Updating Alerts

Modify existing alerts using PUT (full replacement) or PATCH (partial update) operations.

PUT /api/alerts/:id

Replace the entire alert with new configuration. All fields must be provided.

Endpoint

PUT /api/alerts/:id

Authentication

Requires API Key with Policy Definition permission.

Request Body

Same as creating an alert - all fields required.

Response

Returns the updated alert object with the new configuration.

PATCH /api/alerts/:id

Partially update an alert. Only specified fields are modified.

Endpoint

PATCH /api/alerts/:id

Authentication

Requires API Key with Policy Definition permission.

Request Body

Provide only the fields you want to update:

{
  "description": "Updated description"
}

Response

Returns the updated alert object:

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "name": "High-Volume PII Detection",
  "description": "Updated description",
  "enable": true,
  "conditions": [...],
  "updatedAt": 1704240000
}

Examples

Update Alert Description

Change only the description field using PATCH.

cURLPythonNode.js

ALERT_ID="550e8400-e29b-41d4-a716-446655440000"

curl -X PATCH "https://your-shield-host:8080/api/alerts/$ALERT_ID" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"description": "Updated alert policy for PII detection"}'

import requests

BASE_URL = "https://your-shield-host:8080"
HEADERS = {"Authorization": "Bearer YOUR_API_KEY"}

alert_id = "550e8400-e29b-41d4-a716-446655440000"

response = requests.patch(
    f"{BASE_URL}/api/alerts/{alert_id}",
    headers=HEADERS,
    json={"description": "Updated alert policy for PII detection"}
)

print(f"Updated: {response.json()['description']}")

const axios = require('axios');

const BASE_URL = 'https://your-shield-host:8080';
const HEADERS = { 'Authorization': 'Bearer YOUR_API_KEY' };

const alertId = '550e8400-e29b-41d4-a716-446655440000';

const response = await axios.patch(
  `${BASE_URL}/api/alerts/${alertId}`,
  { description: 'Updated alert policy for PII detection' },
  { headers: HEADERS }
);

console.log(`Updated: ${response.data.description}`);

Update Alert Threshold

Modify the occurrence threshold and time window.

PythonNode.js

import requests

BASE_URL = "https://your-shield-host:8080"
HEADERS = {"Authorization": "Bearer YOUR_API_KEY"}

alert_id = "550e8400-e29b-41d4-a716-446655440000"

# Update threshold settings
update = {
    "thresholdTime": "10",
    "thresholdType": "minutes"
}

response = requests.patch(
    f"{BASE_URL}/api/alerts/{alert_id}",
    headers=HEADERS,
    json=update
)

const axios = require('axios');

const BASE_URL = 'https://your-shield-host:8080';
const HEADERS = { 'Authorization': 'Bearer YOUR_API_KEY' };

const alertId = '550e8400-e29b-41d4-a716-446655440000';

// Update threshold settings
const update = {
  thresholdTime: '10',
  thresholdType: 'minutes'
};

const response = await axios.patch(
  `${BASE_URL}/api/alerts/${alertId}`,
  update,
  { headers: HEADERS }
);

Add Recipients

Add additional email recipients to an existing alert.

PythonNode.js

import requests

BASE_URL = "https://your-shield-host:8080"
HEADERS = {"Authorization": "Bearer YOUR_API_KEY"}

alert_id = "550e8400-e29b-41d4-a716-446655440000"

# Get current alert
alert = requests.get(f"{BASE_URL}/api/alerts/{alert_id}", headers=HEADERS).json()

# Add new recipients
alert["emailRecipients"].extend([
    "soc@company.com",
    "devops@company.com"
])

# Update alert
response = requests.patch(
    f"{BASE_URL}/api/alerts/{alert_id}",
    headers=HEADERS,
    json={"emailRecipients": alert["emailRecipients"]}
)

print(f"Now sending to {len(response.json()['emailRecipients'])} recipients")

const axios = require('axios');

const BASE_URL = 'https://your-shield-host:8080';
const HEADERS = { 'Authorization': 'Bearer YOUR_API_KEY' };

const alertId = '550e8400-e29b-41d4-a716-446655440000';

// Get current alert
const alertResponse = await axios.get(`${BASE_URL}/api/alerts/${alertId}`, { headers: HEADERS });
const alert = alertResponse.data;

// Add new recipients
alert.emailRecipients.push('soc@company.com', 'devops@company.com');

// Update alert
const updateResponse = await axios.patch(
  `${BASE_URL}/api/alerts/${alertId}`,
  { emailRecipients: alert.emailRecipients },
  { headers: HEADERS }
);

console.log(`Now sending to ${updateResponse.data.emailRecipients.length} recipients`);

Error Responses

Status Code	Description
`400`	Invalid request body or validation error
`401`	Invalid or expired API key
`403`	Insufficient permissions (requires Policy Definition)
`404`	Alert not found
`409`	Alert name already exists (when changing name)

List Alerts - Query all alerts
Get Alert - View current configuration before updating
Delete Alert - Remove an alert
Enable/Disable Alert - Control alert activation
Alert Logs - View alert execution history

Updating Alerts

PUT /api/alerts/:id

Endpoint

Authentication

Request Body

Response

PATCH /api/alerts/:id

Endpoint

Authentication

Request Body

Response

Examples

Error Responses

Related Topics