Update an Alert

PUT /workspace/:ws_id/case_management/table/alerts/:alert_id

Updates an alert record.

Request

Path Parameters

ws_id stringrequired

Workspace ID

alert_id stringrequired

Alert ID

application/json

Body

required

Alert Data

description string

event string

name string

severity integer

Possible values: [1, 2, 3, 4]

type string

Possible values: [Malware, Ransomware, Adware, Spyware, Crypto Miner, Data Exfiltration, Insider Threat, Network Intrusion, DoS, DDoS, MITM, SQL Injection, Email Spoofing, DNS Spoofing, C2 Communications, Rogue Device, Brute Force, Phishing, Compromised Credentials, Account Takeover, Physical, Vulnerability, Reconnaissance, Domain Takeover, Lateral Movement, Network Exposure, Data Exposure, Credential Exposure, Suspicious User Activity, Suspicious Login, Suspicious Network Activity, Suspicious USB Device, Security Policy Violation, Security Compliance Violation]

vendor string

Possible values: [CrowdStrike, Checkpoint, Delinea, Securonix, Falcon LogScale, Splunk, ArcSight, SolarWinds Service Desk, Datadog, SentinelOne, Microsoft Defender For Cloud, Microsoft Defender For Cloud Apps, Microsoft Defender For Endpoints]

Responses

Schema
Example (from schema)

Schema

description string

event string

name string

severity integer

Possible values: [1, 2, 3, 4]

type string

vendor string

{
  "description": "Malware detected and blocked by CrowdStrike Falcon",
  "event": "{\"process\": \"malware.exe\", \"action\": \"blocked\"}",
  "name": "CrowdStrike Falcon Detection",
  "severity": 3,
  "type": "Endpoint Detection and Response (EDR)",
  "vendor": "CrowdStrike"
}

Failed to update record

Schema
Example (from schema)

Schema

data

details string

identifier string

message string

status integer

{
  "data": {},
  "details": "string",
  "identifier": "string",
  "message": "string",
  "status": 404
}

Update an Alert

/workspace/:ws_id/case_management/table/alerts/:alert_id

Request​

Path Parameters

Body

Responses​

Request

Responses