Skip to content
Adversarial

Update many incident's editable fields, given a list of incident IDs

PATCH
/v1/incidents

Request Body required

Section titled “Request Body required ”
object
One of:

PATCH /incidents/:id

object
assigned_to
string | null format: uuid
contained_date
string | null format: date-time
description
string | null
detected_date
string | null format: date-time
occurred_date
string | null format: date-time
responded_date
string | null format: date-time
severity
One of:
null
severity_reasoning
string | null
source
string | null
status
One of:
null
tags
array | null
threat_objectives
array | null

A relational struct that has a threat objective type and its relevancy to a risk.

PartialEq, Eq, and Hash are implemented manually to exclude created_date, which is metadata about when the relation was mutated — not part of the identity.

object
created_date

The time that this relation was mutated

string | null format: date-time
relevance
One of:
null
threat_objective
required

The threat objective type

string
Allowed values: Sabotage Data Disclosure Extortion Customer Targeting Resource Hijacking Fraud
title
string | null
ids
Array<string>
default:
Example
INC-00001
tag_operation
One of:
null

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Incidents updated

object
incidents
required
Array<object>

Register row for an Incident. An Incident plus the relational data shown on the incident register: risk associations, threat objectives, tags, and comment count.

object
comment_count
required
integer format: int64
incident
required

Relationship, core incident information

object
assigned_to
One of:
null
contained_date
string | null format: date-time
created_date
required
string format: date-time
description
required
string
detected_date
required
string format: date-time
id
required
string
Example
INC-00001
occurred_date
string | null format: date-time
opened_by
required

A User as returned by the API.

Profile images are not embedded — clients fetch them from GET /api/v1/{icon} when icon is Some.

object
email
required
string
first_name
required
string
icon

Relative path to the user’s avatar endpoint, e.g. "users/{id}/avatar?v={hash}". None when the user has no avatar.

string | null
id
required
string format: uuid
last_name
required
string
responded_date
string | null format: date-time
severity
One of:
null
severity_reasoning
string | null
source
string | null
status
required

The status of an incident

string
Allowed values: New In Progress Review Closed
title
required
string
updated_by
required

A User as returned by the API.

Profile images are not embedded — clients fetch them from GET /api/v1/{icon} when icon is Some.

object
email
required
string
first_name
required
string
icon

Relative path to the user’s avatar endpoint, e.g. "users/{id}/avatar?v={hash}". None when the user has no avatar.

string | null
id
required
string format: uuid
last_name
required
string
updated_date
required
string format: date-time
risk_associations
required
Array<string>
tags
required
Array<object>
object
content
required
string
creator_id
required
string format: uuid
id
required
string format: uuid
org_id
string | null format: uuid
threat_objectives
required
Array<object>

A relational struct that has a threat objective type and its relevancy to a risk.

PartialEq, Eq, and Hash are implemented manually to exclude created_date, which is metadata about when the relation was mutated — not part of the identity.

object
created_date

The time that this relation was mutated

string | null format: date-time
relevance
One of:
null
threat_objective
required

The threat objective type

string
Allowed values: Sabotage Data Disclosure Extortion Customer Targeting Resource Hijacking Fraud

400

Section titled “400 ”

Validation failed (e.g. empty payload, unknown source, inactive assignee)

404

Section titled “404 ”

Not found