Finding suppressed incidents

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Finding suppressed incidents

L1 Bithead


I need to make an HTTP request to get suppressed incidents from the main account. Is anyone has an idea how can a filter those incidents? Thanks!


L3 Networker

Hi, What are suppressed incidents?

L3 Networker

Are you referring to "restricted" incidents? In a recent update (I believe 6.2) the option for the admin account to view all incidents that are also marked as "restricted" was removed. From my understanding, if the incident is marked as "restricted" and the admin account is not an explicit team member of the incident, then the search will not return the restricted incidents.


You could use something such as Team Management Pack to add the admin account to each incident that is restricted.

I just start learning XSOAR. I don't have much of an idea on this either. I couldn't find any information in the documentation but I read that  If not required to take any direct action on an event you can suppress it. I don't know might be setting alerts or creating a playbook to achieve this. My focus is to find if there is any.

Thanks for your response. I will take a look but I think it's more about the access control. I am looking for filtering incidents. For example, I can filter the closed incidents by status:Closed. 

L3 Networker
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!