Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Mark an alert read or unread by alert ID.

Parameters

ParameterDescription
Alert IDAlert ID.
Alert New StateNew “Read” state of the alert.

Example Output

{
	"_id": "~911601872",
	"id": "~911601872",
	"createdBy": "[email protected]",
	"updatedBy": null,
	"createdAt": 1620333017135,
	"updatedAt": null,
	"_type": "alert",
	"type": "external",
	"source": "SIEM",
	"sourceRef": "8257b4",
	"externalLink": null,
	"case": null,
	"title": "User posted information on known phishing URL",
	"description": "SIEM automated alert: the user [email protected] has posted information on a known phishing url",
	"severity": 2,
	"date": 1620333017000,
	"tags": [
		"source:siem",
		"log-source:proxy"
	],
	"tlp": 3,
	"pap": 2,
	"status": "Ignored",
	"follow": true,
	"customFields": {
		"businessUnit": {
			"string": "Finance"
		},
		"location": {
			"string": "Sydney"
		}
	},
	"caseTemplate": null,
	"artifacts": [
		{
			"_id": "~624226312",
			"id": "~624226312",
			"createdBy": "[email protected]",
			"createdAt": 1620333017175,
			"_type": "case_artifact",
			"dataType": "mail",
			"data": "[email protected]",
			"startDate": 1620333017175,
			"tlp": 2,
			"tags": [],
			"ioc": false,
			"sighted": false,
			"reports": {},
			"stats": {}
		},
		{
			"_id": "~788742360",
			"id": "~788742360",
			"createdBy": "[email protected]",
			"createdAt": 1620333017168,
			"_type": "case_artifact",
			"dataType": "url",
			"data": "https://moneyfornothing.pl-getbuys.icu/",
			"startDate": 1620333017168,
			"tlp": 2,
			"tags": [],
			"ioc": false,
			"sighted": false,
			"message": "http method: POST",
			"reports": {},
			"stats": {}
		},
		{
			"_id": "~870416536",
			"id": "~870416536",
			"createdBy": "[email protected]",
			"createdAt": 1620333017157,
			"_type": "case_artifact",
			"dataType": "ip",
			"data": "94.154.129.50",
			"startDate": 1620333017157,
			"tlp": 2,
			"tags": [],
			"ioc": false,
			"sighted": false,
			"reports": {},
			"stats": {}
		}
	],
	"similarCases": []
}

Workflow Library Example

Mark Alert Read Unread with Thehive and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop