Get Incident
This functionality is not available with the legacy Barracuda Email Protection Advanced plan. All other Email Protection Plans, including all current Email Protection Plans have this functionality. To upgrade to one of these plans, contact your Barracuda Networks Sales Representative.
Retrieves a single incident using the incident ID.
See Get Incidents to retrieve a list of incidents for a Microsoft 365 tenant.
Endpoint
GET /beta/accounts/{accountId}/forensics/{tenantId}/incident/{incidentId}
Parameters
Name | Type | Required | Description |
|---|---|---|---|
Path Parameters | |||
accountId | string | * | The Barracuda Cloud Control account ID obtained from the Get Accounts API. |
incidentId | string | * | The incident ID obtained from the Create Incident or Get Incidents APIs. |
tenantId | string | * | The Microsoft 365 tenant ID obtained from the Get Tenants API. |
Response Codes
Code | Description |
|---|---|
200 | OK |
401 | Unauthorized: There is a missing or incorrect API token in header or the client did not have permission to access the requested resource. |
Response
Entry | Description | Type | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
attachmentName | The email attachment name search query. | string | |||||||||||||||
continuousRemediationCount | The number of emails for which remediation actions were taken via continuous remediation. | integer | |||||||||||||||
continuousRemediationUntil | The date at which continuous remediation stops. | string | |||||||||||||||
created | The date the incident was created. | string | |||||||||||||||
createdBy | The email address of the administrator who created the incident. | string | |||||||||||||||
createdByName | The name of the administrator who created the incident. | string | |||||||||||||||
distinctRecipientCount | The number of users involved in this incident. | integer | |||||||||||||||
domains | A list of affected domains. | Array | |||||||||||||||
id | The incident ID. | string | |||||||||||||||
incidentDetails | Details about the origins of an incident.
| ||||||||||||||||
labels | A list of objects representing labels that can be used to filter incidents.
| Array | |||||||||||||||
notifiedEmailCount | The number of warning email alerts sent to the affected users. | integer | |||||||||||||||
remediatedEmailCount | The number of emails for which remediation actions were taken. | integer | |||||||||||||||
remediationActions | The remediation actions for an incident.
| ||||||||||||||||
remediationStatus | The current remediation status. | string | |||||||||||||||
sender | The email sender search query.
| ||||||||||||||||
senderPolicies | A list of global sender policies added to your Barracuda Email Security Service account, if you have an account. The format is "{email|domain}:[quarantine|block]" example: [ "john@email.com:quarantine" ] | Array | |||||||||||||||
subject | The email subject search query. | string | |||||||||||||||
timeframe | How far back the incident email search extends in hours. | integer | |||||||||||||||
Sample Request
curl -X GET "https://api.barracudanetworks.com/beta/accounts/{accountId}/forensics/{tenantId}/incident/{incidentId}" \
--header "Authorization: Bearer {access_token}"Sample Response
{
"id": "2047f505-ea48-4740-a370-a98611ea0c9f",
"created": "2021-04-05T09:00:00.000000Z",
"createdBy": "",
"createdByName": "Public API",
"sender": {
"email": "",
"displayName": ""
},
"subject": "Example Subject",
"attachmentName": "",
"timeframe": 720,
"remediatedEmailCount": 1,
"notifiedEmailCount": 0,
"continuousRemediationCount": 0,
"distinctRecipientCount": 1,
"remediationStatus": "Completed",
"remediationActions": {
"messageAction": "DELETE",
"notify": false,
"sendSummary": true,
"enableContinuousRemediation": false
},
"senderPolicies": [],
"domains": [
"barracuda.com"
],
"continuousRemediationUntil": null,
"incidentDetails": {
"source": "Public-Api",
"subSource": null
},
"labels": []
}Contact Us
Barracuda Campus
Barracuda Support