ThreatSync+ NDR Smart Alerts API

Version: 1.0.1

ThreatSync+ NDR Smart Alerts API Version History

Download the API specification

Introduction

The ThreatSync+ NDR Smart Alerts API is a RESTful API that you can use to retrieve details for a ThreatSync+ NDR Smart Alert and to close a Smart Alert with a specific reason and related details.

This documentation explains how to get access to the ThreatSync+ NDR Smart Alerts API and includes examples to help you get started.

Get Started

This section describes how to submit requests to the ThreatSync+ NDR Smart Alerts API.

API URL

The ThreatSync+ NDR Smart Alerts API URL is:

https://{base API URL}/rest/threatsyncplus/smartalerts/v1/

The base URL for WatchGuard public APIs varies by environment and region. The base API URL for your account appears on the Managed Access page in WatchGuard Cloud.

Endpoint Path Parameters

Each WatchGuard public API has a version, expressed as <major>.<minor>.<patch>. You specify the major API version, such as v1, as part of the endpoint URI path.

Authentication

WatchGuard public APIs use the Open Authorization (OAuth) 2.0 authorization framework for token-based authentication. To use the ThreatSync+ NDR Smart Alerts API, you must first enable API access in your WatchGuard Cloud account and make an API request to generate an access token.

You must include the access token and your API Key in the header of each request you make to the ThreatSync+ NDR Smart Alerts API.

For more information, see Authentication.

Request Headers

You must include this information in the header of each request you make to the ThreatSync+ NDR Smart Alerts API:

Content-Type

application/json

Accept

application/json

Authorization

The access token that you generate with the WatchGuard Authentication API. For more information, see Authentication.

WatchGuard-API-Key

The API Key associated with your WatchGuard Cloud account (shown on the Managed Access page in WatchGuard Cloud).

Get a Smart Alert

/{v1}/accounts/{accountId}/smartalert/{smartAlertId}

Make a request to this endpoint to retrieve a specific Smart Alert by Smart Alert ID.

Path Parameters

When you send a request to this endpoint, you must include these path parameters:

accountId
string
REQUIRED

Your WatchGuard Cloud account ID. You can see your accountId on the My Account page in WatchGuard Cloud.

Example: ACC-3145277

smartAlertId
string
REQUIRED

Specifies the Smart Alert ID.

Example: 1756794600000||f81dc9a0-5b46-4ceb-b030-7a3eb0fee8ca||int_to_int_PRA

Query Parameters

tenant_name
string
REQUIRED

Specifies the WatchGuard Cloud account ID of the account to access.

Example: WGC-1-c101b89102b34e8fb4d5

Example Request

curl -X GET 
	https://api.usa.cloud.watchguard.com/rest/threatsyncplus/smartalerts/v1/accounts/ACC-3145277/smartalert/1757066400000%7C%7C34401631-f6bb-4ad9-8b77-a75b3ce47edb%7C%7Cint_to_int_PRA?tenant_name=WGC-1-c101b89102b34e8fb4d5
	-H 'Authorization: Bearer eyJraWQiOiJWamJQVlpnOU45SFRhdWJQZGVPU0d0WEdmbENTZnpRZ0E4NGdjTlRvN2ZjPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0OGU1MjczOS1hNDlkLTQ1YTctODE5OS1iOGQzNTljMjhlYTIiLCJjdXN0b206YXBpX2tleXMiOiJiOVJoUGl4aTlUbE5qZDNQNDE0dXdrelUyVldGdzFjbGhTNktOenVMIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfeTBSamtRdkdqIiwiY29nbml0bzp1c2VybmFtZSI6IjkwYTMzYzdiMWJiNGJhYmFfcndfaWQiLCJhdWQiOiIxY3Y0aWRuYjhzb2M1ZWZtdHFxMHVqMDRkIiwiZXZlbnRfaWQiOiJhNDk4Y2ZkZS1jYTY0LTQyNDUtYjhhMC1jYjU0Njc2YmE4YjYiLCJ0b2tlbl91c2UiOiJpZCIsImN1c3RvbTpiZXRhX3ByZWZlcmVuY2VzIjoie1wiQUNDLTEyNzc5NDVcIjogW3tcImFwcGxpY2F0aW9uX2lkZW50aWZpZXJcIjogXCJ3Z2MtcGxhdGZvcm0tY29yZVwiLCBcImZlYXR1cmVfaWRlbnRpZmllclwiOiBcIm1mYS1vbi1hY2NvdW50c1wiLCBcImZlYXR1cmVfdmVyc2lvblwiOiBcIjEuMC4wXCJ9LCB7XCJhcHBsaWNhdGlvbl9pZGVudGlmaWVyXCI6IFwid2djLWF1dGhwb2ludFwiLCBcImZlYXR1cmVfaWRlbnRpZmllclwiOiBcImF1dGhwb2ludC11c2VyLWluaGVyaXRhbmNlXCIsIFwiZmVhdHVyZV92ZXJzaW9uXCI6IFwiMS4wLjBcIn0sIHtcImFwcGxpY2F0aW9uX2lkZW50aWZpZXJcIjogXCJEYXJrLVdlYi1Nb25pdG9yaW5nXCIsIFwiZmVhdHVyZV9pZGVudGlmaWVyXCI6IFwiXCIsIFwiZmVhdHVyZV92ZXJzaW9uXCI6IFwiXCJ9LCB7XCJhcHBsaWNhdGlvbl9pZGVudGlmaWVyXCI6IFwid2Vzcy1tb2R1bGVzXCIsIFwiZmVhdHVyZV9pZGVudGlmaWVyXCI6IFwiXCIsIFwiZmVhdHVyZV92ZXJzaW9uXCI6IFwiXCJ9LCB7XCJhcHBsaWNhdGlvbl9pZGVudGlmaWVyXCI6IFwiZG5zd2F0Y2gtYXBwbGljYXRpb25cIiwgXCJmZWF0dXJlX2lkZW50aWZpZXJcIjogXCJcIiwgXCJmZWF0dXJlX3ZlcnNpb25cIjogXCJcIn0sIHtcImFwcGxpY2F0aW9uX2lkZW50aWZpZXJcIjogXCJ3Z2MtYXV0aHBvaW50XCIsIFwiZmVhdHVyZV9pZGVudGlmaWVyXCI6IFwiYXV0aHBvaW50LWdlb2ZlbmNlLXBvbGljeVwiLCBcImZlYXR1cmVfdmVyc2lvblwiOiBcIjEuMC4wXCJ9LCB7XCJhcHBsaWNhdGlvbl9pZGVudGlmaWVyXCI6IFwiZmJ4LWNsb3VkLW1nbXQtMFwiLCBcImZlYXR1cmVfaWRlbnRpZmllclwiOiBcImNvbmYtZGlmZi1yZXBvcnRcIiwgXCJmZWF0dXJlX3ZlcnNpb25cIjogXCIxLjAuMFwifSwge1wiYXBwbGljYXRpb25faWRlbnRpZmllclwiOiBcImZieC1tZ210LXN5c3RlbS1hY3Rpb25zXCIsIFwiZmVhdHVyZV9pZGVudGlmaWVyXCI6IFwiZmJ4LWZ3LWJldGEtYnVpbGRzXCIsIFwiZmVhdHVyZV92ZXJzaW9uXCI6IFwiMS4wLjBcIn1dfSIsImF1dGhfdGltZSI6MTYyNDk3NTc2OCwibmFtZSI6IjkwYTMzYzdiMWJiNGJhYmFfcndfaWQiLCJjdXN0b206YWNjb3VudF9pZCI6IkFDQy0xMjc3OTQ1IiwiZXhwIjoxNjI0OTc5MzY4LCJjdXN0b206cm9sZSI6IjEiLCJpYXQiOjE2MjQ5NzU3Njh9.ofkgu5a2c-ViLJO1EkAT8-EcIkNWsLYqBOY9mIONEd5Lo3C27Mv3BpSxS1C35vrLN89Fo6YDb36DpZQVdZIZ5biOPAlDsY-wGx_kiDbNDOHvg4Sl9dZr_tZFs3yP3AikYH6oneNjnAaHL3OQCcEhQLUejhOsNf1NOPH2QQXovtfRxomygkZtngPZq4ATy_oDlXnzFA9ThXc7HjZ54aAJ9Z4p5-lJbHuwtpwpvLh6036_8Ba5yaD3r1ZuTghMRHprTVJNm2QrRDKd3jTfr7Sh87gAzRu80PHeZGsoiDQNssinxQxjVLI1Gq9vSPh03ZV01q9Pa5Xgg4WGkYHc2UKUuw' \
	-H 'Accept: application/json'
	-H 'Content-Type: application/json' 
	-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'

Example Response

{
    "data": [
        {
            "smartalert_id": "1757066400000||34401631-f6bb-4ad9-8b77-a75b3ce47edb||int_to_int_PRA",
            "site_id": 6562,
            "site_name": "WGC-1-c101b89102b34e8fb4d5",
            "name": "Probing or Reconnaissance Activity",
            "summary": "The following behaviors suggest that host 10.11.0.33 is conducting a network reconnaissance activity.",
            "major_actor_display_name": [
                "10.11.0.33"
            ],
            "starttime": 1757066400000,
            "endtime": 1757327400000,
            "confidence_level": 100,
            "aoc_state": "Closed",
            "INT_INT_VERTICAL_PORT_SCAN_NG_BLIP.DESCRIPTION_INT_INT_VERTICAL_PORT_SCAN_SUCCESS.count": 174,
            "INT_INT_VERTICAL_PORT_SCAN_NG_BLIP.DESCRIPTION_INT_INT_VERTICAL_PORT_SCAN_SUCCESS.percent": 0.9456521739130435,
            "INT_INT_VERTICAL_PORT_SCAN_NG_BLIP.DESCRIPTION_INT_INT_VERTICAL_PORT_SCAN_SUCCESS.ports": [
                80,
                22,
                25,
                123,
                44
            ],
            "INT_INT_VERTICAL_PORT_SCAN_NG_BLIP.MAJOR_ASSETS_SCANNED_NONE_HIGH.number_of_assets": 42,
            "INT_INT_VERTICAL_PORT_SCAN_NG_BLIP.UNIQUE_DES_IP_IN_SCAN.count": 42,
            "INT_INT_VERTICAL_PORT_SCAN_NG_BLIP.PRIMARY_ORGANIZATION_SCANNED.organization": "Untrusted Private",
            "INT_INT_VERTICAL_PORT_SCAN_NG_BLIP.BLACKLISTED_IPS_VISITED.blacklisted_ips": [
                "1.0.170.118"
            ],
            "INT_INT_VERTICAL_PORT_SCAN_NG_BLIP.NO_PERIODICITY_DAY.time_window": "90",
            "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.DESCRIPTION_INT_INT_HORIZONTAL_PORT_SCAN_NO_SUCCESS_FAILED_PERIODICITY_HOUR.dip_count": 42,
            "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.DESCRIPTION_INT_INT_HORIZONTAL_PORT_SCAN_NO_SUCCESS_FAILED_PERIODICITY_HOUR.subnet_ip_count": 42,
            "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.DESCRIPTION_INT_INT_HORIZONTAL_PORT_SCAN_NO_SUCCESS_FAILED_PERIODICITY_HOUR.subnet": "10.12.3.0/24",
            "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.DESCRIPTION_INT_INT_HORIZONTAL_PORT_SCAN_NO_SUCCESS_FAILED_PERIODICITY_HOUR.percent": 1.0,
            "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.DESCRIPTION_INT_INT_HORIZONTAL_PORT_SCAN_NO_SUCCESS_FAILED_PERIODICITY_HOUR.protocol_name": "TCP",
            "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.DESCRIPTION_INT_INT_HORIZONTAL_PORT_SCAN_NO_SUCCESS_FAILED_PERIODICITY_HOUR.port_number": 3389,
            "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.DESCRIPTION_INT_INT_HORIZONTAL_PORT_SCAN_NO_SUCCESS_FAILED_PERIODICITY_HOUR.periodicity": "9.0",
            "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.DESCRIPTION_INT_INT_HORIZONTAL_PORT_SCAN_NO_SUCCESS_FAILED_PERIODICITY_HOUR.port": 3389,
            "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.MAJOR_ASSETS_SCANNED_NONE_HIGH.number_of_assets": 42,
            "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.NUMBER_OF_SUBNETS_SCANNED.count": 1,
            "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.PRIMARY_ORGANIZATION_SCANNED.organization": "Untrusted Private",
            "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.BLACKLISTED_IPS_VISITED.blacklisted_ips": [
                "1.0.170.118"
            ],
            "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.PERIODICITY_DAY.periodicity": "9.0",
            "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.PERIODICITY_DAY.time_window": "30",
            "behaviorKeyFeatures": [
                "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.PERIODICITY_DAY",
                "INT_INT_VERTICAL_PORT_SCAN_NG_BLIP.UNIQUE_DES_IP_IN_SCAN",
                "INT_INT_VERTICAL_PORT_SCAN_NG_BLIP.MAJOR_ASSETS_SCANNED_NONE_HIGH",
                "INT_INT_VERTICAL_PORT_SCAN_NG_BLIP.BLACKLISTED_IPS_VISITED",
                "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.NUMBER_OF_SUBNETS_SCANNED",
                "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.PRIMARY_ORGANIZATION_SCANNED",
                "INT_INT_VERTICAL_PORT_SCAN_NG_BLIP.NO_PERIODICITY_DAY",
                "INT_INT_VERTICAL_PORT_SCAN_NG_BLIP.PRIMARY_ORGANIZATION_SCANNED",
                "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.MAJOR_ASSETS_SCANNED_NONE_HIGH",
                "INT_INT_HORIZONTAL_PORT_SCAN_NG_BLIP.BLACKLISTED_IPS_VISITED"
            ]
        }
    ]
}

Data returned in the response for Smart Alerts

Some responses might not include all data.

smartalert_id
string

ThreatSync+ NDR unique identifier for the Smart Alert.

Example: 1756794600000||...||int_to_int_PRA

name
string

Name of the Smart Alert.

Example: Probing or Reconnaissance Activity

site_id
integer

Unique numeric identifier for the site.

Example: 74

site_name
string

WatchGuard Cloud account ID.

Example: WGC-1-123abc456

summary
string

Summary of the Smart Alert.

major_actor_display_name
array

List of major actors.

Example: 10.0.1.2

starttime
integer

Start time of the alert in milliseconds since epoch.

Example: 1756794600000

endtime
integer

End time of the alert in milliseconds since epoch.

Example: 1756796400000

confidence_level
integer

Confidence level for the Smart Alert.

Example: 100

aoc_state
string

State of the Smart Alert.

Example: Closed

property1
string

Dynamic behavior summary details.

property2
string

Dynamic behavior summary details.

property3
string

Dynamic behavior summary details.

behaviorKeyFeatures
array

List of key features used by the Smart Alert.

Example: INT_INT_HORIZONTAL_PORT_SCAN_NG.MAJOR_ASSETS_SCANNED_NONE_HIGH

Close a Smart Alert

/v1/accounts/{accountId}/smartalert/{smartAlertId}/close

Make a request to this endpoint to close a Smart Alert and record the reason for closure.

Path Parameters

When you send a request to this endpoint, you must include these path parameters:

accountId
string
REQUIRED

Your WatchGuard Cloud account ID. You can see your accountId on the My Account page in WatchGuard Cloud.

Example: WGC-1-e9206aaf27d04d85a910

smartAlertId
string
REQUIRED

Specifies the Smart Alert ID.

Example: 1756794600000||f81dc9a0-5b46-4ceb-b030-7a3eb0fee8ca||int_to_int_PRA

Query Parameters

tenant_name
string
REQUIRED

Specifies the WatchGuard Cloud account ID of the managed account that has the Smart Alert.

Example: WGC-1-e9206aaf27d04d85a910

Request Body

includeSimilar
boolean

Indicates whether to also close similar Smart Alerts.

Example: true

reasonForClose
string

Specifies the reason for closing the Smart Alert. You can specify one of these values:

  • ABNORMAL_UNAUTHORIZED - ThreatSync+ NDR correctly identified abnormal activity and this activity is not authorized on your network. You do not recognize the activity as part of your authorized business activity.
  • ABNORMAL_AUTHORIZED - ThreatSync+ NDR correctly identified abnormal activity but you understand the source of the activity and know that it is authorized on the network. This might include activity such as authorized penetration tests or port scans.
  • NORMAL - This activity is expected on the network. When you close these Smart Alerts, you can specify that ThreatSync+ NDR must suppress future alerts.
  • OTHER - You do not know what the Smart Alert is. It might be a threat but you cannot determine the root cause.

Example: NORMAL

reasonForAuthorizedAbnormal
string

Specifies additional information about the reason for closing the Smart Alert. This parameter is required when reasonForClose is ABNORMAL_AUTHORIZED.

You can specify one of these values:

  • PENETRATION_TESTING - Specify when penetration testing generates a Smart Alert.
  • SCANNING_APPLICATION - Specify when port scans generate a Smart Alert.
  • AD_HOC_TESTING - Specify when ad hoc testing generates a Smart Alert.
  • OTHER - Specify another reason to close the Smart Alert.

Example: PENETRATION_TESTING

reasonForUnauthorizedAbnormal
string

Specifies additional information about the reason for closing the Smart Alert. This parameter is required when reasonForClose is ABNORMAL_UNAUTHORIZED.

You can specify one of these values:

  • KNOWN_THREAT
  • UNKNOWN_THREAT
  • MISCONFIG
  • OTHER

Example: KNOWN_THREAT

allowInFuture
string

Specifies whether to allow similar activity in the future. This parameter is required when reasonForClose is ABNORMAL_AUTHORIZED.

You can specify one of these values:

  • AUTHORIZED - Specify to allow similar activity only during the time periods and frequency observed.
  • AUTHORIZED_ONCE - Specify to allow similar activity only between the Actors included.

Example: AUTHORIZED

authorizedActivities
array

Specifies activities to allow in the future when allowInFuture is AUTHORIZED.

You can specify one of these values:

  • AUTHORIZED_TIMES_FREQUENCIES -
  • AUTHORIZED_ACTORS -

Example: AUTHORIZED_TIMES_FREQUENCIES

falsePositive
boolean

Indicates whether the Smart Alert was identified as a false positive.

Example: true

reasonForIncorrectInterpretation
array

Provides key features from the Smart Alert that helped determine this is not a threat when marking a false positive.

Example: INT_INT_HORIZONTAL_PORT_SCAN_NG.MAJOR_ASSETS_SCANNED_NONE_HIGH

otherReasonForClose
string

Specifies the reason to close the Smart Alert when reasonForClose is OTHER.

You can specify one of these values:

  • UI_NOT_INTERESTING
  • UI_NOT_CLEAR
  • UI_NOT_HELPFUL
  • OTHER

Example: UI_NOT_INTERESTING

additionalInformation
string

Additional information about the Smart Alert.

comment
string

Comments that provide information related to major actors, related ports, and other details.

Example Request

curl -X PUT 
	https://api.usa.cloud.watchguard.com/rest/threatsyncplus/smartalerts/v1/accounts/WGC-1-e9206aaf27d04d85a910/smartalert/1761633000000%7C%7C48f30a18-dabe-4976-a195-7b4c98e846ef%7C%7Cint_to_int_PRA/close?tenant_name=WGC-1-e9206aaf27d04d85a910
	-H 'Authorization: Bearer eyJraWQiOiJWamJQVlpnOU45SFRhdWJQZGVPU0d0WEdmbENTZnpRZ0E4NGdjTlRvN2ZjPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0OGU1MjczOS1hNDlkLTQ1YTctODE5OS1iOGQzNTljMjhlYTIiLCJjdXN0b206YXBpX2tleXMiOiJiOVJoUGl4aTlUbE5qZDNQNDE0dXdrelUyVldGdzFjbGhTNktOenVMIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLXdlc3QtMi5hbWF6b25hd3MuY29tXC91cy13ZXN0LTJfeTBSamtRdkdqIiwiY29nbml0bzp1c2VybmFtZSI6IjkwYTMzYzdiMWJiNGJhYmFfcndfaWQiLCJhdWQiOiIxY3Y0aWRuYjhzb2M1ZWZtdHFxMHVqMDRkIiwiZXZlbnRfaWQiOiJhNDk4Y2ZkZS1jYTY0LTQyNDUtYjhhMC1jYjU0Njc2YmE4YjYiLCJ0b2tlbl91c2UiOiJpZCIsImN1c3RvbTpiZXRhX3ByZWZlcmVuY2VzIjoie1wiQUNDLTEyNzc5NDVcIjogW3tcImFwcGxpY2F0aW9uX2lkZW50aWZpZXJcIjogXCJ3Z2MtcGxhdGZvcm0tY29yZVwiLCBcImZlYXR1cmVfaWRlbnRpZmllclwiOiBcIm1mYS1vbi1hY2NvdW50c1wiLCBcImZlYXR1cmVfdmVyc2lvblwiOiBcIjEuMC4wXCJ9LCB7XCJhcHBsaWNhdGlvbl9pZGVudGlmaWVyXCI6IFwid2djLWF1dGhwb2ludFwiLCBcImZlYXR1cmVfaWRlbnRpZmllclwiOiBcImF1dGhwb2ludC11c2VyLWluaGVyaXRhbmNlXCIsIFwiZmVhdHVyZV92ZXJzaW9uXCI6IFwiMS4wLjBcIn0sIHtcImFwcGxpY2F0aW9uX2lkZW50aWZpZXJcIjogXCJEYXJrLVdlYi1Nb25pdG9yaW5nXCIsIFwiZmVhdHVyZV9pZGVudGlmaWVyXCI6IFwiXCIsIFwiZmVhdHVyZV92ZXJzaW9uXCI6IFwiXCJ9LCB7XCJhcHBsaWNhdGlvbl9pZGVudGlmaWVyXCI6IFwid2Vzcy1tb2R1bGVzXCIsIFwiZmVhdHVyZV9pZGVudGlmaWVyXCI6IFwiXCIsIFwiZmVhdHVyZV92ZXJzaW9uXCI6IFwiXCJ9LCB7XCJhcHBsaWNhdGlvbl9pZGVudGlmaWVyXCI6IFwiZG5zd2F0Y2gtYXBwbGljYXRpb25cIiwgXCJmZWF0dXJlX2lkZW50aWZpZXJcIjogXCJcIiwgXCJmZWF0dXJlX3ZlcnNpb25cIjogXCJcIn0sIHtcImFwcGxpY2F0aW9uX2lkZW50aWZpZXJcIjogXCJ3Z2MtYXV0aHBvaW50XCIsIFwiZmVhdHVyZV9pZGVudGlmaWVyXCI6IFwiYXV0aHBvaW50LWdlb2ZlbmNlLXBvbGljeVwiLCBcImZlYXR1cmVfdmVyc2lvblwiOiBcIjEuMC4wXCJ9LCB7XCJhcHBsaWNhdGlvbl9pZGVudGlmaWVyXCI6IFwiZmJ4LWNsb3VkLW1nbXQtMFwiLCBcImZlYXR1cmVfaWRlbnRpZmllclwiOiBcImNvbmYtZGlmZi1yZXBvcnRcIiwgXCJmZWF0dXJlX3ZlcnNpb25cIjogXCIxLjAuMFwifSwge1wiYXBwbGljYXRpb25faWRlbnRpZmllclwiOiBcImZieC1tZ210LXN5c3RlbS1hY3Rpb25zXCIsIFwiZmVhdHVyZV9pZGVudGlmaWVyXCI6IFwiZmJ4LWZ3LWJldGEtYnVpbGRzXCIsIFwiZmVhdHVyZV92ZXJzaW9uXCI6IFwiMS4wLjBcIn1dfSIsImF1dGhfdGltZSI6MTYyNDk3NTc2OCwibmFtZSI6IjkwYTMzYzdiMWJiNGJhYmFfcndfaWQiLCJjdXN0b206YWNjb3VudF9pZCI6IkFDQy0xMjc3OTQ1IiwiZXhwIjoxNjI0OTc5MzY4LCJjdXN0b206cm9sZSI6IjEiLCJpYXQiOjE2MjQ5NzU3Njh9.ofkgu5a2c-ViLJO1EkAT8-EcIkNWsLYqBOY9mIONEd5Lo3C27Mv3BpSxS1C35vrLN89Fo6YDb36DpZQVdZIZ5biOPAlDsY-wGx_kiDbNDOHvg4Sl9dZr_tZFs3yP3AikYH6oneNjnAaHL3OQCcEhQLUejhOsNf1NOPH2QQXovtfRxomygkZtngPZq4ATy_oDlXnzFA9ThXc7HjZ54aAJ9Z4p5-lJbHuwtpwpvLh6036_8Ba5yaD3r1ZuTghMRHprTVJNm2QrRDKd3jTfr7Sh87gAzRu80PHeZGsoiDQNssinxQxjVLI1Gq9vSPh03ZV01q9Pa5Xgg4WGkYHc2UKUuw' \
	-H 'Accept: application/json'
	-H 'Content-Type: application/json' 
	-H 'WatchGuard-API-Key: s9t7El6RZFg8UcmRhYKdwXqBhyuioiWER83Nqd0tL'
	-d '{
		"includeSimilar": true,
		"reasonForClose": "ABNORMAL_AUTHORIZED",
		"reasonForAuthorizedAbnormal": "PENETRATION_TESTING",
		"allowInFuture": "AUTHORIZED",
		"authorizedActivities": ["AUTHORIZED_TIMES_FREQUENCIES"],
		"comment": "Test comment"
	}'

Example Response

If the Smart Alert successfully closes, the API returns a 200 Success status code.