post
/public_api/v1/alerts/update_alerts/
Required license: **Cortex Xpanse Expander**
Update one or more alerts. You can update up to 100 alerts per request. Missing fields are ignored.
CURL
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" -H "authorization: {{api_key}}" -H "x-xdr-auth-id: {{api_key_id}}" \
"https://api-}/public_api/v1/alerts/update_alerts/" \
-d '{
"request_data" : ""
}'
Request headers
authorization
required
String
api-key
Example:
{{api_key}}
x-xdr-auth-id
required
String
api-key-id
Example:
{{api_key_id}}
Request
Body
required
request_data
required
Object
(Required) A dictionary containing the API request fields.
An empty dictionary returns all results.
(Required) A dictionary containing the API request fields. An empty dictionary returns all results.
alert_id_list
optional
Array
of strings
update_data
required
severity
optional
String
Administrator-defined severity, one of the following:
- critical
- high
- medium
- low
- unknown
status
optional
String
Updated alert status, one of the following:
- resolved_-_no_longer_observed
- new
- resolved_-_no_risk
- resolved_-_risk_accepted
- under_investigation
- resolved_-_contested_asset
- resolved_-_remediated_automatically
- resolved
comment
optional
String
Updated text that appears in the Resolution Comment field of the Alerts table.
Responses