Retrieve informative BTP issues settings

Cortex XSIAM Platform APIs
post /public_api/v1/configurations/agent/informative_btp_issues

Returns the current configuration for displaying informative Behavioral Threat Protection (BTP) alert names and descriptions.

When enabled, BTP alerts are shown with unique, descriptive names and descriptions that provide immediate clarity into the detected behavior without requiring drill-down into each alert. This setting only affects new alerts, existing alerts are not retroactively updated.

Authentication: api-key-header-x-xdr-auth-id Api Key "x-xdr-auth-id"
Authentication: api-key-header-authorization Api Key "Authorization"
CLIENT REQUEST
curl -X 'POST'
-H "x-xdr-auth-id: [[apiKey]]" \
-H "Authorization: [[apiKey]]" \
-H 'Accept: application/json'
'https://api-yourfqdn/public_api/v1/configurations/agent/informative_btp_issues'
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") headers = { 'x-xdr-auth-id': "REPLACE_KEY_VALUE" } conn.request("POST", "/public_api/v1/configurations/agent/informative_btp_issues", headers=headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/v1/configurations/agent/informative_btp_issues") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["x-xdr-auth-id"] = 'REPLACE_KEY_VALUE' response = http.request(request) puts response.read_body
const data = null; const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-yourfqdn/public_api/v1/configurations/agent/informative_btp_issues"); xhr.setRequestHeader("x-xdr-auth-id", "REPLACE_KEY_VALUE"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/configurations/agent/informative_btp_issues") .header("x-xdr-auth-id", "REPLACE_KEY_VALUE") .asString();
import Foundation let headers = ["x-xdr-auth-id": "REPLACE_KEY_VALUE"] let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/configurations/agent/informative_btp_issues")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/v1/configurations/agent/informative_btp_issues", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_HTTPHEADER => [ "x-xdr-auth-id: REPLACE_KEY_VALUE" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/configurations/agent/informative_btp_issues"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "x-xdr-auth-id: REPLACE_KEY_VALUE"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/v1/configurations/agent/informative_btp_issues"); var request = new RestRequest(Method.POST); request.AddHeader("x-xdr-auth-id", "REPLACE_KEY_VALUE"); IRestResponse response = client.Execute(request);
Responses

Successful response containing the current BTP issues configuration.

Body
application/json

Current informative BTP issues display configuration.

replyobject
display_unique_and_informative_btp_rulesboolean

Indicates whether unique and informative Behavioral Threat Protection (BTP) rules are currently displayed in the console.

Example:true
RESPONSE
{ "reply": { "display_unique_and_informative_btp_rules": true } }

Bad request. The request was malformed or contained invalid parameters.

Body
application/json

Standard error response returned when a request fails.

replyobject

Error details container.

err_codeinteger

Numeric error code identifying the type of error.

err_msgstring

Human-readable error message describing what went wrong.

err_extrastring

Additional context about the error, if available.

RESPONSE
{ "reply": { "err_code": 400, "err_msg": "Bad request. Got an invalid JSON.", "err_extra": "Additional error context" } }

Unauthorized. Authentication credentials are missing or invalid.

Body
application/json

Standard error response returned when a request fails.

replyobject

Error details container.

err_codeinteger

Numeric error code identifying the type of error.

err_msgstring

Human-readable error message describing what went wrong.

err_extrastring

Additional context about the error, if available.

RESPONSE
{ "reply": { "err_code": 401, "err_msg": "Public API request unauthorized", "err_extra": "Additional error context" } }

Forbidden. The API key does not have the required permissions.

Body
application/json

Standard error response returned when a request fails.

replyobject

Error details container.

err_codeinteger

Numeric error code identifying the type of error.

err_msgstring

Human-readable error message describing what went wrong.

err_extrastring

Additional context about the error, if available.

RESPONSE
{ "reply": { "err_code": 403, "err_msg": "Forbidden. Access was denied to this resource.", "err_extra": "Insufficient permissions for api key" } }

Internal server error.

Body
application/json

Standard error response returned when a request fails.

replyobject

Error details container.

err_codeinteger

Numeric error code identifying the type of error.

err_msgstring

Human-readable error message describing what went wrong.

err_extrastring

Additional context about the error, if available.

RESPONSE
{ "reply": { "err_code": 500, "err_msg": "Internal server error", "err_extra": "Additional error context" } }