Deze pagina is nog niet beschikbaar in uw eigen taal. We werken er hard aan om meer taalversies toe te voegen. Bedankt voor uw steun.
This API is used to convert alerts to incidents
Function
This API is used to convert alerts to incidents.
Calling Method
For details, see Calling APIs.
URI
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/batch-order
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. |
|
workspace_id |
Yes |
String |
Workspace ID |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. |
|
content-type |
Yes |
String |
Content type. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
ids |
No |
Array of strings |
IDs of the alerts to be converted into incidents. |
|
incident_content |
No |
incident_content object |
Incident details. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
title |
No |
String |
Trace |
|
incident_type |
No |
incident_type object |
Incident type. |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
X-request-id |
String |
Request ID, in the format request_uuid-timestamp-hostname. |
|
Parameter |
Type |
Description |
|---|---|---|
|
code |
String |
Error code |
|
message |
String |
Error Message |
|
data |
BatchOperateAlertResult object |
Returned object for batch operation on alerts. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_ids |
Array of strings |
IDs of alerts not transferred to incidents |
|
success_ids |
Array of strings |
IDs of alerts transferred to incidents. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
X-request-id |
String |
Request ID, in the format request_uuid-timestamp-hostname. |
|
Parameter |
Type |
Description |
|---|---|---|
|
code |
String |
Error Code |
|
message |
String |
Error Description |
Example Requests
Convert an alert to an incident, set Alert ID to 909494e3-558e-46b6-a9eb-07a8e18ca62f, Incident ID to 909494e3-558e-46b6-a9eb-07a8e18ca621, Alert status to Closed, and Mark as Evidence to No.
{
"ids" : [ "909494e3-558e-46b6-a9eb-07a8e18ca62f" ],
"incident_content" : {
"title" : "XXX",
"incident_type" : {
"id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"category" : "DDoS attack",
"incident_type" : "DNS protocol attacks"
}
}
}Example Responses
Status code: 200
Response body for converting alerts into incidents.
{
"code" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"message" : "Error message",
"data" : {
"error_ids" : [ "909494e3-558e-46b6-a9eb-07a8e18ca62f" ],
"success_ids" : [ "909494e3-558e-46b6-a9eb-07a8e18ca62f" ]
}
}Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Response body for converting alerts into incidents. |
|
400 |
Response body for failures of converting alerts into incidents. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
