Update Alert Analyst Verdict
Change the verdict of an alert.
Parameters
| Parameter | Description |
|---|---|
| Alert IDs | A list of alerts IDs to update their analyst verdict. |
| Analyst Verdict | The new analyst verdict. Options: <br/>false_positive<br/>suspicious<br/>true_positive<br/>undefined<br/> |
Example Output
{
"errors": [
{
"type": "object"
}
],
"data": {
"affected": "integer"
}
}
Workflow Library Example
Update Alert Analyst Verdict with Sentinelone and Send Results Via Email
Preview this Workflow on desktop