Set a detection alert status
Set the status of one or more detection alerts.
Body object Required
An object containing desired status and explicit alert ids or a query to select alerts
Responses
-
200 application/json; Elastic-Api-Version=2023-10-31
Successful response
Elasticsearch update by query response
Additional properties are allowed.
-
400 application/json; Elastic-Api-Version=2023-10-31
Invalid input data response
-
401 application/json; Elastic-Api-Version=2023-10-31
Unsuccessful authentication response
-
500 application/json; Elastic-Api-Version=2023-10-31
Internal server error response
POST
/api/detection_engine/signals/status
curl \
-X POST https://localhost:5601/api/detection_engine/signals/status \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"
Request examples
Security_detections_api_setalertsstatusbyids
{
"signal_ids": [
"string"
],
"status": "open"
}
{
"conflicts": "abort",
"query": {},
"status": "open"
}
Response examples (200)
{}
Response examples (400)
Security_detections_api_platformerrorresponse
{
"error": "string",
"message": "string",
"statusCode": 42
}
{
"message": "string",
"status_code": 42
}
Response examples (401)
{
"error": "string",
"message": "string",
"statusCode": 42
}
Response examples (500)
{
"message": "string",
"status_code": 42
}