ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

EDR Incidents Resource API limitation


Article ID: 240054


Updated On:


Endpoint Detection and Response


EDR Incidents Resource API query is not retrieving all the incidents exported through EDR GUI.


By default the EDR Incidents Resource API (/atpapi/v2/incidents) limits the output to last 30 days if neither start_time nor end_time

For security reason the time range cannot be greater then 30 days.

As workaround EDR can be queried by using consecutive time ranges and concatenating the results into a single file output.




EDR is working as design. Refer to API portal for further details.