLE_VALUE true aeiou
aeiou
aeiou aeiou aeiou 2000-01-23T04:56:07.000Z 2000-01-23T04:56:07.000Z 2000-01-23T04:56:07.000Z 2000-01-23T04:56:07.000Z 2000-01-23T04:56:07.000Z 2000-01-23T04:56:07.000Z aeiou true true aeiou aeiou aeiou aeiou 123456789 aeiou aeiou aeiou aeiou aeiou UNDEFINED_EXAMPLE_VALUE UNDEFINED_EXAMPLE_VALUE aeiou aeiou 123456789 aeiou 123456789 2000-01-23T04:56:07.000Z 2000-01-23T04:56:07.000Z 2000-01-23T04:56:07.000Z 2000-01-23T04:56:07.000Z 2000-01-23T04:56:07.000Z true 123456789 aeiou aeiou aeiou
true aeiou aeiou aeiou true
'
Authentication: api_key Api Key "Authorization"
Request
Body
optional
CustomFields
optional
Map of objects
all
optional
Boolean
closeNotes
optional
String
closeReason
optional
String
columns
optional
Array of strings
data
optional
Map of objects
filter
optional
Cache
optional
Map
Cache of join functions
accounts
optional
Map of objects
andOp
optional
Boolean
category
optional
Array of strings
details
optional
String
fields
optional
Array of strings
files
optional
Array of strings
filterobjectquery
optional
String
fromActivatedDate
optional
Object
format: date-time
fromClosedDate
optional
Object
format: date-time
fromDate
optional
Object
format: date-time
fromDateLicense
optional
Object
format: date-time
fromDueDate
optional
Object
format: date-time
fromReminder
optional
Object
format: date-time
id
optional
Array of strings
ignoreWorkers
optional
Boolean
Do not use workers mechanism while searching bleve
includeTmp
optional
Boolean
investigation
optional
Array of strings
level
optional
Array of numbers (Double)
format: double
name
optional
Array of strings
notCategory
optional
Array of strings
notInvestigation
optional
Array of strings
notStatus
optional
Array of numbers (Double)
format: double
page
optional
Number (Long)
0-based page format: int64
parent
optional
Array of strings
period
optional
by
optional
String
By is used for legacty, and if exists it will override ByTo and ByFrom
byFrom
optional
String
byTo
optional
String
field
optional
String
fromValue
optional
String
format: duration
toValue
optional
String
format: duration
query
optional
String
reason
optional
Array of strings
searchAfter
optional
Array of strings
Efficient next page, pass max sort value from previous page
searchAfterElastic
optional
Array of strings
Efficient next page, pass max ES sort value from previous page
searchAfterMap
optional
Map
Map accounts search after values - stores next page sort values per account. There is no need to store searchBeforeMap as [current page searchBefore] equals to [prev page searchAfter] More, there is no way to generate correct searchBefore from current page as some tenants may not appear at all. The map is relevant in proxy mode and used by tenants, each tenant extracts the searchAfter keys from the map.
searchAfterMapOrder
optional
Map of numbers (Long)
format: int64
searchBefore
optional
Array of strings
Efficient prev page, pass min sort value from next page
searchBeforeElastic
optional
Array of strings
Efficient prev page, pass min ES sort value from next page
size
optional
Number (Long)
Size is limited to 1000, if not passed it defaults to 0, and no results will return format: int64
sort
optional
Array
The sort order
Order struct holds a sort field and the direction of sorting
asc
optional
Boolean
field
optional
String
fieldType
optional
String
status
optional
Array of numbers (Double)
format: double
systems
optional
Array of strings
timeFrame
optional
Number (Long)
A Duration represents the elapsed time between two instants as an int64 nanosecond count. The representation limits the largest representable duration to approximately 290 years. format: int64
toActivatedDate
optional
Object
format: date-time
toClosedDate
optional
Object
format: date-time
toDate
optional
Object
format: date-time
toDueDate
optional
Object
format: date-time
toReminder
optional
Object
format: date-time
totalOnly
optional
Boolean
trim_events
optional
Number (Long)
format: int64
type
optional
Array of strings
urls
optional
Array of strings
users
optional
Array of strings
force
optional
Boolean
ids
optional
Array of strings
line
optional
String
originalIncidentId
optional
String
overrideInvestigation
optional
Boolean
Responses

csv file name

Body