Back to Blogs

How to migrate to Alerts v7 APIs

Posted on July 9, 2023


In the Alerts v7 API we have extended the capabilities of the Alerts API by improving the methods of retrieving alerts and adding functionality to manage the workflow by updating the alert status. This will allow you to more efficiently call an API by providing a wider range of filterable fields, including creation time, type, status, tag and more, as well as the ability to close alerts. New features include:

  • Single endpoint to manage workflows across single or groups of alerts or threats with the use of appropriate search criteria, replacing four endpoints
  • Ability to validate a search before execution with “Validate Search” endpoint
  • Ability to add user-defined tags to the Alert or the Threat
  • Ability to get statistical information about Alerts over a time period with the Histogram endpoint

Note: This blog was updated on 10th Oct 2023 with additional information.


  • Endpoint Standard or Enterprise EDR product
  • All API calls require an API key with appropriate permissions, see Authentication for details

How to Migrate

Everything you need is in the Alerts v7 API Migration Guide.

Note: As part of the Alerts v7 API release and Alert Forwarder Schema v2, Observed Alerts were removed.
  • Observed Alerts will continue to be returned in Alerts v6 API responses and Data Forwarder Alert Schema v1.
  • An Observed Alert can only be enriched by
    • Searching Enriched Events by alert_id
    • Searching Observations by event_id using created_by_event_id from the Observed Alert
  • An Observed Alert is identified by category = MONITORED in the API response and WARNING in the Alert Forwarder output.
  • Observed Alerts are not returned in Alerts v7 API responses or in the Data Forwarder Alert Schema v2.
  • See Announcing the Alerts V7 API and “Observed Alerts” Become “Observations” for more information.

Deactivation timeline

The Alerts v6 API will be deactivated on July 31, 2024. (Updated September 2023.)


Have questions or feedback?

  • Stay up to date with the latest news by subscribing to the Developer Network Newsletter.