Closing alerts
POST /api/v2/alerts/close
The target correlator must be running.
Access: General administrator, Tenant administrator, Tier 2 analyst, Tier 1 analyst, Junior analyst, Interaction with NCIRCC, Access to CII.
Request body
Format: JSON
Name | Data type | Mandatory | Description | Value example |
id | string | Yes | Alert ID | 00000000-0000-0000-0000-000000000000 |
reason | string | Yes | Reason for closing the alert | responded, incorrect data, incorrect correlation rule |
Response
HTTP code: 204
Possible errors
HTTP code | Description | message field value | details field value |
400 | Alert ID is not specified | id required | - |
400 | The reason for closing the alert is not specified | reason required | - |
400 | Invalid value of the "reason" parameter | invalid reason | - |
403 | The user does not have the required role in the alert tenant | access denied | - |
404 | Alert not found | alert not found | - |
406 | Alert tenant disabled | tenant disabled | - |
406 | Alert already closed | alert already closed | - |
500 | Any other internal errors | variable | variable |