Bulk Modify Threat Reports

POST {{cb_url}}/api/v1/threat_report

Modifying threat reports require an API key with Global Administrator privileges. Multiple threat reports can be ignored/enabled in bulk using the same call.

The only property that can be modified in a threat report is the is_ignored property. By setting is_ignored to True for a threat report, any further hits on IOCs contained within that report will no longer trigger an Alert.

See Documentation

Request Body

{"ids"=>{"<feed_id>"=>["<report_id>"]}, "query"=>"<url-encoded query string>", "updates"=>{"is_ignored"=>true}}

HEADERS

KeyDatatypeRequiredDescription
Content-Typestring