Resolve a Security Alert

Use the IoT Security API to resolve a security alert.

Synopsis

URI
/pub/v4.0/alert/update
HTTP Method
PUT
FQDN
<customer-name>.iot.paloaltonetworks.com

Description

Resolve a security alert.

Request Fields

The URL of this request contains the following parameters:
Field
Description
id
(
Required
) The alert ID being resolved. To retrieve a list of security alerts, including their IDs, use Get Security Alerts.
Use the value for
id
, not the value for
zb_ticketid
.
The following value is a string.
customerid
(
Required
) The customer ID specifies the API call for a specific tenant.
The following value is a string.
The payload of this request contains the following parameters:
Field
Description
reason
(
Required
) This is the reason for resolving the alert. The following value is a string and cannot contain any special characters.
reason_type
(
Required
) This is the type of reason for resolving the alert and is one of the following array of values:
Issue Mitigated
No Action Needed
VPN protected connections
Trusted remote destination
Normal behavior for this device
Normal behavior for all devices in the same IoT profile
Other
resolved
(
Required
) This defines the alert as resolved. The following value is a string and must be
yes
.
Request to Resolve an Alert Example
curl --location -X PUT 'https://acmecorp.iot.paloaltonetworks.com/pub/v4.0/alert/update?id=<alert_id_number>&customerid=acmecorp' \ -H 'X-Key-Id: KEY_ID' \ -H 'X-Access-Key: ACCESS_KEY' \ --header 'Content-Type: application/json' \ --data-raw \ '{ "reason": "The alert poses no threat", "reason_type": [ "No Action Needed" ], "resolved": "yes" }'

Success Response

Upon success, the HTTP response code is 200.
Success Response Example
{ "api": "/pub/v4.0/alert/update", "ver":"v0.3" }

Error Response

Upon error, the reply includes an HTTP response code, an error message, and additional information describing the error. The HTTP response code is one of the following:
Field
Description
400
Bad Request. This occurs when an HTTP request contains invalid JSON in its body.
403
Forbidden access. Either the provided API Key is invalid or it does not have the required RBAC permissions to run this API.
429
Too many requests. The number of requests to resolve a security alert exceeded the rate limit of 180 queries per minute per tenant.
500
Internal server error. A unified status for API communication type errors.
Error Response Format
{code: STATUS_CODE, msg: GENERAL_MESSAGE}

Recommended For You