This functionality is available only with Barracuda Email Protection Premium and Premium Plus plans. To upgrade to one of these plans, contact your Barracuda Networks Sales Representative.
Retrieves a single incident using the incident ID.
See Get Incidents to retrieve a list of incidents for a Microsoft 365 tenant.
Endpoint
GET /beta/accounts/{accountId}/forensics/{tenantId}/incident/{incidentId}
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| Path Parameters | |||
| accountId | string | * | The Barracuda Cloud Control account ID obtained from the Get Accounts API. |
| incidentId | string | * | The incident ID obtained from the Create Incident or Get Incidents APIs. |
| tenantId | string | * | The Microsoft 365 tenant ID obtained from the Get Tenants API. |
Response Codes
Code | Description |
|---|---|
| 200 | OK |
| 401 | Unauthorized: There is a missing or incorrect API token in header or the client did not have permission to access the requested resource. |
Response
| Entry | Description | Type | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| attachmentName | The email attachment name search query. | string | |||||||||||||||
| continuousRemediationCount | The number of emails for which remediation actions were taken via continuous remediation. | integer | |||||||||||||||
| continuousRemediationUntil | The date at which continuous remediation stops. | string | |||||||||||||||
| created | The date the incident was created. | string | |||||||||||||||
| createdBy | The email address of the administrator who created the incident. | string | |||||||||||||||
| createdByName | The name of the administrator who created the incident. | string | |||||||||||||||
| distinctRecipientCount | The number of users involved in this incident. | integer | |||||||||||||||
| domains | A list of affected domains. | Array | |||||||||||||||
| id | The incident ID. | string | |||||||||||||||
| incidentDetails | Details about the origins of an incident.
| ||||||||||||||||
| labels | A list of objects representing labels that can be used to filter incidents.
| Array | |||||||||||||||
| notifiedEmailCount | The number of warning email alerts sent to the affected users. | integer | |||||||||||||||
| remediatedEmailCount | The number of emails for which remediation actions were taken. | integer | |||||||||||||||
| remediationActions | The remediation actions for an incident.
| ||||||||||||||||
| remediationStatus | The current remediation status. | string | |||||||||||||||
| sender | The email sender search query.
| ||||||||||||||||
| senderPolicies | A list of global sender policies added to your Barracuda Email Security Service account, if you have an account. The format is "{email|domain}:[quarantine|block]" example: [ "john@email.com:quarantine" ] | Array | |||||||||||||||
| subject | The email subject search query. | string | |||||||||||||||
| timeframe | How far back the incident email search extends in hours. | integer | |||||||||||||||
Sample Request
curl -X GET "https://api.barracudanetworks.com/beta/accounts/{accountId}/forensics/{tenantId}/incident/{incidentId}" \
--header "Authorization: Bearer {access_token}"Sample Response
{
"id": "2047f505-ea48-4740-a370-a98611ea0c9f",
"created": "2021-04-05T09:00:00.000000Z",
"createdBy": "",
"createdByName": "Public API",
"sender": {
"email": "",
"displayName": ""
},
"subject": "Example Subject",
"attachmentName": "",
"timeframe": 720,
"remediatedEmailCount": 1,
"notifiedEmailCount": 0,
"continuousRemediationCount": 0,
"distinctRecipientCount": 1,
"remediationStatus": "Completed",
"remediationActions": {
"messageAction": "DELETE",
"notify": false,
"sendSummary": true,
"enableContinuousRemediation": false
},
"senderPolicies": [],
"domains": [
"barracuda.com"
],
"continuousRemediationUntil": null,
"incidentDetails": {
"source": "Public-Api",
"subSource": null
},
"labels": []
}