Update Alert
Updates properties of existing Alert. One of the following permissions is required to run this action:
Alerts.ReadWrite.AllAlert.ReadWrite
External Documentation
To learn more, visit the Microsoft Defender For Endpoints documentation.
Parameters
| Parameter | Description |
|---|---|
| Alert ID | Your alert ID, can be retrieved from the 'List Alerts' action. |
| Alert Owner | The mail address of the alert owner. |
| Classification | Specifies the specification of the alert. |
| Comment | Comment to be added to the alert. |
| Determination | Specifies the determination of the alert. |
| Status | Specifies the current status of the alert. The property values are: 'New', 'InProgress' and 'Resolved'. |
Example Output
{
"status": "Resolved",
"assignedTo": "secop2@contoso.com",
"classification": "FalsePositive",
"determination": "Malware",
"comment": "Resolve my alert and assign to secop2"
}
Workflow Library Example
Update Alert with Microsoft Defender for Endpoints and Send Results Via Email
Preview this Workflow on desktop