This functionality is available only with Barracuda Email Protection Premium and Premium Plus plans. To upgrade to one of these plans, contact your Barracuda Networks Sales Representative.
Retrieves a single incident using the incident ID.
See Get Incidents to retrieve a list of incidents for a Microsoft 365 tenant.
Endpoint
GET /beta/accounts/{accountId}/forensics/{tenantId}/incident/{incidentId}
Parameters
Name | Type | Required | Description |
---|---|---|---|
Path Parameters | |||
accountId | string | * | The Barracuda Cloud Control account ID obtained from the Get Accounts API. |
incidentId | string | * | The incident ID obtained from the Create Incident or Get Incidents APIs. |
tenantId | string | * | The Microsoft 365 tenant ID obtained from the Get Tenants API. |
Response Codes
Code | Description |
---|---|
200 | OK |
401 | Unauthorized: There is a missing or incorrect API token in header or the client did not have permission to access the requested resource. |
Response
Entry | Description | Type | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
attachmentName | The email attachment name search query. | string | |||||||||||||||
continuousRemediationCount | The number of emails for which remediation actions were taken via continuous remediation. | integer | |||||||||||||||
continuousRemediationUntil | The date at which continuous remediation stops. | string | |||||||||||||||
created | The date the incident was created. | string | |||||||||||||||
createdBy | The email address of the administrator who created the incident. | string | |||||||||||||||
createdByName | The name of the administrator who created the incident. | string | |||||||||||||||
distinctRecipientCount | The number of users involved in this incident. | integer | |||||||||||||||
domains | A list of affected domains. | Array | |||||||||||||||
id | The incident ID. | string | |||||||||||||||
incidentDetails | Details about the origins of an incident.
| ||||||||||||||||
labels | A list of objects representing labels that can be used to filter incidents.
| Array | |||||||||||||||
notifiedEmailCount | The number of warning email alerts sent to the affected users. | integer | |||||||||||||||
remediatedEmailCount | The number of emails for which remediation actions were taken. | integer | |||||||||||||||
remediationActions | The remediation actions for an incident.
| ||||||||||||||||
remediationStatus | The current remediation status. | string | |||||||||||||||
sender | The email sender search query.
| ||||||||||||||||
senderPolicies | A list of global sender policies added to your Barracuda Email Security Service account, if you have an account. The format is "{email|domain}:[quarantine|block]" example: [ "john@email.com:quarantine" ] | Array | |||||||||||||||
subject | The email subject search query. | string | |||||||||||||||
timeframe | How far back the incident email search extends in hours. | integer |
Sample Request
curl -X GET "https://api.barracudanetworks.com/beta/accounts/{accountId}/forensics/{tenantId}/incident/{incidentId}" \
--header "Authorization: Bearer {access_token}"
Sample Response
{
"id": "2047f505-ea48-4740-a370-a98611ea0c9f",
"created": "2021-04-05T09:00:00.000000Z",
"createdBy": "",
"createdByName": "Public API",
"sender": {
"email": "",
"displayName": ""
},
"subject": "Example Subject",
"attachmentName": "",
"timeframe": 720,
"remediatedEmailCount": 1,
"notifiedEmailCount": 0,
"continuousRemediationCount": 0,
"distinctRecipientCount": 1,
"remediationStatus": "Completed",
"remediationActions": {
"messageAction": "DELETE",
"notify": false,
"sendSummary": true,
"enableContinuousRemediation": false
},
"senderPolicies": [],
"domains": [
"barracuda.com"
],
"continuousRemediationUntil": null,
"incidentDetails": {
"source": "Public-Api",
"subSource": null
},
"labels": []
}