Add and remove detection alert tags Beta
And tags to detection alerts, and remove them from alerts.
You cannot add and remove the same alert tag in the same request.
POST
/api/detection_engine/signals/tags
curl \
--request POST https://<KIBANA_URL>/api/detection_engine/signals/tags \
--header "Content-Type: application/json" \
--data '{"ids":["549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e"],"tags":{"tags_to_add":["Duplicate"],"tags_to_remove":[]}}'
Request examples
Add
{
"ids": [
"549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e"
],
"tags": {
"tags_to_add": [
"Duplicate"
],
"tags_to_remove": []
}
}
{
"ids": [
"549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e"
],
"tags": {
"tags_to_add": [],
"tags_to_remove": [
"Duplicate"
]
}
}
Response examples (200)
{
"took": "68,",
"noops": 0,
"total": "1,",
"batches": "1,",
"deleted": 0,
"retries": {
"bulk": 0,
"search": 0
},
"updated": "1,",
"failures": [],
"timed_out": "false,",
"throttled_millis": 0,
"version_conflicts": 0,
"requests_per_second": "-1,",
"throttled_until_millis": 0
}
Response examples (400)
Security_detections_api_platformerrorresponse
{
"error": "string",
"message": "string",
"statusCode": 42
}
{
"message": "string",
"status_code": 42
}
Response examples (401)
{
"error": "string",
"message": "string",
"statusCode": 42
}
Response examples (500)
{
"message": "string",
"status_code": 42
}