Update Bulk Event Workflows

POST {{cb_url}}/appservices/v6/orgs/{{cb_org_key}}/alerts/workflow/_criteria

Bulk update alertsโ€™ workflow by search definition. Multiple pathways support similar request body schemas, including those listed below.

BAC Permissions Required

Permission (.notation name)Operation(s)
org.alerts.dismissEXECUTE

Body Schema

FieldDescriptionDefaultRequired
criteriaMap of criteria to filter results on. Allowed values: threat_id, target_value, device_id, device_os_versions, policy_id, device_os, minimum_severity ,create_time, legacy_alert_id, group_results, process_sha256, policy_name, reputation, type, id, category, device_username, device_name , tag, workflow, process_nameN/ANo
queryquery to performN/ANo
stateWorkflow state to filter on. Allowed values: dismissed, openN/ANo
commentComment to include with operationN/ANo
remediation stateDescription or justification for the change. Accepts any string.N/ANo

See Documentation

Request Body

{"comment"=>"string", "criteria"=>{"category"=>["THREAT"], "create_time"=>{"end"=>"2019-09-17T00:03:47.277Z", "start"=>"2019-09-17T00:03:47.277Z"}, "device_id"=>[324552, 12344, 997745], "device_name"=>["hostmachine", "device.local", "DOMAIN\\DEVICE"], "device_os"=>["WINDOWS"], "device_os_version"=>["string"], "device_username"=>["string"], "group_results"=>true, "id"=>["string"], "legacy_alert_id"=>["CTAS5XKG", "TJFY5ZBW"], "minimum_severity"=>5, "policy_id"=>[1, 525, 644], "policy_name"=>["Default", "Advanced", "Monitored"], "process_name"=>["explorer.exe", "chrome.app", "setup.py"], "process_sha256"=>["131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267"], "report_id"=>["string"], "report_name"=>["string"], "reputation"=>["KNOWN_MALWARE"], "tag"=>["string"], "target_value"=>["LOW"], "threat_id"=>["03ea43268c536a0bde8b765bca1696e9", "41edc35062138af3f1fea4b3bf7046a5"], "type"=>["CB_ANALYTICS"], "watchlist_id"=>["string"], "watchlist_name"=>["string"], "workflow"=>["OPEN"]}, "query"=>"string", "remediation_state"=>"string", "state"=>"OPEN"}

HEADERS

KeyDatatypeRequiredDescription
Content-Typestring