Incident successfully created

Event field name

Field value

DeviceAction

incident created

EventOutcome

succeeded or failed

SourceTranslatedAddress

This field contains the value of the HTTP header x-real-ip or x-forwarded-for. If these headers are absent, the field will be empty.

SourceAddress

The address from which the user logged in. If the user logged in using a proxy, there will be a proxy address.

SourcePort

Port from which the user logged in. If the user logged in using a proxy, there will be a port on the proxy side.

SourceUserName

User name of the user that created the incident.

SourceUserID

ID of the user that created the incident.

ExternalID

ID of the incident.

Name

Name of the incident.

DeviceCustomString1

Alert name. This field is filled if the incident was created based of an alert. If multiple alerts were involved, these are specified as a comma-separated list.

DeviceCustomString2Label

alert name

DeviceCustomString5

Tenant ID.

DeviceCustomString5Label

tenant ID

DeviceCustomString6

Tenant name.

DeviceCustomString6Label

tenant name

Page top