Related Concepts: Case Manipulation

This function closes the current alert. This is the same as manually closing the alert from the case overview. Function requires the reason for closure, a root cause and a comment, just like the close case alert.

Closing an alert in Siemplify closes the new case (with only one alert).

siemplify.close_alert(reason=reason, root_cause=root_cause, comment=comment)

Parameters

Param NameParam TypePossible ValuesCommentsMandatory Parameter
reasonstringOne of three predefined strings available in the close popup (when done manually): “NotMalicious”, “Malicious” and “Maintenance”When creating an action, there is a parameter type named “Case close reason” that can be used. The user will have to choose from the three possible reasons and won’t be able to input his own stringsYes
root_causestringA string taken from the “Case close root cause” table in the settingsSimilar to the previous parameter, there is an action parameter type called “Close case root cause” which forces the user to choose from values available in the relevant tableYes
commentstringAny string could be used hereComment should describe the case, but is not restrictedYes
case_idstring12345Unique case identifier.No
alert_identifierstring12345Unique alert identifier.No

Return Type

NoneType

Example:

Sample Code
from SiemplifyAction import SiemplifyAction 
siemplify = SiemplifyAction() 
reason = "Maintenance" 
root_cause = "Employee Error" 
comment = "User accidentally activated a correlation before it was ready to be used and triggered this alert" 
siemplify.close_alert(reason=reason, root_cause=root_cause, comment=comment)
Result Behavior
the current alert is moved to new case and subsequently closed with the alert. 
Result Value
None