This functionality is available only with Barracuda Email Protection Premium and Premium Plus plans. To upgrade to one of these plans, contact your Barracuda Networks Sales Representative.
Creates an incident for a Microsoft 365 tenant.
Endpoint
POST /beta/accounts/{accountId}/forensics/{tenantId}/incident
Parameters
Name | Type | Required | Description |
---|---|---|---|
Path Parameters | |||
accountId | string | * | The Barracuda Cloud Control account ID obtained from the Get Accounts API. |
tenantId | string | * | The Microsoft 365 tenant ID obtained from the Get Tenants API. |
Request Body
Content type: application/json
Name | Description | Type | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
remediationActions | The remediation actions for an incident.
| |||||||||||||||||||||||||||||||
searchCriteria | The email search criteria used to find emails that will become the basis of a new incident.
|
Response Codes
Code | Description |
---|---|
200 | OK |
401 | Unauthorized: There is a missing or incorrect API token in header or the client did not have permission to access the requested resource. |
Response
Entry | Description | Type | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
attachmentName | The email attachment name search query. | string | |||||||||||||||
continuousRemediationCount | The number of emails for which remediation actions were taken via continuous remediation. | integer | |||||||||||||||
continuousRemediationUntil | The date at which continuous remediation stops. | string | |||||||||||||||
created | The date the incident was created. | string | |||||||||||||||
createdBy | The email address of the administrator who created the incident. | string | |||||||||||||||
createdByName | The name of the administrator who created the incident. | string | |||||||||||||||
distinctRecipientCount | The number of users involved in this incident. | integer | |||||||||||||||
domains | A list of affected domains. | Array | |||||||||||||||
id | The incident ID. | string | |||||||||||||||
incidentDetails | Details about the origins of an incident.
| ||||||||||||||||
labels | A list of objects representing labels that can be used to filter incidents.
| Array | |||||||||||||||
notifiedEmailCount | The number of warning email alerts sent to the affected users. | integer | |||||||||||||||
remediatedEmailCount | The number of emails for which remediation actions were taken. | integer | |||||||||||||||
remediationActions | The remediation actions for an incident.
| ||||||||||||||||
remediationStatus | The current remediation status. | string | |||||||||||||||
sender | The email sender search query.
| ||||||||||||||||
senderPolicies | A list of global sender policies added to your Barracuda Email Security Service account, if you have an account. The format is "{email|domain}:[quarantine|block]" example: [ "john@email.com:quarantine" ] | Array | |||||||||||||||
subject | The email subject search query. | string | |||||||||||||||
timeframe | How far back the incident email search extends in hours. | integer |
Sample Usage
curl -X POST "https://api.barracudanetworks.com/beta/accounts/{accountId}/forensics/{tenantId}/incident" \
--header "Content-Type: application/json" \
--data-raw '{
"searchCriteria": {
"timeframe": 720,
"emailSubject": "Example Subject",
"sender": {
"email": "",
"displayName": ""
},
"attachmentName": "",
"includeQuarantined": false,
"includeSent": false
},
"remediationActions": {
"messageAction": "DELETE",
"notify": false,
"sendSummary": true,
"enableContinuousRemediation": false
}
}' \
--header "Authorization: Bearer {access_token}"
Sample Response
{
"id": "2047f505-ea48-4740-a370-a98611ea0c9f",
"created": "2021-04-05T09:00:00.000000Z",
"createdBy": "",
"createdByName": "Public API",
"sender": {
"email": "",
"displayName": ""
},
"subject": "Example Subject",
"attachmentName": "",
"timeframe": 720,
"remediatedEmailCount": 0,
"notifiedEmailCount": 0,
"continuousRemediationCount": 0,
"distinctRecipientCount": 0,
"remediationStatus": "Not Started",
"remediationActions": {
"messageAction": "DELETE",
"notify": false,
"sendSummary": true,
"enableContinuousRemediation": false
},
"senderPolicies": null,
"domains": [
"barracuda.com"
],
"continuousRemediationUntil": null,
"incidentDetails": {
"source": "Public-Api",
"subSource": null
},
"labels": []
}
Content type: application/json