Help Center/ SecMaster/ API Reference/ API/ Alert Management/ Converting an Alert to an Incident
Updated on 2025-03-20 GMT+08:00
View PDF

Converting an Alert to an Incident

Function

This API is used to convert alerts to incidents.

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/batch-order

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID.

workspace_id

Yes

String

Workspace ID

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token.

It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

content-type

Yes

String

Content type.
Table 3 Request body parameters

Parameter

Mandatory

Type

Description

ids

No

Array of strings

IDs of the alerts to be converted into incidents.

incident_content

No

incident_content object

Incident details.
Table 4 incident_content

Parameter

Mandatory

Type

Description

title

No

String

Trace

incident_type

No

incident_type object

Incident type.
Table 5 incident_type

Parameter

Mandatory

Type

Description

id

No

String

Incident type ID

category

No

String

Parent incident type.

incident_type

No

String

Child incident type.

Response Parameters

Status code: 200

Table 6 Response header parameters

Parameter

Type

Description

X-request-id

String

Request ID, in the format request_uuid-timestamp-hostname.
Table 7 Response body parameters

Parameter

Type

Description

code

String

Error code

message

String

Error Message

data

BatchOperateAlertResult object

Returned object for batch operation on alerts.
Table 8 BatchOperateAlertResult

Parameter

Type

Description

error_ids

Array of strings

IDs of alerts not transferred to incidents

success_ids

Array of strings

IDs of alerts transferred to incidents.

Status code: 400

Table 9 Response header parameters

Parameter

Type

Description

X-request-id

String

Request ID, in the format request_uuid-timestamp-hostname.
Table 10 Response body parameters

Parameter

Type

Description

code

String

Error Code

message

String

Error Description

Example Requests

Convert an alert to an incident, set Alert ID to 909494e3-558e-46b6-a9eb-07a8e18ca62f, Incident ID to 909494e3-558e-46b6-a9eb-07a8e18ca621, Alert status to Closed, and Mark as Evidence to No.

{
  "ids" : [ "909494e3-558e-46b6-a9eb-07a8e18ca62f" ],
  "incident_content" : {
    "title" : "XXX",
    "incident_type" : {
      "id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
      "category" : "DDoS attack",
      "incident_type" : "DNS protocol attacks"
    }
  }
}

Example Responses

Status code: 200

Response body for converting alerts into incidents.

{
  "code" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
  "message" : "Error message",
  "data" : {
    "error_ids" : [ "909494e3-558e-46b6-a9eb-07a8e18ca62f" ],
    "success_ids" : [ "909494e3-558e-46b6-a9eb-07a8e18ca62f" ]
  }
}

Status Codes

Status Code

Description

200

Response body for converting alerts into incidents.

400

Response body for failures of converting alerts into incidents.

Error Codes

See Error Codes.

Parent Topic: Alert Management