Update Bulk Event Workflows
POST {{cb_url}}/appservices/v6/orgs/{{cb_org_key}}/alerts/workflow/_criteria
Bulk update alertsโ workflow by search definition. Multiple pathways support similar request body schemas, including those listed below.
BAC Permissions Required
Permission (.notation name) | Operation(s) |
---|
org.alerts.dismiss | EXECUTE |
Body Schema
Field | Description | Default | Required |
---|
criteria | Map of criteria to filter results on. Allowed values: threat_id , target_value , device_id , device_os_versions , policy_id , device_os , minimum_severity ,create_time , legacy_alert_id , group_results , process_sha256 , policy_name , reputation , type , id , category , device_username , device_name , tag , workflow , process_name | N/A | No |
query | query to perform | N/A | No |
state | Workflow state to filter on. Allowed values: dismissed , open | N/A | No |
comment | Comment to include with operation | N/A | No |
remediation state | Description or justification for the change. Accepts any string. | N/A | No |
See Documentation
Request Body
{"comment"=>"string", "criteria"=>{"category"=>["THREAT"], "create_time"=>{"end"=>"2019-09-17T00:03:47.277Z", "start"=>"2019-09-17T00:03:47.277Z"}, "device_id"=>[324552, 12344, 997745], "device_name"=>["hostmachine", "device.local", "DOMAIN\\DEVICE"], "device_os"=>["WINDOWS"], "device_os_version"=>["string"], "device_username"=>["string"], "group_results"=>true, "id"=>["string"], "legacy_alert_id"=>["CTAS5XKG", "TJFY5ZBW"], "minimum_severity"=>5, "policy_id"=>[1, 525, 644], "policy_name"=>["Default", "Advanced", "Monitored"], "process_name"=>["explorer.exe", "chrome.app", "setup.py"], "process_sha256"=>["131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267"], "report_id"=>["string"], "report_name"=>["string"], "reputation"=>["KNOWN_MALWARE"], "tag"=>["string"], "target_value"=>["LOW"], "threat_id"=>["03ea43268c536a0bde8b765bca1696e9", "41edc35062138af3f1fea4b3bf7046a5"], "type"=>["CB_ANALYTICS"], "watchlist_id"=>["string"], "watchlist_name"=>["string"], "workflow"=>["OPEN"]}, "query"=>"string", "remediation_state"=>"string", "state"=>"OPEN"}
Key | Datatype | Required | Description |
---|
Content-Type | string | | |