Reporting alerts
POST
request to the /api/alert_manager/v1/alerts
endpoint.Interaction diagram
Request structure
Parameter |
Type |
Description |
---|---|---|
|
string |
The identifier of the alert type. |
|
string |
The identifier of the alert category. |
|
object |
An object that contains the information about the alert. |
|
string |
A human-readable title of the alert. |
|
string |
A human-readable alert category name. |
|
string |
A human-readable description of the alert. |
|
object |
|
|
string |
The identifier of the tenant where the alert was triggered. |
|
strings |
|
Alert example
{
"type": "cti.a.p.am.alert.v1.0~a.p.basic.v1.0~vendor.application.malware_detected.v1.0",
"category": "cti.a.p.am.category.v1.0~vendor.application.protection.v1.0",
"details": {
"title": "Malware Quarantined",
"category": "Malware Detected",
"description": "Malicious file \"trojan.exe\" was put into quarantine.",
"fields": {
"Malware type": "Trojan:Win32/Caphaw.D!lnk",
"Device ID": "62aedd2b-6556-45d5-a76e-43db475068a7",
"Full path": "C:\\Windows\\System32\\trojan.exe"
}
},
"tenantID": "f234baa2-e404-4d78-93de-4f3a77448d02"
}
Produces the following alert in the Cyber Protection console.
Response structure
The response returns status 200, with a single field payload.
Parameter |
Type |
Description |
---|---|---|
|
string |
UUID of the reported alert. |