Contents
Closing alerts
POST /xdr/api/v1/alerts/close
Sets the status value to closed for the specified alert.
Example:
https://api.example.com/xdr/api/v1/alerts/close
Request body
Format: JSON
Example:
[
{
"ID": "00000000-0000-0000-0000-000000000000",
"TenantID": "00000000-0000-0000-0000-000000000000",
"Reason": "falsePositive"
}
]
|
Name |
Data type |
Mandatory |
Description |
Value example |
ID |
string |
Yes |
The alert id. |
00000000-0000-0000-0000-000000000000 |
TenantID |
string |
Yes |
The tenant id. |
00000000-0000-0000-0000-000000000000 |
Reason |
string |
Yes |
The reason for closure. |
falsePositive lowPriority |
Response
HTTP code: 204
If the alert has already been closed with the same reason value, the response code is also 204.
Possible Errors
HTTP code |
Description |
|
|
400 |
The ID value is not specified. |
id required |
|
400 |
The Reason value is not specified. |
reason required |
|
400 |
The Reason value is invalid. |
invalid reason |
|
403 |
The user does not have the required role in the Alerts and incidents functional area in any of the specified tenants. |
access denied |
|
404 |
The alert with the specified ID is not found. |
alert not found |
|
500 |
Any other internal errors. |
variable |
variable |