Skip to main content
Change the verdict of an alert.

Parameters

ParameterDescription
Alert IDsA list of alerts IDs to update their analyst verdict.
Analyst VerdictThe new analyst verdict.
Options: 
false_positive
suspicious
true_positive
undefined

Example Output

{
	"data": {
		"affected": 2
	}
}

Workflow Library Example

Update Alert Analyst Verdict with Sentinelone and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop
I