Back to Blogs

How to migrate to Alerts v7 APIs

Posted on July 9, 2023

Overview

In the Alerts v7 API we have extended the capabilities of the Alerts API by improving the methods of retrieving alerts and adding functionality to manage the workflow by updating the alert status. This will allow you to more efficiently call an API by providing a wider range of filterable fields, including creation time, type, status, tag and more, as well as the ability to close alerts. New features include:

  • Single endpoint to manage workflows across single or groups of alerts or threats with the use of appropriate search criteria, replacing four endpoints
  • Ability to validate a search before execution with “Validate Search” endpoint
  • Ability to add user-defined tags to the Alert or the Threat
  • Ability to get statistical information about Alerts over a time period with the Histogram endpoint

Note: This blog was updated on 10th Oct 2023 with additional information.

Requirements

  • Endpoint Standard or Enterprise EDR product
  • All API calls require an API key with appropriate permissions, see Authentication for details

Note regarding Observed Alerts

Note: As part of the Alerts v7 API release and Alert Forwarder Schema v2, Observed Alerts were removed.

Deactivation timeline

The Alerts v6 API will be deactivated on September 5, 2024. (Updated September 2023.)

Resources

Have questions or feedback?

  • Stay up to date with the latest news by subscribing to the Developer Network Newsletter.