# GetIssueList Get a list of issue to import into your SIEM. Issues are one or more incidents that have been grouped by the Issue Keys. To receive a stream of the latest issues, save the issue id as bookmark and query on some interval for the latest issues that > this bookmark, ie the latest issue id you have previously queried. For additional details about each issue, you can query the GetIssueDetails API for the specific issue id Endpoint: GET /getIssues Version: 1.0.0 Security: AuthorizationHeader ## Query parameters: - `issue_type` (string) Used to retrieve only a specific issue type. If left empty, the issues will be retrieved for all the types.(recommended) Enum: "Access from Anonymous IP", "Access from Public VPN", "Access from Unauthorized Countries", "Access to Anonymous IP", "Access to Public VPN", "Access to Unauthorized Countries", "Auth Hash Quality", "Auth Hash Security", "Auth Protocol Quality", "Compromised Password", "Compromised User", "Deviation in Daily Asset Activity", "Enumeration of AD Admins", "Enumeration of AD Users", "Exposed Assets", "Lack of MFA", "Identity No MFA", "Asset No MFA", "Repeated AD Login Attempts at Invalid Time", "Repeated Login Attempts at Invalid Device", "Shadow Access", "Shadow Assets", "Shadow Identity Systems", "Suspected AD NTLM Relay Attack", "Suspected Attack on Disabled AD Account", "Suspected Attack on Expired AD Account", "Suspected Attack on Locked AD Account", "Suspected AD Brute-force Attack", "Suspected Identity Brute-force Attack", "Suspected Directory/IdP Bot Attack", "Suspected Directory/IdP Password Spray Attack", "Suspicious Inbound Access", "Suspicious Outbound Access", "Unauthorized Asset Access", "Unknown SaaS Access", "Weak Password", "Unauthorized Identity Access", "Impossible Travel", "Suspected Access Token Sharing" - `issue_id_gt` (string) Used to retrieve latest issues by issue id. All issues > this parameter will be returned (recommended) - `issue_time_gt` (string) Used to retrieve latest issues by Date / Time. All issues > this parameter will be returnedIf neither the issue_id_gt parameter field or this field is provided as parameter, the returns will default to the last 7 days. e.g. '2024-01-02 15:04:05' - `sort_order` (string) Sorting order, Default value is DESC. Enum: "ASC", "DESC" - `sort_by` (string) Field to sort by, Default value is issue_time. Enum: "issue_id", "issue_time", "flow_count", "incident_count", "risk" - `from` (integer) Starting point for pagination, Default value 0. - `size` (integer) Maximum number of records to return for pagination, Default value 1000. ## Response 200 fields (application/json): - `success` (boolean) Indicates if the request was successful. - `results` (array) - `results.issue_time` (string) First timestamp when issue was captured. Example: "2024-08-01T10:31:42.000Z" - `results.issue_id` (string) Issue Id. Example: "17263-1722579276407" - `results.issue_type` (string) Type of the issue. Example: "Auth Hash Security" - `results.playbook_name` (string) Playbook name associated with the issue. Example: "Auth Hash Security Playbook" - `results.issue_keys` (object) Field name(s) on which the related Incidents were grouped to create the issue. Example: {"domain":"example.com","hash_algo":"sha256"} - `results.message` (string) Description of the issue. Example: "The directory on example.com uses a weak hash algorithm md4 which is not secure and easy to crack." - `results.risk` (string) Risk associated with the issue. Enum: "Low", "Medium", "High", "Critical" - `results.flow_count` (integer) Total number of flows for the issue. Example: 500 - `results.incident_count` (integer) Total number of incidents for the issue. Example: 20 - `results.incidents_url` (string) URL link for the oldest issue incident on console. Example: "https://console.authmind.com/issues?q=id%3A3817066" - `results.issue_details_api` (string) URL link for fetching the issue details. Example: "https://console.authmind.com/amapi/v1/getIssueDetails?issue_id=17263-1722579276407" - `metadata` (object) Response metadata ## Response 400 fields (application/json): - `error` (string) Error string if request fails. - `success` (boolean) Indicates if the request was successful. - `results` (string,null)