Insert Parsed Alerts

Cortex XDR REST API

post /public_api/v1/alerts/insert_parsed_alerts

Upload alerts from external alert sources in Cortex XDR format. Cortex XDRdisplays alerts that are parsed successfully in related incidents and views. You can send 600 alerts per minute. Each request can contain a maximum of 60 alerts.

Required license: Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB

CURL
curl -X POST \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ "https://api-yourfqdn/public_api/v1/alerts/insert_parsed_alerts" \ -d '{ "request_data" : { "alerts" : [ { "severity" : "severity", "product" : "product", "remote_ip_v6" : "remote_ip_v6", "alert_description" : "alert_description", "local_port" : "local_port", "remote_port" : "remote_port", "event_timestamp" : 0, "local_ip" : "local_ip", "local_ip_v6" : "local_ip_v6", "remote_ip" : "remote_ip", "vendor" : "vendor", "alert_name" : "alert_name", "action_status" : "action_status" }, { "severity" : "severity", "product" : "product", "remote_ip_v6" : "remote_ip_v6", "alert_description" : "alert_description", "local_port" : "local_port", "remote_port" : "remote_port", "event_timestamp" : 0, "local_ip" : "local_ip", "local_ip_v6" : "local_ip_v6", "remote_ip" : "remote_ip", "vendor" : "vendor", "alert_name" : "alert_name", "action_status" : "action_status" } ] } }'
Request
Body
optional
Example: {"request_data":{"alerts":[{"product":"VPN & Firewall-1","vendor":"","local_ip":"","local_port":"","remote_ip":"","remote_port":"","event_timestamp":1543270652000,"severity":"Low","alert_name":"Alert Name Example","alert_description":"Alert Description","action_status":"Reported","local_ip_v6":"","remote_ip_v6":""}]}}
request_data
optional
alerts
optional
Array
The external alerts you want to upload to Cortex XDR.
product
optional
String
vendor
optional
String
local_ip
optional
String
local_port
optional
String
remote_ip
optional
String
remote_port
optional
String
event_timestamp
optional
Integer
severity
optional
String
alert_name
optional
String
alert_description
optional
String
action_status
optional
String
local_ip_v6
optional
String
remote_ip_v6
optional
String
Responses

Successful response

Body

Bad Request. Got an invalid JSON.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Internal server error. A unified status for API communication type errors.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.