> ## Documentation Index > Fetch the complete documentation index at: https://docs.contraforce.com/llms.txt > Use this file to discover all available pages before exploring further. # Update incident status ## OpenAPI ````yaml /api-reference/openapi.json put /api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}/status openapi: 3.1.1 info: title: ContraForce API description: ContraForce platform API for security operations management. version: '2.0' servers: [] security: [] tags: - name: Incidents - name: Gamebooks - name: Data sources - name: Service tickets - name: Investigation - name: agent-tools - name: Cross-workspace incidents - name: Cross-workspace gamebooks - name: Cross-workspace data sources - name: Webhooks - name: Service accounts - name: Users - name: Azure resources paths: /api/v2/workspaces/{workspaceId}/incidents/{source}/{incidentId}/status: put: tags: - Incidents summary: Update incident status operationId: v2-update-incident-status parameters: - name: workspaceId in: path required: true schema: type: string format: uuid - name: source in: path required: true schema: $ref: '#/components/schemas/IncidentSource' - name: incidentId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateIncidentStatusRequest' responses: '204': description: No Content '400': description: Bad request — validation or parameter binding failed. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '401': description: Unauthorized — missing or invalid Bearer token. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '403': description: Forbidden — insufficient scope or workspace access. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '404': description: Not found — workspace or resource is missing. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' '500': description: Internal server error. content: application/problem+json: schema: $ref: '#/components/schemas/ApiProblemDetails' components: schemas: IncidentSource: enum: - Sentinel - DefenderXDR - QRadar - Splunk - CrowdStrike - SentinelOne UpdateIncidentStatusRequest: required: - status type: object properties: status: $ref: '#/components/schemas/Status' description: New status to apply to the incident. comment: type: - 'null' - string description: >- Optional comment recorded alongside the status change. Recommended when transitioning to Status.Closed. classification: oneOf: - type: 'null' - $ref: '#/components/schemas/Classification' description: >- Required by Sentinel when closing an incident; ignored by sources that do not surface classifications. classificationReason: oneOf: - type: 'null' - $ref: '#/components/schemas/ClassificationReason' description: >- Required by Sentinel when closing an incident; ignored by sources that do not surface classification reasons. updateTicket: type: boolean description: |- When `true`, also closes the linked service ticket identified by string UpdateIncidentStatusRequest.TicketId. ticketId: type: - 'null' - string description: >- Linked service ticket id; required when bool UpdateIncidentStatusRequest.UpdateTicket is `true`. description: v2 request body for updating an incident's status. ApiProblemDetails: type: object properties: type: type: - 'null' - string title: type: - 'null' - string status: pattern: ^-?(?:0|[1-9]\d*)$ type: - 'null' - integer - string format: int32 detail: type: - 'null' - string instance: type: - 'null' - string code: type: - 'null' - string requestId: type: - 'null' - string timestamp: type: - 'null' - string target: type: - 'null' - string errors: type: - 'null' - object additionalProperties: type: array items: type: string description: >- API extension of ProblemDetails that surfaces the stable error code, trace identifier, timestamp, optional target, and optional field-keyed validation error map alongside the RFC 7807 members. Status: enum: - Active - New - Closed Classification: enum: - BenignPositive - FalsePositive - TruePositive - Undetermined - InformationalExpectedActivity - Unknown - NonIssue - PolicyViolation - QradarFalsePositive - Undefined - Suspicious - null ClassificationReason: enum: - InaccurateData - IncorrectAlertLogic - SuspiciousActivity - SuspiciousButExpected - Unknown - Apt - Malware - SecurityPersonnel - SecurityTesting - UnwantedSoftware - Other - MultistagedAttack - CompromisedUser - Phishing - MaliciousUserActivity - NotMalicious - NoEnoughDataToValidate - ConfirmedUserActivity - LineOfBusinessApplication - null ````