updateIncidentState

A valid Incident Orchestration license is required for this resource

Update Incident state

Input fields

incidentId (ID!)
state (IncidentState!)

Return fields

_id (ID!)

Id

classification (ThreatClassification)

The classification of the incident, calculated by classifications of the threats and severity

createdAt (Date)

Time when the incident database record was created

escalation (IncidentEscalation)

Escalation metadata

firstReportedAt (Date)

Time when the first threat was reported and the incident was created

globalThreatCount (Int!)

Count of related threats in the whole hoxhunt network

hasSensitiveInformation (Boolean)

If incident has sensitive information

humanReadableId (ID!)

Id

lastReportedAt (Date)

Time when the last threat was reported to the incident (can be used to track when a new threat is reported to the incident)

notes ([IncidentNote])

Notes left for an incident

organization (Organization!)

Organization that this incident happened in

organizationId (ID!)

Organization ID

policyName (IncidentPolicy!)

Which incident policy created this incident

responseUrl (String!)

Link that can be used to view the incident in the Hoxhunt Respnse UI

ruleMatches ([IncidentRuleMatch!]!)

Incident rules that have matched the incident @filterable @sortable

Argument Type Description
filter IncidentRuleMatch_filter
sort [IncidentRuleMatch_sort]
severity (ThreatSeverity)

Incident severity

socClassification (SocClassification)

Soc classification

state (IncidentState!)

Incident of the state, e.g. RESOLVED

threatCount (Int!)

Count of related threats

threatMetadata (ThreatMetaData)

Metadata about the threats in the incident

threats ([Threat]!)

Threats related to the incident @filterable @paginatable @sortable

Argument Type Description
after ID
before ID
filter Threat_filter
first Int
last Int
search String
skip Int
sort [Threat_sort]
updatedAt (Date)

Time when the incident database record was last updated (update is not necessarily related to the incident itself)