@spec add_comments(LogpointApi.Data.Client.t(), list()) ::
  {:ok, map()} | {:error, term()}

Add comments to incidents.

@spec assign(LogpointApi.Data.Client.t(), [String.t()], String.t()) ::
  {:ok, map()} | {:error, term()}

Assign incidents to a user.

@spec close(LogpointApi.Data.Client.t(), [String.t()]) ::
  {:ok, map()} | {:error, term()}

Close incidents.

@spec get(LogpointApi.Data.Client.t(), String.t(), String.t()) ::
  {:ok, map()} | {:error, term()}

Get incident data by object ID and incident ID.

@spec get_users(LogpointApi.Data.Client.t()) :: {:ok, map()} | {:error, term()}

Get users from the Logpoint instance.

@spec list(LogpointApi.Data.Client.t(), number(), number(), map()) ::
  {:ok, map()} | {:error, term()}

List incidents within a time range.

An optional filters map can be provided to filter by name, status, type, risk, attack_category, attack_tag, log_source, or custom metadata fields. Multiple values for a single filter can be comma-separated.

Examples

Incident.list(client, start_time, end_time)
Incident.list(client, start_time, end_time, %{status: "unresolved", risk: "critical"})

@spec list_states(LogpointApi.Data.Client.t(), number(), number(), map()) ::
  {:ok, map()} | {:error, term()}

List incident states within a time range.

An optional filters map can be provided to filter by name, status, type, risk, attack_category, attack_tag, log_source, or custom metadata fields. Multiple values for a single filter can be comma-separated.

Note: filter support for this endpoint is unverified and filters may be ignored by the API.

Examples

Incident.list_states(client, start_time, end_time)
Incident.list_states(client, start_time, end_time, %{status: "unresolved"})

@spec reopen(LogpointApi.Data.Client.t(), [String.t()]) ::
  {:ok, map()} | {:error, term()}

Reopen incidents.

@spec resolve(LogpointApi.Data.Client.t(), [String.t()]) ::
  {:ok, map()} | {:error, term()}

Resolve incidents.