€•}”(Œget”}”(Œhelp”ŒList incidents ”Œreturn_type”ŒIncidentsAgentResponse”Œcli”}”Œusers”]”Œroot”asŒtype”Œdict”Œschema”}”(Œby_abuser_ip”}”(Œtype”Œstring”Œnullable”ˆŒhelp”ŒFilter by abuser IP address ”uŒby_country_code”}”(Œtype”Œstring”Œnullable”ˆŒhelp”ŒFilter by country code ”uŒ by_panel_user”}”(Œtype”Œstring”Œnullable”ˆŒhelp”ŒFilter by panel user domains ”uŒ by_plugin”}”(Œtype”Œstring”Œnullable”ˆŒhelp”Œ2Filter by plugin name (e.g., modsec, ossec, etc.) ”uŒby_list”}”(Œtype”Œlist”Œnullable”ˆŒschema”}”(Œtype”Œstring”Œallowed”]”(Œwhite”Œblack”Œgray”euŒhelp”Œ (internal)”uŒ by_purpose”}”(Œtype”Œlist”Œnullable”ˆŒschema”}”(Œtype”Œstring”Œallowed”]”(Œwhite”Œdrop”Œcaptcha”euŒhelp”Œ (internal)”uŒseverity”}”(Œtype”Œinteger”Œcoerce”Œint”Œnullable”ˆŒhelp”Œ‰Filter by minimum severity (1-15). See https://www.ossec.net/docs/manual/rules-decoders/rule-levels.html for details on severity levels. ”uŒsearch”}”(Œtype”Œstring”Œnullable”ˆŒhelp”Œ)Search by IP address, name, description. ”uŒlimit”}”(Œtype”Œinteger”Œcoerce”Œint”Œdefault”K2Œhelp”Œ Page size”uŒoffset”}”(Œtype”Œinteger”Œcoerce”Œint”Œdefault”KŒhelp”ŒPage offset”uŒsince”}”(Œtype”Œinteger”Œcoerce”Œint”Œexcludes”Œperiod”Œ check_with”]”Œ timestamp”aŒhelp”Œ*Show incidents after this unix timestamp. ”uŒto”}”(Œtype”Œinteger”Œcoerce”Œint”Œ check_with”]”Œ timestamp”aŒdefault_setter”Œnow”Œhelp”Œ+Show incidents before this unix timestamp. ”uŒperiod”}”(Œtype”Œperiod”Œcoerce”Œperiod”Œexcludes”Œsince”Œhelp”Œ (internal)”uŒorder_by”}”(Œtype”Œlist”Œschema”}”(Œtype”Œorder_by”Œcoerce”Œorder_by”uŒnullable”ˆŒhelp”Œ¸List of fields to order by, each followed by a `+` (ascending) or `-` (descending). E.g. `["severity+","timestamp-"]` would order by event severity ascending and timestamp descending. ”uuuŒclean”}”(Œhelp”Œ (internal)”Œcli”}”Œusers”]”Œroot”asŒtype”Œdict”Œschema”}”(Œdays”}”(Œtype”Œinteger”Œcoerce”Œint”Œmin”KŒ check_with”]”Œmax_days”auŒlimit”}”(Œtype”Œinteger”Œcoerce”Œint”uuuu.