> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Update Alert

Update the properties of an alert object in an organization based on the specified alert id property. Supply **only** the values for properties that should be updated.

* **Least privileged** Microsoft Graph permission to access the action via **application**: `SecurityAlert.ReadWrite.All*`.

<Note>
  External Documentation

  To learn more, visit the [Microsoft Defender XDR documentation](https://learn.microsoft.com/en-us/graph/api/security-alert-update?view=graph-rest-1.0\&tabs=http).
</Note>

## Parameters

<div className="integrations-table">
  | Parameter      | Description                                                        |
  | -------------- | ------------------------------------------------------------------ |
  | Alert ID       | The ID of the alert, can be obtained via the `List Alerts` action. |
  | Assigned To    | Owner of the incident, or `null` if no owner is assigned.          |
  | Classification | Specifies the classification of the alert.                         |
  | Determination  | Specifies the determination of the alert.                          |
  | Status         | The status of the alert.                                           |
</div>

## Example Output

```json theme={"dark"}
{
	"@odata.context": "<string>",
	"id": "da637551227677560813_-961444813",
	"providerAlertId": "da637551227677560813_-961444813",
	"incidentId": "28282",
	"status": "inProgress",
	"severity": "low",
	"classification": "truePositive",
	"determination": "malware",
	"serviceSource": "microsoftDefenderForEndpoint",
	"detectionSource": "antivirus",
	"productName": "<string>",
	"detectorId": "e0da400f-affd-43ef-b1d5-afc2eb6f2756",
	"tenantId": "b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c",
	"title": "Suspicious execution of hidden file",
	"description": "A hidden file has been launched. This activity could indicate a compromised host. Attackers often hide files associated with malicious tools to evade file system inspection and defenses.",
	"recommendedActions": "Collect artifacts and determine scope\n\tReview the machine timeline for suspicious activities that may have occurred before and after the time of the alert, and record additional related artifacts (files, IPs/URLs)... \n",
	"category": "DefenseEvasion",
	"assignedTo": "secAdmin@contoso.com",
	"alertWebUrl": "https://security.microsoft.com/alerts/da637551227677560813_-961444813?tid=b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c",
	"incidentWebUrl": "https://security.microsoft.com/incidents/28282?tid=b3c1b5fc-828c-45fa-a1e1-10d74f6d6e9c",
	"actorDisplayName": null,
	"threatDisplayName": null,
	"threatFamilyName": null,
	"mitreTechniques": [
		"T1564.001"
	],
	"createdDateTime": "2021-04-27T12:19:27.7211305Z",
	"lastUpdateDateTime": "2021-05-02T14:19:01.3266667Z",
	"resolvedDateTime": null,
	"firstActivityDateTime": "2021-04-26T07:45:50.116Z",
	"lastActivityDateTime": "2021-05-02T07:56:58.222Z",
	"systemTags": [],
	"alertPolicyId": null,
	"comments": [],
	"evidence": [],
	"additionalData": {
		"InvestigationState": 851
	}
}
```

## Workflow Library Example

[Update Alert with Microsoft Defender Xdr and Send Results Via Email](https://library.blinkops.com/workflows/update-alert-with-microsoft-defender-xdr-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/update-alert-with-microsoft-defender-xdr-and-send-results-via-email/canvas" />
</div>