This API enables you to retrieve and update incidents. You can also determine the incident count based on search criteria and the number of changes to one or more incidents within a specified time window.
An incident is a cluster of alerts that all relate to the same issue. The following steps describe how Mooogsoft creates incidents:
The Correlation Engine examines each new alert and compares it to all open incidents.
If the Correlation Engine finds that an alert and an open incident are is correlated, it adds the alert to that incident.
If the Correlation Engine finds no correlation with any open incident, it creates a new incident and adds that alert.
You can create your own correlation definitions, based on the needs of your organization, that determine whether an alert is correlated with any open incident. If you have multiple definitions, the Correlation Engine might add the same alert to multiple incidents.
Incident objects are mostly "read-only," except for updating the owner and status. For this reason, most supported operations are GETs.