post
/public_api/v1/alerts/update_alerts
Update one or more alerts. You can update up to 100 alerts per request. Missing fields are ignored.
Required license: Cortex XDR Prevent, Cortex XDR Pro per Endpoint, or Cortex XDR Pro per GB
CURL
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/alerts/update_alerts" \
-d '{
"request_data" : {
"alert_id_list" : [ "104173821", "574203823", "395720183" ],
"update_data" : {
"severity" : "medium",
"status" : "resolved_other",
"comment" : "This incident is resolved"
}
}
}'
Response
{
"reply": {
"alerts_ids": [
104173820,
574203823,
395720183
]
}
}
Request
Body
optional
Example:
{"request_data":{"alert_id_list":"","update_data":{"severity":"low","status":"resolved_other","comment":"This alert is resolved"}}}
request_data
required
alert_id_list
required
Array
of strings
A list representing the alert IDs you want to update.
update_data
required
The data you want to update the alerts with.
severity
optional
String
(Enum)
Alert severity.
Allowed values:
critical
high
medium
low
informational
status
optional
String
(Enum)
Updated alert status.
Allowed values:
new
resolved_threat_handled
under_investigation
resolved_security_testing
resolved_auto
resolved_known_issue
resolved_duplicate
resolved_other
resolved_false_positive
resolved_true_positive
comment
optional
String
Descriptive comment explaining the changes.
Responses