update_alert_status

Update an alert’s investigation status. Status transitions reflect the investigation lifecycle.

Parameter	Type	Required	Description
`alert_uuid`	string	Yes	UUID of the alert
`status`	string	Yes	New status: `Open`, `Triaging`, `Escalated`, `Closed`
`close_classification`	string	When closing	Classification for closed alerts (e.g., `True Positive`, `False Positive - Known Scanner`)

Open → Triaging
Open → Escalated
Open → Closed
Triaging → Escalated
Triaging → Closed
Escalated → Closed

{
  "alert_uuid": "9f2a-b3c1-...",
  "status": "Triaging"
}

{
  "uuid": "9f2a-b3c1-...",
  "status": "Triaging",
  "acknowledged_at": "2025-01-15T10:45:00Z"
}

acknowledged_at is set automatically on the first transition out of Open. It records when investigation began.

alerts:write

Documentation Index