https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/get-incidents-filter-by-status-question/m-p/1226092#M8204 <P>Hi&nbsp;<SPAN>Ashutosh,</SPAN></P> <P>&nbsp;</P> <P>I'd be happy to open a technical CS case. I will reference this discussion.</P> <P>&nbsp;</P> <P>Thanks!</P> <P>Lee</P> Wed, 09 Apr 2025 14:13:54 GMT L.Nix028859 2025-04-09T14:13:54Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/get-incidents-filter-by-status-question/m-p/1225609#M8180 <P>Hi all!</P> <P>&nbsp;</P> <P>I see the docs (<A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Get-all-Incidents" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Get-all-Incidents</A>) for get_incidents lists only eq/neq operators for the field 'status' and when implementing a new filter model for this endpoint I noticed we are successfully using the 'in' operator:</P> <LI-CODE lang="python">{'field': 'status', 'operator': 'in', 'value': ['new', 'under_investigation']} # returns incidents with either 'new' or 'under_investigation' status</LI-CODE> <P>&nbsp;Is this officially supported?</P> <P>&nbsp;</P> <P>I can't reproduce this affect using two filters like:</P> <LI-CODE lang="python">'filters': [{'field': 'status', 'operator': 'eq', 'value': 'new'}, {'field': 'status', 'operator': 'eq', 'value': 'under_investigation'}] # returns empty results - I suspect due to AND concatenation of the filters</LI-CODE> <P>&nbsp;We would like to keep strict implementations per the documentation and thus currently only accept 'eq'/'neq' operators for field: 'status'.</P> <P>&nbsp;</P> <P>What would be the officially supported method to achieve the same results as 'status' 'in' &lt;list&gt;?</P> <P>&nbsp;</P> <P>Do I need to use 'status' 'neq' for every status except 'new' and 'under_investigation'?</P> <P>&nbsp;</P> <P>Thanks!</P> Thu, 03 Apr 2025 16:48:52 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/get-incidents-filter-by-status-question/m-p/1225609#M8180 L.Nix028859 2025-04-03T16:48:52Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/get-incidents-filter-by-status-question/m-p/1226089#M8203 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1479387519">@L.Nix028859</a>&nbsp;,</P> <P>&nbsp;</P> <P>We need to check this with product Team. Can you please open CS case for the same? Or please reach out to Accounts Team.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Ashutosh</P> Wed, 09 Apr 2025 13:26:26 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/get-incidents-filter-by-status-question/m-p/1226089#M8203 aspatil 2025-04-09T13:26:26Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/get-incidents-filter-by-status-question/m-p/1226092#M8204 <P>Hi&nbsp;<SPAN>Ashutosh,</SPAN></P> <P>&nbsp;</P> <P>I'd be happy to open a technical CS case. I will reference this discussion.</P> <P>&nbsp;</P> <P>Thanks!</P> <P>Lee</P> Wed, 09 Apr 2025 14:13:54 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/get-incidents-filter-by-status-question/m-p/1226092#M8204 L.Nix028859 2025-04-09T14:13:54Z