We've always believed security teams should be able to orchestrate their operations workflow using APIs whenever possible. The Detections API now provides additional detail about the full timeline of a detection:

See more with the API

Detection Notes

When your team enters notes about a detection, they are now returned in the Detection's timeline:

Acknowledgement & Remediation State

Acknowledging and marking a detection as either remediated or not remediated are also recorded in the detection's timeline. This information is also now available in the Detection's timeline when retrieved by the API.

Do more with the API

These same actions can now be triggered through the Red Canary API. Simply POST the following routes to trigger the changes:

POST openapi/v2/detections/<ID>/mark_acknowledged
POST openapi/v2/detections/<ID>/mark_remediated
POST openapi/v2/detections/<ID>/mark_false_positive
POST openapi/v2/detections/<ID>/mark_sanctioned_activity
POST openapi/v2/detections/<ID>/mark_remediation_unwarranted

For example: 

Stay tuned for additional API updates as we continuously expand our APIs to enable your automation.

Did this answer your question?