Insert Parsed Alerts
Upload alerts from external alert sources.
Synopsis
URI | /public_api/v1/alerts/insert_parsed_alerts/ |
HTTP Method | POST |
Required License | Cortex XDR Pro-Endpoint or Cortex XDR Pro per TB |
Description
Upload alerts from external
alert sources in Cortex XDR format. Cortex XDR displays alerts that
are parsed successfully in related incidents and views.
You
can send 600 alerts per minute. Each request can contain a maximum
of 60 alerts.
Request Fields
The body of this request
contains a JSON object with the following fields:
Field | Description |
---|---|
request_data | ( Required ) A dictionary containing
the API request fields. |
alerts | List of alerts in Cortex XDR format, each containing
the following keywords:
|
Request Example
curl -X POST https://api-{fqdn}/public_api/v1/alerts/insert_parsed_alerts/ \ -H "x-xdr-auth-id:{API_KEY_ID}" \ -H "Authorization:{API_KEY}" \ -H "Content-Type:application/json" \ -d '{ "request_data": { "alerts": [ { "product": "VPN & Firewall-1", "vendor": "<vendor name>", "local_ip": "<IP address>", "local_port": <port>, "remote_ip": "<IP address>", "remote_port": <port>, "event_timestamp": 1543270652000, "severity": "Low", "alert_name": "Alert Name Example", "alert_description": "Alert Description", "action_status": "Reported" } ] } }'
Success Response
Upon success,
the HTTP response code is 200.
Field | Description |
---|---|
reply | JSON object containing a query result.
|
Error Response
Upon error,
the reply includes an HTTP response code, an error message, and
additional information describing the error. The HTTP response code is
one of the following:
Field | Description |
---|---|
400 | Bad Request. Got an invalid JSON. |
401 | Unauthorized access. An issue occurred during authentication.
This can indicate an incorrect key, id, or other invalid authentication
parameters. |
402 | Unauthorized access. User does not have the
required license type to run this API. |
403 | Forbidden access. The provided API Key does
not have the required RBAC permissions to run this API. |
500 | Internal server error. A unified status for
API communication type errors. |
Error Response Format
{"reply": {"err_code": STATUS_CODE, "err_msg": GENERAL_MESSAGE, "err_extra": EXTRA_DATA}}
Recommended For You
Recommended Videos
Recommended videos not found.