Bulk Modify Threat Reports
POST {{cb_url}}/api/v1/threat_report
Modifying threat reports require an API key with Global Administrator privileges. Multiple threat reports can be ignored/enabled in bulk using the same call.
The only property that can be modified in a threat report is the is_ignored
property. By setting is_ignored
to True
for a threat report, any further hits on IOCs contained within that report will no longer trigger an Alert.
Request Body
{"ids"=>{"<feed_id>"=>["<report_id>"]}, "query"=>"<url-encoded query string>", "updates"=>{"is_ignored"=>true}}
HEADERS
Key | Datatype | Required | Description |
---|---|---|---|
Content-Type | string |