Note
We’ve renamed Microsoft Cloud App Security. It’s now called Microsoft Defender for Cloud Apps. In the coming weeks, we’ll update the screenshots and instructions here and in related pages. For more information about the change, see this announcement. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog.
Run the POST request to close multiple alerts matching the specified filters as true positive (an alert on a confirmed malicious activity).
HTTP request
HTTP
POST /api/v1/alerts/close_true_positive/
Request BODY parameters
| Parameter | Description |
|---|---|
| filters | Filter objects with all the search filters for the request, see alert filters for more details |
| comment | A comment about why the alerts are dismissed |
| sendFeedback | A boolean value indicating that feedback about this alert is provided. Default value: false |
| feedbackText | The text of the feedback |
| allowContact | A boolean value indicating that consent to contact the user is provided. Default value: false |
| contactEmail | The email address of the user |
Example
Request
Here is an example of the request.
HTTP
curl -XPOST -H "Authorization:Token <your_token_key>" "https://<tenant_id>.<tenant_region>.contoso.com/api/v1/alerts/close_true_positive" -d '{
"filters": {
"id": {
"eq": [
"55af7415f8a0a7a29eef2e1f",
"55af741cf8a0a7a29eef2e20",
"5f8d70bfc1ffb25b0a541c7d"
]
}
},
"comment": "Irrelevant",
"sendFeedback": true,
"feedbackText": "Feedback text",
"allowContact": true,
"contactEmail": " [email protected]"
}'
Response
Response if alert was properly closed
JSON
{
"closed_true_positive": 1
}
Response if alert not found
JSON
{
"closed_true_positive": 0,
"alertsNotFound": [
"5f843e9cfe3f6d80fe58a962"
]
}
If you run into any problems, we’re here to help. To get assistance or support for your product issue, please open a support ticket.
Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team
(Visited 13 times, 1 visits today)