Retrieve all open incidents across your fleet via the CLI or API.
Using the CLI
# Install once
npm install -g @powersec/cli
psec login --api-key psec_live_xxx
# View open incidents
psec incidents list --status open
# Critical only
psec incidents list --status open --limit 50
Via the API
GET /api/incidents?status=open
Authorization: Bearer <your-api-key>
Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
status |
string | all | Filter: open, investigating, resolved, closed |
severity |
string | — | Filter: critical, high, medium, low |
siteId |
string | — | Limit to one site |
limit |
integer | 20 | Results per page (max 100) |
page |
integer | 1 | Page number |
Example response
{
"success": true,
"incidents": [
{
"id": "inc_abc",
"title": "Malware detected",
"type": "malware",
"severity": "critical",
"status": "open",
"siteId": "site_xyz",
"detectedAt": "2026-05-01T12:00:00Z"
}
],
"total": 5
}
Generate an API key
Dashboard → Settings → API Keys → Create new key
Keys start with psec_live_. Use them for both CLI and direct API calls.
Shell example
TOKEN="psec_live_xxx"
curl -s "https://powersec.io/api/incidents?status=open&severity=critical" \
-H "Authorization: Bearer $TOKEN" | jq ".incidents[] | {title, siteId, detectedAt}"
Note: Incidents are security detections (malware, webshells, brute-force). Vulnerabilities (CVEs) are separate — see
psec sites status <site>or Dashboard → Vulnerabilities.