IoT Security API Reference
    : Resolve a Security Alert
    Focus
    Download PDF
    Focus
    1. Home
    2. IoT
    3. IoT Security API Reference
    4. IoT Security API
    5. Resolve a Security Alert
    Download PDF

    IoT Security API Reference

    Resolve a Security Alert

    Table of Contents

    Resolve a Security Alert

    Use the IoT Security API to resolve a security alert.

    Synopsis

    URI
    /pub/v4.0/alert/update
    HTTP Method
    PUT
    FQDN
    <customer-name>.iot.paloaltonetworks.com

    Description

    Resolve a security alert.

    Request Fields

    The URL of this request contains the following parameters:
    Field
    Description
    id
    (
    Required
    ) The alert ID being resolved. To retrieve a list of security alerts, including their IDs, use Get Security Alerts.
    Use the value for
    id
    , not the value for
    zb_ticketid
    .
    The following value is a string.
    customerid
    (
    Required
    ) The customer ID specifies the API call for a specific tenant.
    The following value is a string.
    The payload of this request contains the following parameters:
    Field
    Description
    reason
    (
    Required
    ) This is the reason for resolving the alert. The following value is a string and cannot contain any special characters.
    reason_type
    (
    Required
    ) This is the type of reason for resolving the alert and is one of the following array of values:
    Issue Mitigated
    No Action Needed
    VPN protected connections
    Trusted remote destination
    Normal behavior for this device
    Normal behavior for all devices in the same IoT profile
    Other
    resolved
    (
    Required
    ) This defines the alert as resolved. The following value is a string and must be
    yes
    .
    Request to Resolve an Alert Example
    curl --location -X PUT 'https://acmecorp.iot.paloaltonetworks.com/pub/v4.0/alert/update?id=<alert_id_number>&customerid=acmecorp' \
-H 'X-Key-Id: KEY_ID' \
-H 'X-Access-Key: ACCESS_KEY' \
--header 'Content-Type: application/json' \
--data-raw \
'{
    "reason": "The alert poses no threat",
    "reason_type":
      [
      "No Action Needed"
      ],
    "resolved": "yes"
}'

    Success Response

    Upon success, the HTTP response code is 200.
    Success Response Example
    {
    "api": "/pub/v4.0/alert/update",
    "ver":"v0.3"
}

    Error Response

    Upon error, the reply includes an HTTP response code, an error message, and additional information describing the error. The HTTP response code is one of the following:
    Field
    Description
    400
    Bad Request. This occurs when an HTTP request contains invalid JSON in its body.
    403
    Forbidden access. Either the provided API Key is invalid or it does not have the required RBAC permissions to run this API.
    429
    Too many requests. The number of requests to resolve a security alert exceeded the rate limit of 180 queries per minute per tenant.
    500
    Internal server error. A unified status for API communication type errors.
    Error Response Format
    {code: STATUS_CODE, msg: GENERAL_MESSAGE}

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.