Root parameters

The following parameters are shown in the request. For examples of requests, see Request examples for the Update Incidents API.

Name Required/ Optional Supported Valid values
type Required INCIDENTS, DISCOVERY INCIDENTS, DISCOVERY
action_type Required INCIDENTS, DISCOVERY

STATUS SEVERITY, ASSIGN_TO, ADD_COMMENT TAG

RELEASE (not supported for DISCOVERY) FALSE_POSITIVE

value

Required

Optional (ADD_COM MENT, RELEASE)

INCIDENTS, DISCOVERY

STATUS: NEW, IN_PROCESS, CLOSE, FALSE_POSITIVE, ESCALATED, custom

status

SEVERITY: HIGH, MEDIUM, LOW

ASSIGN_TO: admin name to be assigned to TAG: tag name (maximum 100 chars) FALSE_POSITIVE: 1 (ignore), 0 (include)

comment

Optional

Required for ADD_COM MENT

INCIDENTS, DISCOVERY

Supported for the following actions: ADD_COMMENT

ASSIGN_TO TAG

RELEASE (not supported for DISCOVERY) FALSE_POSITIVE

scan_partitions

Optional

(default value is NONE)

INCIDENTS

(relevant only if incident_keys is populated)

Parameter to identify if partition_index was provided on each event key.

ALL: Scans all partitions to get incidents and fetches their partition_index that is required for an update.

NONE: Assumes partition_index is provided. If partition_index is missing on any key, then an exception is thrown.

LAST_ACTIVE: Sets last 2 partitions and sends update with them. If the incident is not located on those 2 partitions, then update does not execute.

event_ids Required when update by event ids INCIDENTS, DISCOVERY

Array of the Event IDs to be updated. If event_ids is provided, then it is required to perform a lookup for incidents by event ID to get incident_id and partition_index. Currently, there is no API to avoid searching over all partitions.

The number of provided IDs is limited to 1,000. Error code 400 is returned if violated.

incident_keys Required when update by incident keys INCIDENTS, DISCOVERY

Array of Incident Key objects on which the action should be performed.

The number of provided IDs is limited to 1,000. Error code 400 is returned if violated.