Actions129
- Calendar Permission Actions
- CIPP Administration Actions
- Execute API Client (GET)
- Execute Auto Backup
- Execute Extension Mapping (GET)
- Execute Extension Mapping (POST)
- Execute Extension Sync
- Execute Extensions Config
- Execute Password Config (POST)
- Execute Restore Backup
- Execute Run Backup
- List Custom Roles
- List Extension Sync
- List Logs
- List Scheduled Items
- Remove Scheduled Item
- Execute API Client (POST)
- Execute Extension Test
- Execute Password Config (GET)
- List Backups
- List Function Parameters
- Group Actions
- Intune Actions
- Add MSP App
- Add Office App
- Add Policy
- Add Store App
- Assign App
- Assign Autopilot Device
- Device Action
- Get Recovery Key
- List Applications
- List Application Queue
- List Autopilot Config
- List Devices
- List Intune Scripts
- List Intune Templates
- Remove Autopilot Device
- Remove Policy
- Remove Queued App
- Add Choco App
- Add WinGet App
- Assign Policy
- Get Local Admin Password
- List Autopilot Devices
- List Intune Policies
- Remove App
- Remove Intune Script
- Sync Autopilot Devices
- License Actions
- Security & Compliance Actions
- Teams & SharePoint Actions
- Tenant Actions
- Add Alert
- Clear Tenant Cache
- Execute CA Exclusion
- Execute Named Location
- Get Tenant
- List Alerts Queue
- List Azure AD Connect Status
- List Conditional Access Policies
- List Named Locations
- List Shared Mailbox Statistics
- List Standards
- List Tenants
- Remove Standard Template
- Add Named Location
- Edit Tenant
- Execute Standards Run
- List Audit Logs
- List CSP Licenses
- List Roles
- List Standard Templates
- Tool Actions
- User Actions
- Add User
- Exec Restore Deleted User
- List User
- List User Conditional Access Policies
- List User Groups
- Clear Immutable ID
- Create Temporary Access Password
- Delete User Device
- Dismiss Risky User
- List Deleted Items
- List Inactive Accounts
- List Sign-Ins
- Remove User
- Reset MFA
- Restore Deleted Item
- Revoke Sessions
- Set Email Forward
- Set Per-User MFA
- List All Users
- List User Counts
- List User Devices
- Convert Mailbox
- Disable User
- Enable Archive
- List MFA Users
- Offboard User
- Reset Password
- Send MFA Push
- Set Out of Office
Overview
This node operation sets the status of a security alert within a specified tenant environment. It is useful for managing and updating the lifecycle of security alerts by marking them as 'In Progress' or 'Resolved'. Practical applications include automating alert status updates in security monitoring workflows or integrating with incident response systems to reflect the current state of alerts.
Use Case Examples
- Automatically mark alerts as 'In Progress' when investigation starts.
- Set alerts to 'Resolved' after remediation actions are completed.
Properties
| Name | Meaning |
|---|---|
| Tenant Filter | The tenant ID or domain name to specify the environment where the alert exists. |
| GUID | The unique identifier of the alert to update its status. |
| Status | The status to set for the alert, either 'In Progress' or 'Resolved'. |
| Vendor | The vendor of the alert, identifying the source or system that generated the alert. |
| Provider | The provider of the alert, specifying the service or platform responsible for the alert. |
| Request Options | Additional settings for the request such as batching, SSL certificate validation, proxy configuration, and timeout settings. |
Output
JSON
status- The updated status of the alert after the operation.guid- The GUID of the alert that was updated.vendor- The vendor associated with the alert.provider- The provider associated with the alert.
Dependencies
- An API key credential for authenticating with the CIPP API service.
Troubleshooting
- Ensure the tenant ID or domain name is correct and accessible.
- Verify the GUID corresponds to an existing alert in the specified tenant.
- Check that the vendor and provider values match those expected by the API.
- If SSL errors occur, consider enabling the option to ignore SSL issues, but be aware of security risks.
- If requests time out, increase the timeout setting or check network connectivity.
Links
- CIPP API Documentation - Set Alert Status - Official documentation for setting alert status using the CIPP API.