Update alert using index API

In order to retrieve all alerts that appear on kibana I used the "GET /.internal.alerts-security.alerts-*/_search" API.

I know there is an API for updating indexes and was wondering if I can use it to update an alert in kibana without any risks.

For example if I run the "update_by_query" API to update the status field of an alert from open to closed, will it appear in kibana as closed with no risk of corrupting the alerts index?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.