Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Updates properties of existing Alert. The following permissions are required to run this action:
  • Alert.Read.All
  • Alert.ReadWrite.All
External DocumentationTo learn more, visit the Microsoft Defender For Endpoints documentation.

Parameters

ParameterDescription
Alert IDYour alert ID, can be retrieved from the ‘List Alerts’ action.
Alert OwnerThe mail address of the alert owner.
ClassificationSpecifies the specification of the alert.
CommentComment to be added to the alert.
DeterminationSpecifies the determination of the alert.
StatusSpecifies the current status of the alert. The property values are: ‘New’, ‘InProgress’ and ‘Resolved’.

Example Output

{
	"status": "Resolved",
	"assignedTo": "secop2@contoso.com",
	"classification": "FalsePositive",
	"determination": "Malware",
	"comment": "Resolve my alert and assign to secop2"
}

Workflow Library Example

Update Alert with Microsoft Defender for Endpoints and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop