Create an Alert
POST/workspace/:ws_id/case_management/table/alerts
Adds a new Alert record.
Request
Path Parameters
Workspace ID
- application/json
Body
required
Alert Data
Possible values: [1, 2, 3, 4]
Possible values: [Malware, Ransomware, Adware, Spyware, Crypto Miner, Data Exfiltration, Insider Threat, Network Intrusion, DoS, DDoS, MITM, SQL Injection, Email Spoofing, DNS Spoofing, C2 Communications, Rogue Device, Brute Force, Phishing, Compromised Credentials, Account Takeover, Physical, Vulnerability, Reconnaissance, Domain Takeover, Lateral Movement, Network Exposure, Data Exposure, Credential Exposure, Suspicious User Activity, Suspicious Login, Suspicious Network Activity, Suspicious USB Device, Security Policy Violation, Security Compliance Violation]
Possible values: [CrowdStrike, Checkpoint, Delinea, Securonix, Falcon LogScale, Splunk, ArcSight, SolarWinds Service Desk, Datadog, SentinelOne, Microsoft Defender For Cloud, Microsoft Defender For Cloud Apps, Microsoft Defender For Endpoints]
Responses
- 200
- 400
OK
- */*
- Schema
- Example (from schema)
Schema
Possible values: [1, 2, 3, 4]
Possible values: [Malware, Ransomware, Adware, Spyware, Crypto Miner, Data Exfiltration, Insider Threat, Network Intrusion, DoS, DDoS, MITM, SQL Injection, Email Spoofing, DNS Spoofing, C2 Communications, Rogue Device, Brute Force, Phishing, Compromised Credentials, Account Takeover, Physical, Vulnerability, Reconnaissance, Domain Takeover, Lateral Movement, Network Exposure, Data Exposure, Credential Exposure, Suspicious User Activity, Suspicious Login, Suspicious Network Activity, Suspicious USB Device, Security Policy Violation, Security Compliance Violation]
Possible values: [CrowdStrike, Checkpoint, Delinea, Securonix, Falcon LogScale, Splunk, ArcSight, SolarWinds Service Desk, Datadog, SentinelOne, Microsoft Defender For Cloud, Microsoft Defender For Cloud Apps, Microsoft Defender For Endpoints]
{
"description": "Malware detected and blocked by CrowdStrike Falcon",
"event": "{\"process\": \"malware.exe\", \"action\": \"blocked\"}",
"name": "CrowdStrike Falcon Detection",
"severity": 3,
"type": "Endpoint Detection and Response (EDR)",
"vendor": "CrowdStrike"
}
Failed to create record
- */*
- Schema
- Example (from schema)
Schema
{
"data": {},
"details": "string",
"identifier": "string",
"message": "string",
"status": 404,
"user_error": {}
}