Updating a batch of investigation states

1. Authenticate to the cloud platform via the Python shell.

   The following variables should be available now:

   >>> base_url  # the base URL of the API
   '<the Acronis data center URL>/api/mdr/v1'
   >>> auth  # the 'Authorization' header value with the access token
   {'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImMwMD...'}
   >>> tenant_id # the ID of the partner tenant that can be accessed with the token
   'ede9f834-70b3-476c-83d9-736f9f8c7dae'
   

2. Fetch the list of incidents which investigation states you want to update by following the Fetching incidents procedure.

   As a result, you should have a list of incident IDs and customer IDs that you will use in the following steps:

   >>> incidents
   [
       {
           'incident_id': '41e19c11-2606-475d-b459-56a5509494ee',
           'customer_id': '64b40fe0-2051-4f11-8913-ecd9652e221c'
       },
       {
           'incident_id': '7560c5a0-d748-467b-807f-f794c322bbe4',
           'customer_id': 'f1065685-e276-484e-9527-e109e06ec236'
       }
   ]
   

3. Define a variable named investigation_state, and then assign a dictionary with the investigation state to this variable:

   >>> investigation_state = {
   ...     "customer_incident_ids": incidents,
   ...     "update": {
   ...         "state": "CLOSED",
   ...         "comment": "Remediation actions completed."
   ...     }
   ... }
   

4. Convert the investigation_state object to a JSON text:

   >>> investigation_state = json.dumps(investigation_state, indent=4)
   

5. Send a POST request with the JSON text to the /incidents/investigation_state endpoint:

   >>> response = requests.post(
   ...     f'{base_url}/incidents/investigation_state',
   ...     headers={'Content-Type': 'application/json', **auth},
   ...     data=investigation_state,
   ... )
   

6. Check the status code of the response:

   >>> response.status_code
   207
   

   Status code 207 means that the request contains multiple statuses.

   Also, the response body contains the information about processed incident status updates formatted as a JSON text. When converted to an object, it will look as follows:

   >>> pprint.pprint(response.json())
   {'failure_items': 0, 'items': null, 'success_items': 2, 'total_items': 2}
   

   In case the update of some investigation states fails, the response will contain the details about the failed items:

   >>> pprint.pprint(response.json())
   {'failure_items': 1,
   'items': [{'item': {'incident_id': '41e19c11-2606-475d-b459-56a5509494ef'},
               'status': 404}],
   'success_items': 1,
   'total_items': 2}
   

   Information provided with the investigation state will be reflected in the incident details and can be obtained by following both Fetching incident details and response actions and Fetching incidents procedures.