Closing alerts
POST /api/v1/alerts/close
The target correlator must be running.
Access: administrator, analyst, and operator.
Request body
Format: JSON
Name | Data type | Mandatory | Description | Value example |
id | string | Yes | Alert ID | 00000000-0000-0000-0000-000000000000 |
reason | string | Yes | Reason for closing the alert | responded, incorrect data, incorrect correlation rule |
Response
HTTP code: 204
Possible errors
HTTP code | Description | message field value | details field value |
400 | Alert ID is not specified | id required |
|
400 | The reason for closing the alert is not specified | reason required |
|
400 | Invalid value of the "reason" parameter | invalid reason |
|
403 | The user does not have the required role in the alert tenant | access denied |
|
404 | Alert not found | alert not found |
|
406 | Alert tenant disabled | tenant disabled |
|
406 | Alert already closed | alert already closed |
|
500 | Any other internal errors | variable | variable |