Skip to main content

update_alert_status

Update an alert’s investigation status. Status transitions reflect the investigation lifecycle.

Parameters

ParameterTypeRequiredDescription
alert_uuidstringYesUUID of the alert
statusstringYesNew status: Open, Triaging, Escalated, Closed
close_classificationstringWhen closingClassification for closed alerts (e.g., True Positive, False Positive - Known Scanner)

Valid Status Transitions

Open → Triaging
Open → Escalated
Open → Closed
Triaging → Escalated
Triaging → Closed
Escalated → Closed

Example

{
  "alert_uuid": "9f2a-b3c1-...",
  "status": "Triaging"
}

Return Value

{
  "uuid": "9f2a-b3c1-...",
  "status": "Triaging",
  "acknowledged_at": "2025-01-15T10:45:00Z"
}
acknowledged_at is set automatically on the first transition out of Open. It records when investigation began.

Required Scope

alerts:write