# reportAlertAsFalsePositive
Report an alert as a false positive and optionally create an exclusion.
### Examples
{% tabs %}
{% tab title="GraphQL" %}
```graphql
mutation ReportAlertAsFalsePositive($input: ReportFalsePositiveInput!) {
reportAlertAsFalsePositive(input: $input) {
exclusionInfo {
exclusions {
exclusionType
exclusionId
modifiedIssues
modifiedBy
createdAt
exclusionAppliedOn
exclusionTypeLabel
exclusionMatch {
key
value
}
appName
policyName
appId
policyId
policyCategory
appType
comment
exclusionScope
oxIssueId
issueName
exclusionMode
expiredAt
isActive
inDayExpired
inWeekExpired
status
fp
falsePositiveDetails {
comment
reportedBy
reportedAt
}
exclusionSubType
}
totalExclusions
totalFilteredExclusions
}
aggregationsStatus
}
}
```
**Variables**
This is an example input showing all available input fields. Only fields marked as required in the schema are mandatory.
```json
{
"input": {
"reportedAlertInput": {
"oxIssueId": "example",
"rule": {
"oxRuleId": "issue",
"aggIds": [],
"cvesAndLibs": []
},
"comment": "some comment",
"exclusionMode": "fullScan",
"expiredAt": "example"
},
"isExclude": true
}
}
```
{% endtab %}
{% tab title="cURL" %}
```shell
curl -X POST \
https://api.cloud.ox.security/api/apollo-gateway \
-H 'Content-Type: application/json' \
-H 'Authorization: YOUR_API_TOKEN' \
-d '{
"query": "mutation ReportAlertAsFalsePositive($input: ReportFalsePositiveInput!) { reportAlertAsFalsePositive(input: $input) { exclusionInfo { exclusions { exclusionType exclusionId modifiedIssues modifiedBy createdAt exclusionAppliedOn exclusionTypeLabel exclusionMatch { key value } appName policyName appId policyId policyCategory appType comment exclusionScope oxIssueId issueName exclusionMode expiredAt isActive inDayExpired inWeekExpired status fp falsePositiveDetails { comment reportedBy reportedAt } exclusionSubType } totalExclusions totalFilteredExclusions } aggregationsStatus } }",
"variables": {
"input": {
"reportedAlertInput": {
"oxIssueId": "example",
"rule": {
"oxRuleId": "issue",
"aggIds": [],
"cvesAndLibs": []
},
"comment": "some comment",
"exclusionMode": "fullScan",
"expiredAt": "example"
},
"isExclude": true
}
}
}'
```
{% endtab %}
{% tab title="Node.js" %}
```javascript
const query = 'mutation ReportAlertAsFalsePositive($input: ReportFalsePositiveInput!) { reportAlertAsFalsePositive(input: $input) { exclusionInfo { exclusions { exclusionType exclusionId modifiedIssues modifiedBy createdAt exclusionAppliedOn exclusionTypeLabel exclusionMatch { key value } appName policyName appId policyId policyCategory appType comment exclusionScope oxIssueId issueName exclusionMode expiredAt isActive inDayExpired inWeekExpired status fp falsePositiveDetails { comment reportedBy reportedAt } exclusionSubType } totalExclusions totalFilteredExclusions } aggregationsStatus } }';
fetch("https://api.cloud.ox.security/api/apollo-gateway", {
method: "POST",
headers: {
"Content-Type": "application/json",
"Authorization": "YOUR_API_TOKEN"
},
body: JSON.stringify({
query: query,
// This is an example input showing all available input fields. Only fields marked as required in the schema are mandatory.
variables: {
input: {
reportedAlertInput: {
oxIssueId: "example",
rule: {
oxRuleId: "issue",
aggIds: [],
cvesAndLibs: []
},
comment: "some comment",
exclusionMode: "fullScan",
expiredAt: "example"
},
isExclude: true
}
}
})
})
.then(response => response.json())
.then(result => console.log(JSON.stringify(result, null, 2)))
.catch(error => console.error('Error:', error));
```
{% endtab %}
{% tab title="Python" %}
```python
import requests
query = 'mutation ReportAlertAsFalsePositive($input: ReportFalsePositiveInput!) { reportAlertAsFalsePositive(input: $input) { exclusionInfo { exclusions { exclusionType exclusionId modifiedIssues modifiedBy createdAt exclusionAppliedOn exclusionTypeLabel exclusionMatch { key value } appName policyName appId policyId policyCategory appType comment exclusionScope oxIssueId issueName exclusionMode expiredAt isActive inDayExpired inWeekExpired status fp falsePositiveDetails { comment reportedBy reportedAt } exclusionSubType } totalExclusions totalFilteredExclusions } aggregationsStatus } }'
response = requests.post(
"https://api.cloud.ox.security/api/apollo-gateway",
headers={
"Content-Type": "application/json",
"Authorization": "YOUR_API_TOKEN"
},
json={
"query": query,
# This is an example input showing all available input fields. Only fields marked as required in the schema are mandatory.
"variables": {
"input": {
"reportedAlertInput": {
"oxIssueId": "example",
"rule": {
"oxRuleId": "issue",
"aggIds": [],
"cvesAndLibs": []
},
"comment": "some comment",
"exclusionMode": "fullScan",
"expiredAt": "example"
},
"isExclude": true
}
}
}
)
if response.status_code == 200:
result = response.json()
print(result)
else:
print(f"Error: {response.status_code}")
print(response.text)
```
{% endtab %}
{% endtabs %}
### Arguments
You can use the following argument(s) to customize your `reportAlertAsFalsePositive` mutation.
| Argument | Description | Supported fields |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
| input [`ReportFalsePositiveInput!`](/api-documentation/api-reference/api--exclusions/types/inputs/report-false-positive-input.md) required | Details of the false positive report and optional exclusion | reportedAlertInput ExcludeAlertInput!
isExclude Boolean!
|
### Fields
Return type: [`ReportFalsePositiveAlertRes`](/api-documentation/api-reference/api--exclusions/types/objects/report-false-positive-alert-res.md)
You can use the following field(s) to specify what information your `reportAlertAsFalsePositive` mutation will return. Please note that some fields may have their own subfields.
| Field | Description | Supported fields |
| ------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| exclusionInfo [`GetExclusionsRes`](/api-documentation/api-reference/api--exclusions/types/objects/get-exclusions-res.md) | Information about the created exclusion if one was created | exclusions \[Exclusion!]!
totalExclusions Float
totalFilteredExclusions Float
|
| aggregationsStatus `String` | Status of aggregations for display in UI based on enum AggregationsStatus | |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.ox.security/api-documentation/api-reference/api--exclusions/mutations/report-alert-as-false-positive.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.