Update Alert Incident

description updates an alert's incident details in sentinelone using specified data and filter criteria endpoint url /web/api/v2 1/cloud detection/alerts/incident method post inputs json body (object) – required filter (object) – required containerimagename contains (array) free text filter by the endpoint container image name (supports multiple values) limit (number) limit reportedat gte (string) reported at greater or equal than tenant (boolean) indicates a tenant scope request reportedat lte (string) reported at lesser or equal than sourceprocessname contains (array) free text filter by source process name incidentstatus (array) filter threats by a incident status sourceprocesscommandline contains (array) free text filter by source commandline createdat lte (string) created at lesser or equal than k8snamespacelabels contains (array) free text filter by the endpoint kubernetes namespace labels (supports multiple values) k8spod contains (array) free text filter by the endpoint kubernetes pod name (supports multiple values) reportedat gt (string) reported at greater than sourceprocessfilehashsha1 contains (array) free text filter by source sha1 k8snode contains (array) free text filter by the endpoint kubernetes node name (supports multiple values) createdat gt (string) created at greater than origagentuuid contains (array) free text filter by agent uuid sourceprocessfilehashmd5 contains (array) free text filter by source md5 query (string) full text search for all fields ostype (array) included os types containername contains (array) free text filter by the endpoint container name (supports multiple values) analystverdict (array) filter threats by a analyst verdict createdat lt (string) created at lesser than origagentname contains (array) free text filter by agent name rulename contains (array) free text filter by rule name origagentosrevision contains (array) free text filter by agent os revision sourceprocessfilepath contains (array) free text filter by source file path k8scontrollerlabels contains (array) free text filter by the endpoint kubernetes controller labels (supports multiple values) siteids (array) list of site ids to filter by containerlabels contains (array) free text filter by the endpoint container labels (supports multiple values) k8snamespacename contains (array) free text filter by the endpoint kubernetes namespace name (supports multiple values) groupids (array) list of group ids to filter by accountids (array) list of account ids to filter by machinetype (array) agent machine type k8scontrollername contains (array) free text filter by the endpoint kubernetes controller name (supports multiple values) severity (array) severity k8scluster contains (array) free text filter by the endpoint kubernetes cluster name (supports multiple values) ids (array) a list of alert ids scopes (array) filter results by scope createdat gte (string) created at greater or equal than sourceprocessstoryline contains (array) free text filter by source storyline origagentversion contains (array) free text filter by agent os version reportedat lt (string) reported at lesser than k8spodlabels contains (array) free text filter by the endpoint kubernetes pod labels (supports multiple values) sourceprocessfilehashsha256 contains (array) free text filter by source sha255 data (object) – required incidentstatus (string) – required free text filter by the endpoint container image name (supports multiple values) output example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "thu, 18 apr 2024 00🕛38 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x rqid" "d281729a 04f6 40d4 aeef 5f0add7d40a3", "access control allow origin" "https //cns us east 1 prod sentinelone net", "access control allow credentials" "true", "vary" "origin", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "sameorigin", "x content type options" "nosniff", "content security policy" "default src 'self' ; connect src 'self' sentinelone net cdn pendo io app pendo io pendo io data pendo io scalyr com storage googleapis com sentry io sentry io google analytics com gstatic com unpkg com cdn auth0 com wss\ // sentinelone net https //www googletagmanager com https //cdnjs cloudflare com https //dm64t97qsxvuz cloudfront net data ; script src 'self' 'unsafe inline' 'unsafe eval' sentinelone net cdn pendo io app pendo io pendo io static storage googleapis com storage googleapis com data pendo io https //www google analytics com https //www googletagmanager com https //unpkg com https //cdnjs cloudflare com https //dm64t97qsxvuz cloudfront net ; img src 'self' sentinelone net sentinelone com dm64t97qsxvuz cloudfront net data https //www google analytics com cdn pendo io app pendo io storage googleapis com data pendo io ; style src 'self' 'unsafe inline' sentinelone net app pendo io cdn pendo io storage googleapis com https //cdnjs cloudflare com https //dm64t97qsxvuz cloudfront net ; font src 'self' data sentinelone net https //cdn auth0 com https //dm64t97qsxvuz cloudfront net ; manifest src 'self' https //dm64t97qsxvuz cloudfront net ; frame src 'self' blob https //receptive io https // pendo io https //pendo io extensions storage googleapis com/ https // youtube com sentinelone net scalyr com; frame ancestors 'self' app pendo io sentinelone net; object src 'none'", "cache control" "no store", "pragma" "no cache", "expires" " 1", "content encoding" "gzip" }, "reason" "ok", "json body" { "data" { "affected" 3 } } } ] output parameters status code (number) reason (string) json body (object) data (object) affected (number) response headers header type server string date string content type string transfer encoding string connection string x rqid string access control allow origin string access control allow credentials string vary string strict transport security string x frame options string x content type options string content security policy string cache control string pragma string expires string content encoding string