post
/public_api/v1/incidents/update_incident
Update one or more fields of a specific incident. Missing fields are ignored.
Note the following:
- assigned_user_mail
field is validated by Cortex XDR to confirm the provided assignee email address belongs to a user that exists in the same Cortex XDR tenant.
- To unassign an incident pass none
or ”assigned_user_mail”: “”
.
- To remove a manually set severity pass none
or “manual_severity”: “”
.
CURL
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/incidents/update_incident" \
-d '"{ \n \"request_data\":{ \n \"incident_id\":\"\",\n \"update_data\":{ \n \"assigned_user_mail\":\"username@test.com\",\n \"assigned_user_pretty_name\":\"Hello World\",\n \"manual_severity\":\"low\",\n \"status\":\"resolved_other\",\n \"resolve_comment\":\"This incident is resolved\"\n }\n }"'
Request
Body
optional
Example:
{"request_data":{"incident_id":"2927","update_data":{"assigned_user_mail":"username@test.com","assigned_user_pretty_name":"Hello World","manual_severity":"low","status":"resolved_other","resolve_comment":"This incident is resolved"}}}
request_data
optional
incident_id
required
String
A string representing the incident ID you want to update.
update_data
required
The data to update the incident with.
assigned_user_mail
optional
String
Updated email address of the incident assignee.
assigned_user_pretty_name
optional
String
Updated full name of the incident assignee. To supply a new value in this field, you must also supply a value for
assigned_user_mail
in the same request.
manual_severity
optional
String
Administrator-defined severity.Updated incident status.
status
optional
String
Updated incident status.
resolve_comment
optional
String
Descriptive comment explaining the incident change. This can be set only for resolved incidents.
comment
optional
Add a comment to the incident.
comment_action
required
String
The comment action must be 'add'.
value
required
String
The comment text.
Responses