Close Alert As True Positive
Close multiple alerts matching the specified filters as true positive (an alert on a confirmed malicious activity).
External Documentation
To learn more, visit the Microsoft Defender For Cloud Apps documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Alert IDs | A comma-separated list of alert IDs to close as true positive. Can be obtained via the List Alerts action. |
| Comment | A comment about why the alerts are dismissed. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Allow Contact | Indicating that consent to contact the user is provided. Default value: false. |
| Contact Email | The email address of the user. |
| Feedback Text | The text of the feedback. |
| Send Feedback | Indicating that feedback about this alert is provided. Default value: false. |
Example Output
{
"closed_true_positive": 1
}
Workflow Library Example
Close Alert As True Positive with Microsoft Defender for Cloud Apps and Send Results Via Email
Preview this Workflow on desktop