Converting an Alert into an Incident
Function
This API is used to convert alerts into incidents.
Calling Method
For details, see Calling APIs.
URI
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/batch-order
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. |
|
workspace_id |
Yes |
String |
Workspace ID. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token. |
|
content-type |
Yes |
String |
Content type. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
ids |
No |
Array of strings |
IDs of the alerts to be converted into incidents. |
|
incident_content |
No |
incident_content object |
Incident content. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
title |
No |
String |
Incident name. |
|
incident_type |
No |
incident_type object |
Incident type. |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
X-request-id |
String |
Request ID. Format: request_uuid-timestamp-hostname. |
|
Parameter |
Type |
Description |
|---|---|---|
|
code |
String |
Error code. |
|
message |
String |
Error message. |
|
data |
BatchOperateAlertResult object |
Returned object for batch operation on alerts. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_ids |
Array of strings |
Failed IDs. |
|
success_ids |
Array of strings |
Succeeded IDs. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
X-request-id |
String |
Request ID. Format: request_uuid-timestamp-hostname. |
|
Parameter |
Type |
Description |
|---|---|---|
|
code |
String |
Error code. |
|
message |
String |
Error description. |
Example Requests
Convert an alert into an incident, set Alert ID to 909494e3-558e-46b6-a9eb-07a8e18ca62f, Incident ID to 909494e3-558e-46b6-a9eb-07a8e18ca621, Alert status to Closed, and Mark as Evidence to No.
{
"ids" : [ "909494e3-558e-46b6-a9eb-07a8e18ca62f" ],
"incident_content" : {
"title" : "XXX",
"incident_type" : {
"id" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"category" : "DDoS attack",
"incident_type" : "DNS protocol attacks"
}
}
}
Example Responses
Status code: 200
Response body for converting alerts into incidents.
{
"code" : "909494e3-558e-46b6-a9eb-07a8e18ca62f",
"message" : "Error message",
"data" : {
"error_ids" : [ "909494e3-558e-46b6-a9eb-07a8e18ca62f" ],
"success_ids" : [ "909494e3-558e-46b6-a9eb-07a8e18ca62f" ]
}
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Response body for converting alerts into incidents. |
|
400 |
Response body for the failed request for converting alerts into incidents. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
