Update Alert Status
Update alert status by the alert ID.
External Documentation
To learn more, visit the Devo documentation.
Parameters
| Parameter | Description |
|---|---|
| ID | ID of the alert you want to update. Can be retrieved using the List Triggered Alerts action. |
| Status | New status of the alert. |
Example Output
{
"id": 123456,
"domain": "demo",
"priority": 5,
"context": "my.alert.demo.SecIntSeveralDNS",
"category": "my.context",
"srcPort": null,
"srcIp": null,
"srcHost": null,
"dstIp": null,
"dstPort": null,
"dstHost": null,
"protocol": null,
"username": "user@devo.com",
"application": null,
"engine": "pilot.my.alert.demo.SecIntSeveralDNS",
"extraData": "{\"sourceIP\":\"%2F194.140.174.171\",\"totalservers\":\"71\",\"destinationCount\":\"71.00007511654165\",\"eventdate\":\"2023-04-05+07%3A00%3A00.0\"}",
"alertDate": null,
"status": 100,
"ack_status_date": null,
"createDate": 1680681772000,
"updateDate": 1680683709802,
"scaled": false,
"digest": "c80cfdff6620d2a07f757690f8137ca17635479b",
"uniquedigest": "a63d213133dd3f7756c265ea2c712fe8c0a4fc18",
"postAlertAction": null,
"contextLabel": null,
"contextSubscription": null,
"shouldSend": false,
"alertOwner": null,
"fullExtraData": null,
"alertType": null,
"alertMitreTactics": null,
"alertMitreTechniques": null,
"alertPriority": null,
"alertDefinition": null,
"allExtraDataFields": null,
"tags": null,
"entities": null,
"commentsList": null,
"integrations": null,
"contexto": null
}
Workflow Library Example
Update Alert Status with Devo and Send Results Via Email
Preview this Workflow on desktop