Update one or more alerts. You can update up to 100 alerts per request. Missing fields are ignored.
Required license: Cortex Xpanse Expander
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/alerts/update_alerts" \
-d '{
"request_data" : {
"alert_id_list" : "alert_id_list",
"update_data" : {
"severity" : "severity",
"comment" : "comment",
"status" : "status"
}
}
}'
{
"reply": {
"alerts_ids": [
104173820,
574203823,
395720183
]
}
}
{"request_data":{"alert_id_list":"","update_data":{"severity":"low","status":"resolved_other","comment":"This alert is resolved"}}}
(Required) A dictionary containing the API request fields.
An empty dictionary returns all results.
Administrator-defined severity, one of the following:
- critical
- high
- medium
- low
- unknown
Updated alert status, one of the following:
- resolved_-_no_longer_observed
- new
- resolved_-_no_risk
- resolved_-_risk_accepted
- under_investigation
- resolved_-_contested_asset
- resolved_-_remediated_automatically
- resolved
Successful response
Bad Request. Got an invalid JSON.
Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
Unauthorized access. User does not have the required license type to run this API.
Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
Internal server error. A unified status for API communication type errors. For example, test@test.com is not a valid email address.