Update Alerts

post /public_api/v1/alerts/update_alerts

Update one or more alerts. You can update up to 100 alerts per request. Missing fields are ignored.

Required license: Cortex XDR Prevent, Cortex XDR Pro per Endpoint, or Cortex XDR Pro per GB

CURL

  curl -X POST \

-H "Accept: application/json" \
 -H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/alerts/update_alerts" \
 -d '{
  "request_data" : {
    "alert_id_list" : [ "104173821", "574203823", "395720183" ],
    "update_data" : {
      "severity" : "medium",
      "status" : "resolved_other",
      "comment" : "This incident is resolved"
    }
  }
}'
  

Response

                {
    "reply": {
        "alerts_ids": [
            104173820,
            574203823,
            395720183
        ]
    }
}
              

Request

Body

optional

Example:

{"request_data":{"alert_id_list":"","update_data":{"severity":"low","status":"resolved_other","comment":"This alert is resolved"}}}

request_data

required

alert_id_list

required

Array of strings

A list representing the alert IDs you want to update.

update_data

required

The data you want to update the alerts with.

severity

optional

String (Enum)

Alert severity.

Allowed values:

critical

high

medium

low

informational

status

optional

String (Enum)

Updated alert status.

Allowed values:

new

resolved_threat_handled

under_investigation

resolved_security_testing

resolved_auto

resolved_known_issue

resolved_duplicate

resolved_other

resolved_false_positive

resolved_true_positive

comment

optional

String

Descriptive comment explaining the changes.

Responses

Successful response

Body

Bad Request. Got an invalid JSON.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Internal server error. A unified status for API communication type errors. For example, test@test.com is not a valid Cortex XDR email address.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.