Closing incidents
POST /xdr/api/v1/incidents/close
Sets the status value to closed for the specified incident.
Request body
Format: JSON
Name | Data type | Mandatory | Description | Value example |
ID | string | Yes | The incident id. | 00000000-0000-0000-0000-000000000000 |
TenantID | string | Yes | The tenant id. |
|
Reason | string | Yes | The reason for closure. | truePositive falsePositive lowPriority |
Response
HTTP code: 204
If the incident has already been closed with the same reason value, the response code is also 204.
Possible Errors
HTTP code | Description |
|
|
400 | The ID value is not specified. | id required |
|
400 | The Reason value is not specified. | reason required |
|
400 | The Reason value is invalid. | invalid reason |
|
403 | The user does not have the required role in the Alerts and incidents functional area in any of the specified tenants. | access denied |
|
404 | The incident with the specified ID is not found. | incident not found |
|
500 | Any other internal errors. | variable | variable |