Update an Incident

post /public_api/v1/incidents/update_incident

Update one or more fields of a specific incident. Missing fields are ignored. Note the following: - assigned_user_mail field is validated by Cortex XDR to confirm the provided assignee email address belongs to a user that exists in the same Cortex XDR tenant. - To unassign an incident pass none or ”assigned_user_mail”: “”. - To remove a manually set severity pass none or “manual_severity”: “”.

CURL

  curl -X POST \

-H "Accept: application/json" \
 -H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/incidents/update_incident" \
 -d '"{ \n   \"request_data\":{ \n      \"incident_id\":\"\",\n      \"update_data\":{ \n         \"assigned_user_mail\":\"username@test.com\",\n         \"assigned_user_pretty_name\":\"Hello World\",\n         \"manual_severity\":\"low\",\n         \"status\":\"resolved_other\",\n         \"resolve_comment\":\"This incident is resolved\"\n      }\n   }"'
  

Request

Body

optional

Example:

{"request_data":{"incident_id":"2927","update_data":{"assigned_user_mail":"username@test.com","assigned_user_pretty_name":"Hello World","manual_severity":"low","status":"resolved_other","resolve_comment":"This incident is resolved"}}}

request_data

optional

incident_id

required

String

A string representing the incident ID you want to update.

update_data

required

The data to update the incident with.

assigned_user_mail

optional

String

Updated email address of the incident assignee.

assigned_user_pretty_name

optional

String

Updated full name of the incident assignee. To supply a new value in this field, you must also supply a value for assigned_user_mail in the same request.

manual_severity

optional

String

Administrator-defined severity.Updated incident status.

status

optional

String

Updated incident status.

resolve_comment

optional

String

Descriptive comment explaining the incident change. This can be set only for resolved incidents.

comment

optional

Add a comment to the incident.

comment_action

required

String

The comment action must be 'add'.

value

required

String

The comment text.

Responses

Successful response

Body

Bad Request. Got an invalid JSON.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body

Unauthorized access. User does not have the required license type to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Internal server error. A unified status for API communication type errors. For example, test@test.com is not a valid Cortex XDR email address.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.