post
/public_api/v1/issue/{issue-id}
Update an existing issue in the system. Users can only update one issue at a time.
At least one of the following fields must be provided:
severitystatus
When setting status to Resolved, the status_resolution_reason field is required.
Required license: Cortex XSIAM Premium or Cortex XSIAM Enterprise or Cortex XSIAM NG SIEM or Cortex XSIAM Enterprise Plus.
Path parameters
issue-id
Integer
required
Numeric ID of the issue to update
Numeric ID of the issue to update
Example:
56
Request headers
Authorization
String
required
{api_key}
{api_key}
Example:
authorization_example
x-xdr-auth-id
String
required
{api_key_id}
{api_key_id}
Example:
xXdrAuthId_example
CLIENT REQUEST
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
-H
'Authorization: authorization_example'
-H
'x-xdr-auth-id: xXdrAuthId_example'
'https://api-yourfqdn/public_api/v1/issue/{issue-id}'
-d
''
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
payload = "{\"request_data\":{\"update_data\":{\"severity\":\"HIGH\",\"status\":\"Resolved\",\"status_resolution_reason\":\"Resolved - Other\",\"status_resolution_comment\":\"Issue has been marked as a false positive.\"}}}"
headers = {
'Authorization': "SOME_STRING_VALUE",
'x-xdr-auth-id': "SOME_STRING_VALUE",
'content-type': "application/json"
}
conn.request("POST", "/public_api/v1/issue/%7Bissue-id%7D", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/public_api/v1/issue/%7Bissue-id%7D")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'SOME_STRING_VALUE'
request["x-xdr-auth-id"] = 'SOME_STRING_VALUE'
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"update_data\":{\"severity\":\"HIGH\",\"status\":\"Resolved\",\"status_resolution_reason\":\"Resolved - Other\",\"status_resolution_comment\":\"Issue has been marked as a false positive.\"}}}"
response = http.request(request)
puts response.read_bodyconst data = JSON.stringify({
"request_data": {
"update_data": {
"severity": "HIGH",
"status": "Resolved",
"status_resolution_reason": "Resolved - Other",
"status_resolution_comment": "Issue has been marked as a false positive."
}
}
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api-yourfqdn/public_api/v1/issue/%7Bissue-id%7D");
xhr.setRequestHeader("Authorization", "SOME_STRING_VALUE");
xhr.setRequestHeader("x-xdr-auth-id", "SOME_STRING_VALUE");
xhr.setRequestHeader("content-type", "application/json");
xhr.send(data);HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/issue/%7Bissue-id%7D")
.header("Authorization", "SOME_STRING_VALUE")
.header("x-xdr-auth-id", "SOME_STRING_VALUE")
.header("content-type", "application/json")
.body("{\"request_data\":{\"update_data\":{\"severity\":\"HIGH\",\"status\":\"Resolved\",\"status_resolution_reason\":\"Resolved - Other\",\"status_resolution_comment\":\"Issue has been marked as a false positive.\"}}}")
.asString();import Foundation
let headers = [
"Authorization": "SOME_STRING_VALUE",
"x-xdr-auth-id": "SOME_STRING_VALUE",
"content-type": "application/json"
]
let parameters = ["request_data": ["update_data": [
"severity": "HIGH",
"status": "Resolved",
"status_resolution_reason": "Resolved - Other",
"status_resolution_comment": "Issue has been marked as a false positive."
]]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/issue/%7Bissue-id%7D")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/public_api/v1/issue/%7Bissue-id%7D",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"request_data\":{\"update_data\":{\"severity\":\"HIGH\",\"status\":\"Resolved\",\"status_resolution_reason\":\"Resolved - Other\",\"status_resolution_comment\":\"Issue has been marked as a false positive.\"}}}",
CURLOPT_HTTPHEADER => [
"Authorization: SOME_STRING_VALUE",
"content-type: application/json",
"x-xdr-auth-id: SOME_STRING_VALUE"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/issue/%7Bissue-id%7D");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "x-xdr-auth-id: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"update_data\":{\"severity\":\"HIGH\",\"status\":\"Resolved\",\"status_resolution_reason\":\"Resolved - Other\",\"status_resolution_comment\":\"Issue has been marked as a false positive.\"}}}");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/public_api/v1/issue/%7Bissue-id%7D");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "SOME_STRING_VALUE");
request.AddHeader("x-xdr-auth-id", "SOME_STRING_VALUE");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"update_data\":{\"severity\":\"HIGH\",\"status\":\"Resolved\",\"status_resolution_reason\":\"Resolved - Other\",\"status_resolution_comment\":\"Issue has been marked as a false positive.\"}}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Body parameters
required
request_dataobject
update_dataobject
severitystring (Enum)
statusstring (Enum)
status_resolution_reasonstring (Enum)
status_resolution_commentstring
application/json
request_dataobject
update_dataobjectAt least one of severity or status must be provided. When setting status to Resolved, the status_resolution_reason field is required.
At least one of severity or status must be provided. When setting status to Resolved, the status_resolution_reason field is required.
severitystring (Enum)
Example:
"HIGH"Allowed values:"INFO""LOW""MEDIUM""HIGH""CRITICAL"
statusstring (Enum)
Example:
"Resolved"Allowed values:"New""In Progress""Resolved"
status_resolution_reasonstring (Enum)Resolution reason when status is set to 'Resolved'. Required when resolving an issue. Built-in values are listed below. Additional values such as 'Resolved - Risk Accepted', 'Resolved - Fixed', and 'Resolved - Dismissed' may be available depending on tenant licensing. Values are case-insensitive.
Resolution reason when status is set to 'Resolved'. Required when resolving an issue. Built-in values are listed below. Additional values such as 'Resolved - Risk Accepted', 'Resolved - Fixed', and 'Resolved - Dismissed' may be available depending on tenant licensing. Values are case-insensitive.
Example:
"Resolved - Other"Allowed values:"Resolved - Threat Handled""Resolved - Known Issue""Resolved - Duplicate Issue""Resolved - False Positive""Resolved - Other""Resolved - True Positive""Resolved - Security Testing""Resolved - Risk Accepted""Resolved - Fixed""Resolved - Dismissed"
status_resolution_commentstring
Example:
"Issue has been marked as a false positive."REQUEST
{
"request_data": {
"update_data": {
"severity": "CRITICAL"
}
}
}{
"request_data": {
"update_data": {
"status": "In Progress"
}
}
}{
"request_data": {
"update_data": {
"status": "Resolved",
"status_resolution_reason": "Resolved - False Positive",
"status_resolution_comment": "Verified this is a false positive after investigation."
}
}
}{
"request_data": {
"update_data": {
"severity": "HIGH",
"status": "Resolved",
"status_resolution_reason": "Resolved - Known Issue",
"status_resolution_comment": "Known issue tracked in internal ticket."
}
}
}Responses
Issues updated successfully
Bad request
Body
application/json
errorstring
Example:
"Invalid request data"RESPONSE
{
"error": "Invalid request data"
}Unauthorized access
Body
application/json
errorstring
Example:
"Unauthorized request"RESPONSE
{
"error": "Unauthorized request"
}Internal server error
Body
application/json
errorstring
Example:
"Internal server error"RESPONSE
{
"error": "Internal server error"
}