Actions129
- Calendar Permission Actions
- CIPP Administration Actions
- Execute API Client (GET)
- Execute Auto Backup
- Execute Extension Mapping (GET)
- Execute Extension Mapping (POST)
- Execute Extension Sync
- Execute Extensions Config
- Execute Password Config (POST)
- Execute Restore Backup
- Execute Run Backup
- List Custom Roles
- List Extension Sync
- List Logs
- List Scheduled Items
- Remove Scheduled Item
- Execute API Client (POST)
- Execute Extension Test
- Execute Password Config (GET)
- List Backups
- List Function Parameters
- Group Actions
- Intune Actions
- Add MSP App
- Add Office App
- Add Policy
- Add Store App
- Assign App
- Assign Autopilot Device
- Device Action
- Get Recovery Key
- List Applications
- List Application Queue
- List Autopilot Config
- List Devices
- List Intune Scripts
- List Intune Templates
- Remove Autopilot Device
- Remove Policy
- Remove Queued App
- Add Choco App
- Add WinGet App
- Assign Policy
- Get Local Admin Password
- List Autopilot Devices
- List Intune Policies
- Remove App
- Remove Intune Script
- Sync Autopilot Devices
- License Actions
- Security & Compliance Actions
- Teams & SharePoint Actions
- Tenant Actions
- Add Alert
- Clear Tenant Cache
- Execute CA Exclusion
- Execute Named Location
- Get Tenant
- List Alerts Queue
- List Azure AD Connect Status
- List Conditional Access Policies
- List Named Locations
- List Shared Mailbox Statistics
- List Standards
- List Tenants
- Remove Standard Template
- Add Named Location
- Edit Tenant
- Execute Standards Run
- List Audit Logs
- List CSP Licenses
- List Roles
- List Standard Templates
- Tool Actions
- User Actions
- Add User
- Exec Restore Deleted User
- List User
- List User Conditional Access Policies
- List User Groups
- Clear Immutable ID
- Create Temporary Access Password
- Delete User Device
- Dismiss Risky User
- List Deleted Items
- List Inactive Accounts
- List Sign-Ins
- Remove User
- Reset MFA
- Restore Deleted Item
- Revoke Sessions
- Set Email Forward
- Set Per-User MFA
- List All Users
- List User Counts
- List User Devices
- Convert Mailbox
- Disable User
- Enable Archive
- List MFA Users
- Offboard User
- Reset Password
- Send MFA Push
- Set Out of Office
Overview
This node interacts with the Security & Compliance resource of the CIPP API to set the status of a security incident. It allows users to update the incident's status and assign the incident to a specific user. This is useful in security operations and incident management workflows where automated updates to incident statuses are required, such as marking incidents as resolved or assigning them to team members for further investigation.
Use Case Examples
- Automatically update the status of a security incident to 'Resolved' after investigation.
- Assign a security incident to a specific analyst for follow-up.
Properties
| Name | Meaning |
|---|---|
| Tenant Filter | The tenant ID or domain name to filter the incidents for the specific tenant. |
| GUID | The unique identifier (GUID) of the alert or incident to update. |
| Incident Status | The status to set for the incident (optional). This could be values like 'Active', 'Resolved', etc. |
| Assigned To | The user to assign the incident to (optional). This helps in delegating incident handling. |
| Request Options | Additional request options such as batching, SSL certificate validation, proxy settings, and timeout configurations to control how the API requests are made. |
Output
JSON
incidentId- The unique identifier of the incident that was updated.status- The new status set for the incident.assignedTo- The user to whom the incident was assigned.message- A message indicating the result of the status update operation.
Dependencies
- Requires an API key credential for authenticating with the CIPP API.
Troubleshooting
- Ensure the tenant ID or domain name is correct and accessible.
- Verify the GUID corresponds to an existing incident or alert.
- Check that the API credentials have sufficient permissions to update incident statuses.
- If SSL issues occur, consider enabling the option to ignore SSL certificate validation, but be aware of security risks.
- Proxy settings must be correctly configured if used, including authentication details if required.
- Timeout settings should be adjusted based on network conditions to avoid premature request termination.
Links
- CIPP API Documentation - Set Incident Status - Official documentation for setting incident status using the CIPP API.