/admin/audit/incidentsCreate a new security incident. References: NIST SP 800-61 Rev.2 (Incident Handling), ISO 27001:2022 Annex A.5.24-5.26.
Schema: dto.CreateIncidentRequest
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
severity |
string |
Yes | critical |
||
title |
string |
Yes | Multi-account brute force |
||
assignee |
string |
No | analyst-001 |
||
description |
string |
No | Multiple tenant accounts under brute force attack |
||
related_evidence_ids |
array of string |
No | |||
source_anomaly_ids |
array of string |
No |
| Status | Description | Schema |
|---|---|---|
| 201 | Created incident | dto.IncidentDataResponse |
| 400 | Request parameter validation failed | dto.Problem |
| 401 | Unauthenticated | dto.Problem |
| 500 | Internal server error | dto.Problem |
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
code |
string |
No | Code is the error code (optional) Used by programs to identify error types, e.g., "required", "format", "range" | ||
description |
string |
No | Description is a human-readable error description Should explain what rule was violated, e.g., "Must be a valid email address" | ||
field |
string |
No | Field is the path to the error field Uses dot notation for nested fields, e.g., "user.email" or "addresses[0].city" | ||
value |
object |
No | Value is the value that caused the error (optional, used in development mode) May not be returned in production to avoid leaking sensitive information |
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
code |
integer |
No | |||
data |
dto.IncidentResponse |
No | |||
message |
string |
No | |||
timestamp |
string |
No |
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
assignee |
string |
No | analyst-001 |
||
created_at |
string |
No | 2026-01-01T00:00:00Z |
||
description |
string |
No | Multiple tenant accounts detected under brute force attack |
||
id |
string |
No | inc_abc123 |
||
related_evidence_ids |
array of string |
No | |||
resolved_at |
string |
No | 2026-01-01T03:00:00Z |
||
resolved_by |
string |
No | op-001 |
||
severity |
string |
No | critical |
||
source_anomaly_ids |
array of string |
No | |||
status |
string |
No | open |
||
tenant_id |
string |
No | tnt_abc123 |
||
title |
string |
No | Multi-account brute force |
||
updated_at |
string |
No | 2026-01-01T00:00:00Z |
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
code |
integer |
No | Code is the business error code Used by programs to handle specific error scenarios Example: 30101001 | ||
detail |
string |
No | Detail is a human-readable explanation for this specific error instance Can contain specific error details, e.g., "Field 'email' is required" | ||
errors |
array of |
No | Errors is a list of field-level validation errors (extension field) Follows Web API standard practices, each error contains field name and error message | ||
i18n_args |
object |
No | I18nArgs are internationalization parameters Used to dynamically fill translation templates | ||
i18n_key |
string |
No | I18nKey is the internationalization key Used for client-side localization of error messages Example: "error.user_not_found" | ||
instance |
string |
No | Instance is the specific URI reference where the problem occurred Usually the request URL, may include query parameters Example: "/api/v1/users?limit=invalid" | ||
request_id |
string |
No | RequestID is the unique request identifier Used for log correlation and issue tracking Example: "req_550e8400-e29b-41d4-a716-446655440000" | ||
retry_after |
integer |
No | RetryAfter is used for 429 Too Many Requests responses Indicates the number of seconds the client should wait before retrying (RFC 6585) | ||
service |
string |
No | Service is the service name Used in microservice architecture to locate the error source Example: "auth-service" | ||
span_id |
string |
No | SpanID is the current span identifier Used to precisely locate the current node in a distributed trace | ||
status |
integer |
No | Status is the HTTP status code generated Used by clients to distinguish problem types, does not change with Accept-Language Example: 400, 401, 403, 404, 500 | ||
timestamp |
string |
No | Timestamp is the error occurrence time ISO 8601 format Example: "2026-04-03T12:00:00Z" | ||
title |
string |
No | Title is a short, human-readable summary of the problem type The same Type should always have the same Title (does not change per instance) Example: "Invalid Request Parameters" | ||
trace_id |
string |
No | TraceID is the distributed tracing identifier Follows W3C Trace Context standard Example: "00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01" | ||
type |
string |
No | Type is a URI reference identifying the problem type When dereferenced, should provide human-readable documentation Example: "https://api.example.com/errors/invalid-request" |