Update Alert - Blink Documentation

Parameters
Example Output
Workflow Library Example

Updates properties of existing Alert. The following permissions are required to run this action:

Alert.Read.All
Alert.ReadWrite.All

External DocumentationTo learn more, visit the Microsoft Defender For Endpoints documentation.

Parameters

Parameter	Description
Alert ID	Your alert ID, can be retrieved from the ‘List Alerts’ action.
Alert Owner	The mail address of the alert owner.
Classification	Specifies the specification of the alert.
Comment	Comment to be added to the alert.
Determination	Specifies the determination of the alert.
Status	Specifies the current status of the alert. The property values are: ‘New’, ‘InProgress’ and ‘Resolved’.

Example Output

{
	"status": "Resolved",
	"assignedTo": "secop2@contoso.com",
	"classification": "FalsePositive",
	"determination": "Malware",
	"comment": "Resolve my alert and assign to secop2"
}

Workflow Library Example

Update Alert with Microsoft Defender for Endpoints and Send Results Via Email

Preview this Workflow on desktop

Run Script On Machine Need Admin Approval

⌘I

Integrations

​Parameters

​Example Output

​Workflow Library Example

Parameters

Example Output

Workflow Library Example