Converting an Alert to an Incident

Function

This API is used to convert alerts to incidents.

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/batch-order

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID.
workspace_id	Yes	String	Workspace ID

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.
content-type	Yes	String	Content type.

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
ids	No	Array of strings	IDs of the alerts to be converted into incidents.
incident_content	No	incident_content object	Incident details.

**Table 4** incident_content
Parameter	Mandatory	Type	Description
title	No	String	Trace
incident_type	No	incident_type object	Incident type.

**Table 5** incident_type
Parameter	Mandatory	Type	Description
id	No	String	Incident type ID
category	No	String	Parent incident type.
incident_type	No	String	Child incident type.

Response Parameters

Status code: 200

**Table 6** Response header parameters
Parameter	Type	Description
X-request-id	String	Request ID, in the format request_uuid-timestamp-hostname.

**Table 7** Response body parameters
Parameter	Type	Description
code	String	Error code
message	String	Error Message
data	BatchOperateAlertResult object	Returned object for batch operation on alerts.

**Table 8** BatchOperateAlertResult
Parameter	Type	Description
error_ids	Array of strings	IDs of alerts not transferred to incidents
success_ids	Array of strings	IDs of alerts transferred to incidents.

Status code: 400

**Table 9** Response header parameters
Parameter	Type	Description
X-request-id	String	Request ID, in the format request_uuid-timestamp-hostname.

**Table 10** Response body parameters
Parameter	Type	Description
code	String	Error Code
message	String	Error Description

Example Requests

Convert an alert to an incident, set Alert ID to 909494e3-558e-46b6-a9eb-07a8e18ca62f, Incident ID to 909494e3-558e-46b6-a9eb-07a8e18ca621, Alert status to Closed, and Mark as Evidence to No.

{
  "ids" : [ "909494e3-558e-46b6-a9eb-07a8e18ca62f" ],
  "incident_content" : {
    "title" : "XXX",
    "incident_type" : {
      "id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "category" : "DDoS attack",
      "incident_type" : "DNS protocol attacks"
    }
  }
}

Example Responses

Status code: 200

Response body for converting alerts into incidents.

{
  "code" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
  "message" : "Error message",
  "data" : {
    "error_ids" : [ "909494e3-558e-46b6-a9eb-07a8e18ca62f" ],
    "success_ids" : [ "909494e3-558e-46b6-a9eb-07a8e18ca62f" ]
  }
}

Status Codes

Status Code	Description
200	Response body for converting alerts into incidents.
400	Response body for failures of converting alerts into incidents.

Error Codes

See Error Codes.

Parent Topic: Alert Management

Previous topic: Deleting an Alert

Next topic: Querying Alert Detail

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.