# `LogpointApi.Core.Incident`
[🔗](https://github.com/MikaelFangel/logpoint_api/blob/v2.2.0/lib/logpoint_api/core/incident.ex#L1)

Manage incidents in Logpoint.

Wraps the [Incident API](https://docs.logpoint.com/siem/product-docs/readme/siem_api_reference/incident-api)
for listing, assigning, commenting on, and changing the state of incidents.

# `add_comments`

```elixir
@spec add_comments(LogpointApi.Data.Client.t(), list()) ::
  {:ok, map()} | {:error, term()}
```

Add comments to incidents.

# `assign`

```elixir
@spec assign(LogpointApi.Data.Client.t(), [String.t()], String.t()) ::
  {:ok, map()} | {:error, term()}
```

Assign incidents to a user.

# `close`

```elixir
@spec close(LogpointApi.Data.Client.t(), [String.t()]) ::
  {:ok, map()} | {:error, term()}
```

Close incidents.

# `get`

```elixir
@spec get(LogpointApi.Data.Client.t(), String.t(), String.t()) ::
  {:ok, map()} | {:error, term()}
```

Get incident data by object ID and incident ID.

# `get_users`

```elixir
@spec get_users(LogpointApi.Data.Client.t()) :: {:ok, map()} | {:error, term()}
```

Get users from the Logpoint instance.

# `list`

```elixir
@spec list(LogpointApi.Data.Client.t(), number(), number(), map()) ::
  {:ok, map()} | {:error, term()}
```

List incidents within a time range.

An optional `filters` map can be provided to filter by name, status, type,
risk, attack_category, attack_tag, log_source, or custom metadata fields.
Multiple values for a single filter can be comma-separated.

## Examples

    Incident.list(client, start_time, end_time)
    Incident.list(client, start_time, end_time, %{status: "unresolved", risk: "critical"})

# `list_states`

```elixir
@spec list_states(LogpointApi.Data.Client.t(), number(), number(), map()) ::
  {:ok, map()} | {:error, term()}
```

List incident states within a time range.

An optional `filters` map can be provided to filter by name, status, type,
risk, attack_category, attack_tag, log_source, or custom metadata fields.
Multiple values for a single filter can be comma-separated.

Note: filter support for this endpoint is unverified and filters may be
ignored by the API.

## Examples

    Incident.list_states(client, start_time, end_time)
    Incident.list_states(client, start_time, end_time, %{status: "unresolved"})

# `reopen`

```elixir
@spec reopen(LogpointApi.Data.Client.t(), [String.t()]) ::
  {:ok, map()} | {:error, term()}
```

Reopen incidents.

# `resolve`

```elixir
@spec resolve(LogpointApi.Data.Client.t(), [String.t()]) ::
  {:ok, map()} | {:error, term()}
```

Resolve incidents.

---

*Consult [api-reference.md](api-reference.md) for complete listing*