HOMEBLOG

Incidents API

This documentation describes the API endpoints for retrieving and managing incident data.

List Incidents

This endpoint retrieves a list of incidents, which are aggregations of multiple alerts related to an asset.

Method
Path

GET

https://{telmai_endpoint}/api/backend/{tenant}/incidents

Query Parameters (Filters)

The request supports the following query parameters for filtering the incident list:

Parameter
Type
Description
Example

project_ids

List of Integers (comma-separated)

Filters by a list of Project IDs.

0,24

connection_types

List of Strings (comma-separated)

Filters by asset connection types (e.g., GCS, BIGQUERY).

GCS,BIGQUERY

alert_policy_ids

List of Strings (comma-separated)

Filters by Alert Policy IDs. (IDs can be strings for prebuilt policies).

4,5

severities

List of Strings (comma-separated)

Filters by severity (LOW, MEDIUM, HIGH).

HIGH,MEDIUM

impacts

List of Strings (comma-separated)

Filters by impact (LOW, MEDIUM, HIGH).

HIGH

connection_ids

List of Strings (comma-separated)

Filters by Connection IDs.

conn-123,conn-456

from_time

String (ISO 8601 Timestamp)

Range start timestamp for filtering.

2025-07-15T12:14:54.123Z

to_time

String (ISO 8601 Timestamp)

Range end timestamp for filtering.

2025-07-15T12:14:54.123Z

text_to_search

String

A search string applied to policy names and source names.

test_policy

Example Request:

GET: https://{host:port}/api/backend/{tenant}/incidents?project_ids=0,24

Response Body (JSON Array)

Returns an array of incident objects.

JSON

Get Incident Details

Retrieves the detailed information for a specific incident.

Method
Path

GET

https://{telmai_endpoint}/api/backend/{tenant}/incidents/{incidentId}

Path Parameter

Parameter
Type
Description

incidentId

Integer

The unique ID of the incident.

Example Request:

Response Body (JSON Object)

In addition to the fields in the list response, this endpoint returns detailed metrics and a history of state changes.

JSON

Incidents Distribution

This endpoint retrieves a day-by-day distribution of incident counts, categorized by severity and impact.

Method
Path

GET

https://{telmai_endpoint}/api/backend/{tenant}/incidents/distribution

Filters: This endpoint supports the same filter set as the Incidents List endpoint.

Response Body (JSON Object)

JSON

Incidents Summary

Retrieves overall summary statistics for incidents.

Method
Path

GET

https://{host:port}/api/backend/{tenant}/incidents/summary

Response Body (JSON Object)

Field
Type
Description

total

Integer

Total number of incidents.

open

Integer

Total number of OPEN incidents.

closed

Integer

Total number of CLOSED incidents.

mean_time_to_resolve

Integer

Average time to resolve incidents (in hours).

previous_mean_time_to_resolve

Integer

Previous period's average time to resolve (in hours).

open_by_tag

Object

Count of OPEN incidents grouped by tag.

closed_by_tag

Object

Count of CLOSED incidents grouped by tag.

JSON

Retrieving Alerts for an Incident

An Incident is an aggregation over time and refers to multiple uploads and alert objects, whereas an Alert refers to a specific upload and violation. To retrieve the individual alerts that compose an incident, you must use the alert_refs from the incident's history.

POST Retrieve Alerts by Filters

Method
Path

POST

https://{host:port}/api/backend/{tenant}/configuration/alerts/by_filters

Request Body (JSON Object)

The request body is constructed using data extracted from the incident's asset_id and the alert_refs array (found within the history of the detailed incident response).

Example:

If an incident has an asset_id of "5x0e34yk1re4" and the following alert_refs:

JSON

The request body should be:

JSON

Alert Object Structure

The endpoint returns an array of detailed Alert objects.

JSON

PreviousAssets Group APINextTrigger Scan

Last updated