POST
/
workspace
/
{ws_id}
/
case_management
/
table
/
alerts
curl --request POST \
  --url https://app.blinkops.com/api/v1/workspace/{ws_id}/case_management/table/alerts \
  --header 'BLINK-API-KEY: <api-key>' \
  --header 'Content-Type: */*' \
  --data '{
  "description": "Malware detected and blocked by CrowdStrike Falcon",
  "event": "{\"process\": \"malware.exe\", \"action\": \"blocked\"}",
  "name": "CrowdStrike Falcon Detection",
  "severity": 3,
  "type": "Endpoint Detection and Response (EDR)",
  "vendor": "CrowdStrike"
}'
{
  "description": "Malware detected and blocked by CrowdStrike Falcon",
  "event": "{\"process\": \"malware.exe\", \"action\": \"blocked\"}",
  "name": "CrowdStrike Falcon Detection",
  "severity": 3,
  "type": "Endpoint Detection and Response (EDR)",
  "vendor": "CrowdStrike"
}

Authorizations

BLINK-API-KEY
string
header
required

Use your API key to access BlinkOps API. To generate an API key, please log in to your BlinkOps account and navigate to the API Keys section in the user settings page. Add the generated key to your request headers as BLINK-API-KEY.

Path Parameters

ws_id
string
required

Workspace ID

Body

*/*
Alert Data
description
string
Example:

"Malware detected and blocked by CrowdStrike Falcon"

event
string
Example:

"{\"process\": \"malware.exe\", \"action\": \"blocked\"}"

name
string
Example:

"CrowdStrike Falcon Detection"

severity
integer
Example:

3

type
enum<string>
Available options:
Malware,
Ransomware,
Adware,
Spyware,
Crypto Miner,
Data Exfiltration,
Insider Threat,
Network Intrusion,
DoS,
DDoS,
MITM,
SQL Injection,
Email Spoofing,
DNS Spoofing,
C2 Communications,
Rogue Device,
Brute Force,
Phishing,
Compromised Credentials,
Account Takeover,
Physical,
Vulnerability,
Reconnaissance,
Domain Takeover,
Lateral Movement,
Network Exposure,
Data Exposure,
Credential Exposure,
Suspicious User Activity,
Suspicious Login,
Suspicious Network Activity,
Suspicious USB Device,
Security Policy Violation,
Security Compliance Violation
Example:

"Endpoint Detection and Response (EDR)"

vendor
enum<string>
Available options:
CrowdStrike,
Checkpoint,
Delinea,
Securonix,
Falcon LogScale,
Splunk,
ArcSight,
SolarWinds Service Desk,
Datadog,
SentinelOne,
Microsoft Defender For Cloud,
Microsoft Defender For Cloud Apps,
Microsoft Defender For Endpoints
Example:

"CrowdStrike"

Response

200
*/*
OK
description
string
Example:

"Malware detected and blocked by CrowdStrike Falcon"

event
string
Example:

"{\"process\": \"malware.exe\", \"action\": \"blocked\"}"

name
string
Example:

"CrowdStrike Falcon Detection"

severity
integer
Example:

3

type
enum<string>
Available options:
Malware,
Ransomware,
Adware,
Spyware,
Crypto Miner,
Data Exfiltration,
Insider Threat,
Network Intrusion,
DoS,
DDoS,
MITM,
SQL Injection,
Email Spoofing,
DNS Spoofing,
C2 Communications,
Rogue Device,
Brute Force,
Phishing,
Compromised Credentials,
Account Takeover,
Physical,
Vulnerability,
Reconnaissance,
Domain Takeover,
Lateral Movement,
Network Exposure,
Data Exposure,
Credential Exposure,
Suspicious User Activity,
Suspicious Login,
Suspicious Network Activity,
Suspicious USB Device,
Security Policy Violation,
Security Compliance Violation
Example:

"Endpoint Detection and Response (EDR)"

vendor
enum<string>
Available options:
CrowdStrike,
Checkpoint,
Delinea,
Securonix,
Falcon LogScale,
Splunk,
ArcSight,
SolarWinds Service Desk,
Datadog,
SentinelOne,
Microsoft Defender For Cloud,
Microsoft Defender For Cloud Apps,
Microsoft Defender For Endpoints
Example:

"CrowdStrike"

Was this page helpful?