Update Threat Incident

description updates a threat incident's details in sentinelone based on provided data and filter criteria endpoint url /web/api/v2 1/threats/incident method post inputs json body (object) – required data (object) – required incidentstatus (string) – required incident status to update for the threat analystverdict (string) the analyst verdict to set for the threat filter (object) – required createdat lt (string) created at lesser than createdat gt (string) created at greater than updatedat gt (string) updated at greater than updatedat lt (string) updated at lesser than ids (array) list of threat ids groupids (array) list of group ids to filter by siteids (array) list of site ids to filter by accountids (array) list of account ids to filter by incidentstatuses (array) filter threats by a specific incident status classificationsources (array) classification sources list classifications (array) list of threat classifications to search agentids (array) list of agent ids ostypes (array) included os types enginesnin (array) excluded engines ostypesnin (array) excluded os types containerimagename contains (array) free text filter by the endpoint container image name (supports multiple values) k8snodename contains (array) free text filter by the endpoint kubernetes node name (supports multiple values) k8snamespacename contains (array) free text filter by the endpoint kubernetes namespace name (supports multiple values) analystverdicts (array) filter threats by a specific analyst verdict agentisactive (boolean) include agents currently connected to the management console agentmachinetypes (array) include agent machine types agentmachinetypesnin (array) excluded agent machine types agenttagsdata (string) filter threats by assigned tags to the related agent given in form of a json where each key represents a tag key, and each value represents a list of string values to filter by to filter by unassigned tag values, use nin suffix in the tag key agentversions (array) include agent versions agentversionsnin (array) excluded agent versions analystverdictsnin (array) exclude threats with specific analyst verdicts awsrole contains (array) free text filter by aws role (supports multiple values) awssecuritygroups contains (array) free text filter by aws security groups (supports multiple values) awssubnetids contains (array) free text filter by aws subnet ids (supports multiple values) azureresourcegroup contains (array) free text filter by azure resource group (supports multiple values) classificationsnin (array) list of threat classifications not to search classificationsourcesnin (array) classification sources list to exclude cloudaccount contains (array) free text filter by cloud account (supports multiple values) cloudimage contains (array) free text filter by cloud image (supports multiple values) cloudinstanceid contains (array) free text filter by cloud instance id (supports multiple values) cloudinstancesize contains (array) free text filter by cloud instance size (supports multiple values) cloudlocation contains (array) free text filter by cloud location (supports multiple values) cloudnetwork contains (array) free text filter by cloud network (supports multiple values) cloudprovider (array) agents from which cloud provider cloudprovidernin (array) exclude agents from these cloud providers collectionids (array) list of collection ids to search commandlinearguments contains (array) free text filter by threat command line arguments (supports multiple values) computername contains (array) free text filter by computer name (supports multiple values) confidencelevels (array) filter threats by a specific confidence level confidencelevelsnin (array) exclude threats with specific confidence levels containerlabels contains (array) free text filter by the endpoint container labels (supports multiple values) containername contains (array) free text filter by the endpoint container name (supports multiple values) contenthash contains (array) free text filter by file content hash (supports multiple values) contenthashes (array) list of sha1 hashes to search for countsfor (string) comma separated list of fields to be shown detectionagentdomain contains (array) free text filter by agent domain at detection time (supports multiple values) detectionagentversion contains (array) free text filter by agent version at detection time (supports multiple values) detectionengines (array) included engines detectionenginesnin (array) excluded engines displayname (string) display name engines (array) included engines externalticketexists (boolean) the threat contains ticket number externalticketid contains (array) free text filter by the threat external ticket id (supports multiple values) externalticketids (array) external ticket id for the threat failedactions (boolean) at least one action failed on the threat filepath contains (array) free text filter by file path (supports multiple values) gcpserviceaccount contains (array) free text filter by gcp service account (supports multiple values) hasagenttags (boolean) include only threats whose agent is assigned any tags if true, or none if false initiatedby (array) only include threats from specific initiating sources initiatedbynin (array) exclude threats with specific initiating sources initiatedbyusername contains (array) free text filter by the username that initiated that threat (supports multiple values) k8sclustername contains (array) free text filter by the endpoint kubernetes cluster name (supports multiple values) k8scontrollerlabels contains (array) free text filter by the endpoint kubernetes controller labels (supports multiple values) k8scontrollername contains (array) free text filter by the endpoint kubernetes controller name (supports multiple values) k8snamespacelabels contains (array) free text filter by the endpoint kubernetes namespace labels (supports multiple values) k8snodelabels contains (array) free text filter by the endpoint kubernetes node labels (supports multiple values) k8spodlabels contains (array) free text filter by the endpoint kubernetes pod labels (supports multiple values) k8spodname contains (array) free text filter by the endpoint kubernetes pod name (supports multiple values) limit (number) limit mitigatedpreemptively (boolean) if the threat was detected pre execution or post execution mitigationstatuses (array) filter threats by a specific status mitigationstatusesnin (array) filter threats not by a specific status noteexists (boolean) the threat contains at least one note originatedprocess contains (array) free text filter by the originated process name of the threat (supports multiple values) osarchs (array) included os architectures osnames (array) os names osnamesnin (array) os names to exclude pendingactions (boolean) at least one action is pending for the agent for the threat publishername contains (array) free text filter by threat's publisher name (supports multiple values) query (string) full text search for fields threat details, content hash, computer name, file path, uuid, detection agent version, realtime agent version, detection agent domain, command line arguments, initiated by username, storyline, originated process, k8s cluster name, k8s node name, k8s node labels, k8s namespace name, k8s namespace labels, k8s controller name, k8s controller labels, k8s pod name, k8s pod labels, container name, container image name, container labels, external ticket id realtimeagentversion contains (array) free text filter by agent version at current time (supports multiple values) rebootrequired (boolean) a reboot is required on any endpoint for at least one action on the threat resolved (boolean) used for backward compatibility with api 2 0 storyline contains (array) free text filter by threat storyline (supports multiple values) storylines (array) list of agent context to search for tenant (boolean) indicates a tenant scope request threatdetails contains (array) free text filter by threat details (supports multiple values) uuid contains (array) free text filter by agent uuid (supports multiple values) createdat gte (string) created at greater or equal than createdat lte (string) created at lesser or equal than updatedat gte (string) updated at greater or equal than updatedat lte (string) updated at lesser or equal than incidentstatusesnin (array) exclude threats with specific incident statuses output output parameters status code (number) reason (string) json body (object) data (object) affected (number) details (array) result (string) analystverdict (string) threatid (string) errors (object) response headers header type server string date string content type string transfer encoding string connection string x rqid string access control allow origin string access control allow credentials string vary string strict transport security string x frame options string x content type options string content security policy string cache control string pragma string expires string content encoding string