Add and remove detection alert tags

View as Markdown

POST /api/detection_engine/signals/tags

Api key auth Basic auth

Spaces method and path for this operation:

post /s/{space_id}/api/detection_engine/signals/tags

Refer to Spaces for more information.

And tags to detection alerts, and remove them from alerts.

You cannot add and remove the same alert tag in the same request.

application/json

Body Required

An object containing tags to add or remove and alert ids the changes will be applied

ids array[string(nonempty)] Required

A list of alerts ids.

At least 1 element. Minimum length of each is 1.
tags object Required

Object with list of tags to add and remove.
Hide tags attributes Show tags attributes object
- tags_to_add array[string(nonempty)] Required
  
  List of keywords to organize related alerts into categories that you can filter and group.
  
  Minimum length of each is 1.
- tags_to_remove array[string(nonempty)] Required
  
  List of keywords to organize related alerts into categories that you can filter and group.
  
  Minimum length of each is 1.

Responses

200 application/json

Successful response

Elasticsearch update by query response

Additional properties are allowed.
400 application/json

Invalid input data response
One of:
Security_Detections_API_PlatformErrorResponse object Security_Detections_API_SiemErrorResponse object
Hide attributes Show attributes

error string Required

message string Required

statusCode integer Required
Hide attributes Show attributes

message string Required

status_code integer Required
401 application/json

Unsuccessful authentication response
Hide response attributes Show response attributes object
- error string Required
- message string Required
- statusCode integer Required
500 application/json

Internal server error response
Hide response attributes Show response attributes object
- message string Required
- status_code integer Required

POST /api/detection_engine/signals/tags

curl \
 --request POST 'https://localhost:5601/api/detection_engine/signals/tags' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"ids":["549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e"],"tags":{"tags_to_add":["Duplicate"],"tags_to_remove":[]}}'

Request examples

{
  "ids": [
    "549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e"
  ],
  "tags": {
    "tags_to_add": [
      "Duplicate"
    ],
    "tags_to_remove": []
  }
}

{
  "ids": [
    "549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e"
  ],
  "tags": {
    "tags_to_add": [],
    "tags_to_remove": [
      "Duplicate"
    ]
  }
}

Response examples (200)

{
  "took": "68,",
  "noops": "0,",
  "total": "1,",
  "batches": "1,",
  "deleted": "0,",
  "retries": {
    "bulk": "0,",
    "search": 0
  },
  "updated": "1,",
  "failures": [],
  "timed_out": "false,",
  "throttled_millis": "0,",
  "version_conflicts": "0,",
  "requests_per_second": "-1,",
  "throttled_until_millis": "0,"
}