Skip to content

Commit 4f62f9c

Browse files
American-DipperAmerican-Dipper
authored
Merge pull request #1055 from MicrosoftDocs/repo_sync_working_branch
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/defender-docs (branch public)
2 parents 11c1f37 + 7011c81 commit 4f62f9c

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

defender-xdr/api-incident.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ search.appverid:
1818
- MOE150
1919
- MET150
2020
ms.custom: api
21-
ms.date: 02/08/2024
21+
ms.date: 07/30/2024
2222
---
2323

2424
# Microsoft Defender XDR incidents API and the incidents resource type
@@ -73,7 +73,7 @@ Refer to the respective method articles for more details on how to construct a r
7373
| status | Enum | Specifies the current status of the incident. Possible values are: `Active`, `InProgress`, `Resolved`, and `Redirected`. |
7474
| classification | Enum | Specification of the incident. Possible values are: `TruePositive`, `Informational, expected activity`, and `FalsePositive`. |
7575
| determination | Enum | Specifies the determination of the incident. <p>Possible determination values for each classification are: <br><li> <b>True positive</b>: `Multistage attack` (MultiStagedAttack), `Malicious user activity` (MaliciousUserActivity), `Compromised account` (CompromisedUser) – consider changing the enum name in public api accordingly, `Malware` (Malware), `Phishing` (Phishing), `Unwanted software` (UnwantedSoftware), and `Other` (Other). <li> <b>Informational, expected activity:</b> `Security test` (SecurityTesting), `Line-of-business application` (LineOfBusinessApplication), `Confirmed activity` (ConfirmedUserActivity) - consider changing the enum name in public api accordingly, and `Other` (Other). <li> <b>False positive:</b> `Not malicious` (Clean) - consider changing the enum name in public api accordingly, `Not enough data to validate` (InsufficientData), and `Other` (Other). |
76-
| tags | string list | List of Incident tags. |
76+
| tags | string list | List of Incident tags (customTags only). |
7777
| comments | List of incident comments | Incident Comment object contains: comment string, createdBy string, and createTime date time. |
7878
| alerts | alert list | List of related alerts. See examples at [List incidents](api-list-incidents.md) API documentation. |
7979

0 commit comments

Comments
 (0)