> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Mitigate Threats

Apply a mitigation action to a group of threats that match the filter.
Your user role must have permissions to mitigate threats - Admin, IR Team, SOC. Only threats which you have permission to mitigate are countedas "affected" in response field.

You must use one of the filters before executing the action.

## Basic Parameters

<div className="integrations-table">
  | Parameter   | Description                            |
  | ----------- | -------------------------------------- |
  | Action      | Choose the mitigation action to apply. |
  | Agents IDs  | A list of agent IDs to filter by.      |
  | Threats IDs | List of threats IDs to filter by.      |
</div>

## Advanced Parameters

<div className="integrations-table">
  | Parameter         | Description                                                                                                                                                       |
  | ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  | Account IDs       | List of account IDs to filter by.                                                                                                                                 |
  | Analyst Verdicts  | Filter threats by an analyst verdict.<br />Options:<br />  <pre><code>false\_positive<br />  suspicious<br />  true\_positive<br />  undefined<br /></code></pre> |
  | Incident Statuses | Filter threats by a specific incident status.<br /> Options:<br />  <pre><code>in\_progress<br />  resolved<br />  unresolved<br /></code></pre>                  |
</div>

## Example Output

```json theme={"dark"}
{
	"errors": [
		{
			"type": "object"
		}
	],
	"data": {
		"affected": "integer",
		"details": [
			{
				"skipped": [
					{
						"action": "kill",
						"description": "string",
						"reason": "permissions"
					}
				],
				"reports": [
					{
						"groupNotFound": "boolean",
						"status": "success",
						"mitigationEndedAt": "2018-02-27T04:49:26.257525Z",
						"latestReport": "string",
						"reportId": "225494730938493804",
						"action": "kill",
						"lastUpdate": "2018-02-27T04:49:26.257525Z",
						"mitigationStartedAt": "2018-02-27T04:49:26.257525Z",
						"agentSupportsReport": "boolean",
						"actionsCounters": {
							"notFound": "integer",
							"total": "integer",
							"failed": "integer",
							"pendingReboot": "integer",
							"success": "integer"
						}
					}
				],
				"threatId": "225494730938493804"
			}
		]
	}
}
```

## Workflow Library Example

[Mitigate Threats with Sentinelone and Send Results Via Email](https://library.blinkops.com/workflows/mitigate-threats-with-sentinelone-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/mitigate-threats-with-sentinelone-and-send-results-via-email/canvas" />
</div>
