0
(0)

 Note

We’ve renamed Microsoft Cloud App Security. It’s now called Microsoft Defender for Cloud Apps. In the coming weeks, we’ll update the screenshots and instructions here and in related pages. For more information about the change, see this announcement. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog.

Run the POST request to close multiple alerts matching the specified filters as false positive (an alert on a non-malicious activity).

HTTP request

HTTP

POST /api/v1/alerts/close_false_positive/

Request BODY parameters

REQUEST BODY PARAMETERS
Parameter Description
filters Filter objects with all the search filters for the request, see alert filters for more details
comment A comment about why the alerts are dismissed
reasonId The reason for closing the alerts as false positive. Providing a reason helps improve the accuracy of the detection over time. Possible values include:

0: Not of interest
1: Too many similar alerts
3: Alert is not accurate
4: Other

sendFeedback A boolean value indicating that feedback about this alert is provided. Default value: false
feedbackText The text of the feedback
allowContact A boolean value indicating that consent to contact the user is provided. Default value: false
contactEmail The email address of the user

Example

Request

Here is an example of the request.

HTTP

curl -XPOST -H "Authorization:Token <your_token_key>" "https://<tenant_id>.<tenant_region>.contoso.com/api/v1/alerts/close_false_positive/" -d '{
  "filters": {
    "id": {
      "eq": [
        "55af7415f8a0a7a29eef2e1f",
        "55af741cf8a0a7a29eef2e20",
        "5f8d70bfc1ffb25b0a541c7d"
      ]
    }
  },
  "comment": "Irrelevant",
  "reasonId": 0,
  "sendFeedback": true,
  "feedbackText": "Feedback text",
  "allowContact": true,
  "contactEmail": " [email protected]"
}'

Response

Response if alert was properly closed

JSON

{
    "closed_false_positive": 1
}

Response if alert not found

JSON

{
    "closed_false_positive": 0,
    "alertsNotFound": [
        "5f843e9cfe3f6d80fe58a962"
    ]
}

If you run into any problems, we’re here to help. To get assistance or support for your product issue, please open a support ticket.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 16 times, 1 visits today)