Update Alert

Updates properties of existing Alert.

The following permissions are required to run this action:

Alert.Read.All
Alert.ReadWrite.All

External Documentation

To learn more, visit the Microsoft Defender For Endpoints documentation.

Parameters

Parameter	Description
Alert ID	Your alert ID, can be retrieved from the 'List Alerts' action.
Alert Owner	The mail address of the alert owner.
Classification	Specifies the specification of the alert.
Comment	Comment to be added to the alert.
Determination	Specifies the determination of the alert.
Status	Specifies the current status of the alert. The property values are: 'New', 'InProgress' and 'Resolved'.

Example Output

{
    "status": "Resolved",
    "assignedTo": "secop2@contoso.com",
    "classification": "FalsePositive",
    "determination": "Malware",
    "comment": "Resolve my alert and assign to secop2"
}

Workflow Library Example

Update Alert with Microsoft Defender for Endpoints and Send Results Via Email

Preview this Workflow on desktop

Update Alert

Parameters​

Example Output​

Workflow Library Example​

Parameters

Example Output

Workflow Library Example