Update detection

Update the status or comment fields for an existing detection for a tenant.

Service endpoint	/detections/v2/update
Optional query string parameters	—
Example	https://protectapi.cylance.com/detections/v2/update
Method	HTTP/1.1 POST
Request headers	Accept: application/json Authorization: Bearer `JWT Token returned by Auth API` with the opticsdetect:update scope encoded

Request

Request with Status:

[
    {
        "detection_id": "f2d6c020-53e2-4300-9005-2e006d9a0f57",
        "field_to_update": {
            "status": "Done"
        }
    }
]

Request with Comment:

[
    {
        "detection_id": "f2d6c020-53e2-4300-9005-2e006d9a0f57",
        "field_to_update": {
            "comment": "Add comment"
        }
    }
]

When creating the request JSON, include the status or comment string, but not both in the same request. Attempting to send the request with the status and comment strings included will result in a 400 bad request error.

Response

Please see the Response status codes for more information.

Request JSON schema

Field Name	Description
comment	This is the comment of the detection.
status	This is the status of the detection. Done: All actions are complete for this detection. False Positive: The detection is considered a false positive. Follow Up: This detection requires someone to follow-up on it. In Progress: The detection is currently being reviewed and worked on. New: The detection is new. Reviewed: The detection has been reviewed, but no actions have been taken.

Section:

Detections API