Close benign – Alerts API (Microsoft)

0
(0)

Note

We’ve renamed Microsoft Cloud App Security. It’s now called Microsoft Defender for Cloud Apps. In the coming weeks, we’ll update the screenshots and instructions here and in related pages. For more information about the change, see this announcement. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog.

Run the POST request to close multiple alerts matching the specified filters as benign (an alert on a suspicious but not malicious activity, such as a penetration test or other authorized suspicious action).

HTTP request

HTTP

POST /api/v1/alerts/close_benign/

Request BODY parameters

Parameter Description
filters Filter objects with all the search filters for the request, see alert filters for more details
comment A comment about why the alerts are dismissed
reasonId The reason for closing the alerts as benign. Providing a reason helps improve the accuracy of the detection over time. Possible values include:

2: Actual severity is lower
4: Other
5: Confirmed with end user
6: Triggered by test
sendFeedback A boolean value indicating that feedback about this alert is provided. Default value: false
feedbackText The text of the feedback
allowContact A boolean value indicating that consent to contact the user is provided. Default value: false
contactEmail The email address of the user

Example

Request

Here is an example of the request.

HTTP

curl -XPOST -H "Authorization:Token <your_token_key>" "https://<tenant_id>.<tenant_region>.contoso.com/api/v1/alerts/close_benign/" -d '{
  "filters": {
    "id": {
      "eq": [
        "55af7415f8a0a7a29eef2e1f",
        "55af741cf8a0a7a29eef2e20"
        "5f8d70bfc1ffb25b0a541c7d"
      ]
    }
  },
  "comment": "Irrelevant",
  "reasonId": 5,
  "sendFeedback": true,
  "feedbackText": "Feedback text",
  "allowContact": true,
  "contactEmail": " [email protected]"
}'

Response

Response if alert was properly closed:

JSON

{
    "closed_benign": 1
}

Response if alert not found:

JSON

{
    "closed_benign": 0,
    "alertsNotFound": [
        "5f843e9cfe3f6d80fe58a962"
    ]
}

If you run into any problems, we’re here to help. To get assistance or support for your product issue, please open a support ticket.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 13 times, 1 visits today)
Tagged: