Skip to main content
Set detection’s status to ARCHIVED.
External DocumentationTo learn more, visit the Upwind documentation.

Parameters

ParameterDescription
Detection IDThe ID of the detection to update.
Organization IDThe ID of the organization.

Example Output

{
	"id": "string",
	"type": "string",
	"category": "NETWORK",
	"severity": "LOW",
	"status": "PENDING",
	"title": "string",
	"description": "string",
	"resource": {
		"id": "string",
		"external_id": "string",
		"name": "string",
		"type": "string",
		"cloud_provider": "AWS",
		"region": "string",
		"cluster_id": "string",
		"cloud_account_id": "string",
		"cloud_account_name": "string",
		"namespace": "string",
		"internet_exposure": {
			"ingress": {
				"active_communication": true
			}
		},
		"cloud_account_tags": [
			{
				"key": "string",
				"value": "string"
			}
		],
		"risk_categories": [
			"string"
		]
	},
	"triggers": [
		{
			"events": [
				{
					"id": "string",
					"description": "string",
					"event_type": "string",
					"event_time": "2024-07-29T15:51:28.071Z",
					"type": "string",
					"data": {
						"initiator": {
							"type": "string",
							"data": {
								"uid": "string",
								"groups": [
									"string"
								],
								"user_name": "string",
								"user_agent": "string",
								"source_ips": [
									"string"
								]
							}
						}
					}
				}
			],
			"policy_id": "string",
			"policy_name": "string"
		}
	],
	"first_seen_time": "2024-07-29T15:51:28.071Z",
	"last_seen_time": "2024-07-29T15:51:28.071Z",
	"occurrence_count": 0,
	"mitre_attacks": [
		{
			"tactic_id": "string",
			"tactic_name": "string",
			"technique_id": "string",
			"technique_name": "string"
		}
	]
}

Workflow Library Example

Update Detection with Upwind and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop