Overview
As part of ongoing improvements to the Incydr platform, the legacy API endpoints listed below will stop working on February 28, 2026.
These deprecated endpoints have been replaced with updated versions that more closely align with current Incydr functionality and capabilities. The replacement endpoints also provide improved integration consistency, streamlined workflows, and richer insider risk data and insights.
Summary of changes
The following table outlines the deprecated API endpoints and their replacements:
| Item | Deprecated endpoint | Replacement endpoint |
| File event metadata | /v1/file-events | /v2/file-events |
| Alerts and sessions | v1/alerts | /v1/sessions |
| Alert rules | v1/alert-rules | /v2/alert-rules |
| User risk profiles |
/v1/user-risk-profiles /v2/user-risk-profiles |
/v1/actors |
| Watchlists | /v1/watchlists | /v2/watchlists |
Transition to supported endpoints
To avoid potential service interruptions, you must update scripts and integrations that use the deprecated endpoints before February 28, 2026.
- For details about the differences between
/v1/file-eventsand/v2/file-events, see File event metadata changes. - For help migrating from
/v1/alertsto/v1/sessions, see Incydr API: Migrate from alerts to sessions. - For help migrating from
/v1/watchliststo/v2/watchlists, see Incydr API: Migrate watchlists from v1 to v2.
If you are unsure which deprecated endpoints are in use in your environment, contact our Technical Support Engineers or your Customer Success Manager (CSM) for assistance.
Use the Incydr SDK and Incydr CLI to streamline migration
The Incydr SDK and Incydr CLI are the recommended tools for all insider risk integrations. They provide enhanced functionality and have replaced the deprecated PY42 SDK and Code42 CLI.
Event data export
You may be able to replace your custom scripts and integrations with the Event Data Export functionality in the Incydr console. This export feature enables you to configure external tools to ingest Incydr event data directly from AWS S3, without the need for custom scripts or direct API integrations.
Partner integrations
If you leverage third-part integrations from Securonix, Exabeam, Rapid7, Sumo Logic, Nullafi, LogRhythm, Palo Alto XDR, or Splunk SOAR, contact them directly to ensure your integration is updated and configured to use the supported endpoints.
Using Splunk SIEM or Cortex XSOAR?
Incydr has already released updated versions of these integrations. Make sure you install the latest version.
Related topics
- Incydr Developer Portal: Detailed API documentation, SDKs, and other tools.
- Py42 end-of-life FAQ
- Code42 CLI end-of-life FAQ
- File event metadata changes
- Incydr API: Migrate from alerts to sessions
- Incydr API: Migrate watchlists from v1 to v2
Comments
Please sign in to leave a comment.