The SOA_REOPEN_ALERT_REQUEST input document contains the request
criteria to reopen a closed alert (transition a closed alert to an unassigned
open disposition). The results of this Web services input document are returned
to the calling application in a SOA_REOPEN_ALERT_RESPONSE output document.
These UMF tags comprise the ROOT segment for the SOA_REOPEN_ALERT_REQUEST
input document:
- SOURCE_TYPE
- UMF tag that is required. It Identifies the type of the alert for
which the disposition is being assigned.
- The only current recognized value is CONFLICT.
- If this tag is not provided or is empty, then role alerts with any status
will be returned.
- SOURCE_ID
- UMF tag that is required. It identifies the alert within the specified
alert type for which we are updating the disposition. The value is that of
a 64-bit integer number.
- If the alert ID does not identify a known alert, then no update will be
performed.
- The identified alert must currently have a disposition with an ACT_STATUS_CODE
value of assigned.
- ACT_CODE_ID
- UMF tag that is required. It identifies the disposition to be assigned
to the alert. The value is that of a 64-bit integer number.
- The disposition must be of the same alert type as that given in the SOURCE_TYPE
tag.
- The identified disposition must have an ACT_STATUS_CODE value of CLOSED.
- ACT_COMMENT
- UMF tag that is required. It details the reasons why the disposition
is being changed for the alert.
- REOPENED_BY_USER
- UMF tag that is required. It identifies the user name of the analyst
performing the change in disposition for the alert. The user should be a recognized
active user.
The SOAP-RPC equivalent of the SOA_REOPEN_ALERT_REQUEST
input document and the SOA_REOPEN_ALERT_RESPONSE output document is the reopenAlert method.
Example SOA_REOPEN_ALERT_REQUEST input document
This
example SOA_REOPEN_ALERT_REQUEST requests that an alert with a SOURCE_TYPE
value of
CONFLICT, a SOURCE_ID value
of
123456789, with an ACT_CODE_ID value
of
345123987, have the disposition changed
by the user
johndoe, for the reason
of
alert not benign.
Note: This example
is formatted for readability and does not follow the required one line per
UMF record format.
<SOA_REOPEN_ALERT_REQUEST>
<SOURCE_TYPE>CONFLICT</SOURCE_TYPE>
<SOURCE_ID>123456789</SOURCE_ID>
<ACT_CODE_ID>345123987</ACT_CODE_ID>
<ACT_COMMENT>Reopening because this alert was not benign after all.</ACT_COMMENT>
<REOPENED_BY_USER>johndoe</REOPENED_BY_USER>
</SOA_REOPEN_ALERT_REQUEST>
Example SOA_REOPEN_ALERT_RESPONSE output document
This
example SOA_REOPEN_ALERT_RESPONSE output document returns the status of a
request identified in the SOA_REOPEN_ALERT_REQUEST input document that was
successful. In this instance, the alert was found and updated to have the
new disposition.
Note: This example is formatted for readability and does not
follow the required one line per UMF record format.
<SOA_REOPEN_ALERT_RESPONSE>
<ALERT_UPDATED>true</ALERT_UPDATED>
<SYS_CREATE_DT>2008-06-26 05:18:55</SYS_CREATE_DT>
</SOA_REOPEN_ALERT_RESPONSE>
This example SOA_REOPEN_ALERT_RESPONSE output document returns the status
of a request identified in the SOA_REOPEN_ALERT_REQUEST input document that
was not successful. In this instance, the alert was not found.
<SOA_REOPEN_ALERT_RESPONSE>
<ALERT_UPDATED>false</ALERT_UPDATED>
<SYS_CREATE_DT>2008-06-26 05:18:55</SYS_CREATE_DT>
</SOA_REOPEN_ALERT_RESPONSE>