Get Remediation Incident

Description

  • This endpoint can be used to get information about an existing incident. The information includes incident creation criteria, remediation status counts and information to restore a message, if needed.

Pre-requisites

  • In order to successfully use this endpoint the logged in user must be a Mimecast administrator with at least the Services | Threat Remediation | Read permission.

URI

To use this endpoint you send a POST request to:

  • /api/ttp/remediation/get-incident

Request Headers

The following request headers must be included in your request:

Field Description
Authorization Please see the Authorization guide for more information on building the Authorization header.
x-mc-req-id

A randomly generated GUID, for example,

8578FCFC-A305-4D9A-99CB-F4D5ECEFE297
x-mc-app-id The Application ID provided with your Registered API Application.
x-mc-date

The current date and time in the following format, for example,

Tue, 24 Nov 2015 12:50:11 UTC

Request Body

{
     "data": [
      {
       "id": "String"
      }
     ]
    }
data
Field Type Required Description
id String Required The Mimecast ID for a remediation incident, provided when an incident is created

Response

{
     "fail": [], 
     "meta": {
      "status": 200
     }, 
     "data": [
      {
       "code": "String", 
       "successful": "Number", 
       "identified": "Number", 
       "reason": "String", 
       "id": "String", 
       "create": "Date String", 
       "modified": "Date String", 
       "searchCriteria": {
        "to": "String", 
        "unremediateCode": "String", 
        "from": "String", 
        "fileHash": "String", 
        "messageId": "String", 
        "date": "Date String", 
        "end": "Date String", 
        "restoreCode": "String"
       }, 
       "failed": "Number", 
       "type": "String", 
       "restored": "Number"
      }
     ]
    }
meta object
Field Type Description
status Number The function level status of the request.
meta
Field Type Description
status Number The function level status of the request.
data
Field Type Description
reason String The reason provided when an incident was created
code String Incident code, used as a reference for a remediation incident
identified Number Number of messages identified by the search criteria
searchCriteria Search Criteria Array Conditions used to build a remediation incident. Includes messageId, file-hash, from or to addresses.
create Date String Date that the remediation incident was created
modified Date String Date that the remediation incident was last updated
restored Number The number of messages restored as part of the incident
failed Number The number of messages that failed to remediate as part of the incident
id String The Mimecast ID of the remediation incident, provided when the incident was created
type String The type of incident action taken. Can be one of: notify_only, automatic, manual or restored
successful Number The number of messages successfully remediated as part of the incident
Search Criteria
Field Type Description
unremediateCode String Code used to restore messages that were previously removed by remediation incident
start Date String The start date from the remediation incident creation
fileHash String The file hash provided during the remediation incident creation
messageId String The message ID provided during the remediation incident creation
restoreCode String The code provided to restore a message
from String The sender address provided at the remediation incident creation
end Date String The end date from the remediation incident creation
to String The recipient address provided at the remediation incident creation

Sample Code

Sample code is provided to demonstrate how to use the API and is not representative of a production application. To use the sample code; complete the required variables as described, populate the desired values in the request body, and execute in your favorite IDE.  Please see the Global Base URL's page to find the correct base URL to use for your account.

POST {base_url}/api/ttp/remediation/get-incident
    Authorization: MC {accesskKey}:{Base64 encoded signed Data To Sign}
    x-mc-date: {dateTime}
    x-mc-req-id: {unique id}
    x-mc-app-id: {applicationId}
    Content-Type: application/json
    Accept: application/json
    
    
    {
      "data":[
        {
            "id": "String"
        }
      ]
    }