Mark Alert Read Unread
Mark an alert read or unread by alert ID.
Parameters
| Parameter | Description |
|---|---|
| Alert ID | Alert ID. |
| Alert New State | New "Read" state of the alert. |
Example Output
{
"_id": "~911601872",
"id": "~911601872",
"createdBy": "[email protected]",
"updatedBy": null,
"createdAt": 1620333017135,
"updatedAt": null,
"_type": "alert",
"type": "external",
"source": "SIEM",
"sourceRef": "8257b4",
"externalLink": null,
"case": null,
"title": "User posted information on known phishing URL",
"description": "SIEM automated alert: the user [email protected] has posted information on a known phishing url",
"severity": 2,
"date": 1620333017000,
"tags": [
"source:siem",
"log-source:proxy"
],
"tlp": 3,
"pap": 2,
"status": "Ignored",
"follow": true,
"customFields": {
"businessUnit": {
"string": "Finance"
},
"location": {
"string": "Sydney"
}
},
"caseTemplate": null,
"artifacts": [
{
"_id": "~624226312",
"id": "~624226312",
"createdBy": "[email protected]",
"createdAt": 1620333017175,
"_type": "case_artifact",
"dataType": "mail",
"data": "[email protected]",
"startDate": 1620333017175,
"tlp": 2,
"tags": [],
"ioc": false,
"sighted": false,
"reports": {},
"stats": {}
},
{
"_id": "~788742360",
"id": "~788742360",
"createdBy": "[email protected]",
"createdAt": 1620333017168,
"_type": "case_artifact",
"dataType": "url",
"data": "https://moneyfornothing.pl-getbuys.icu/",
"startDate": 1620333017168,
"tlp": 2,
"tags": [],
"ioc": false,
"sighted": false,
"message": "http method: POST",
"reports": {},
"stats": {}
},
{
"_id": "~870416536",
"id": "~870416536",
"createdBy": "[email protected]",
"createdAt": 1620333017157,
"_type": "case_artifact",
"dataType": "ip",
"data": "94.154.129.50",
"startDate": 1620333017157,
"tlp": 2,
"tags": [],
"ioc": false,
"sighted": false,
"reports": {},
"stats": {}
}
],
"similarCases": []
}
Workflow Library Example
Mark Alert Read Unread with Thehive and Send Results Via Email
Preview this Workflow on desktop