Resolve alerts
via API
To resolve an alert, update the activity result’s status by calling the Update Activity Results endpoint. For more details around classification (applyingtagIds), see Classifying activities and alerts.
X-Frankie-Username is optional. If provided, it identifies the actor in the audit log.
Request body
Request body
The IDs of the process results (alerts) to update. A process result is created when an activity is flagged for review. Supply one or more UUIDs; the
manualStatus is applied to each.The manual outcome to record for the alert. Must be one of:
FALSE_POSITIVE— the result was reviewed and determined to be genuine or low-risk; the activity is within the risk profile to continue.TRUE_POSITIVE_ACCEPT— the result was determined to be a true positive, and the activity is within the risk profile to continue (for example, the transaction is approved with an override).TRUE_POSITIVE_REJECT— the result was determined to be a true positive, and the activity is not within the risk profile to continue (for example, the transaction is blocked).IN_REVIEW— the alert has been picked up and is being actively investigated. “Needs attention” is the unresolved default state of an alert. It corresponds to no manual status being set and is not a value you send through this field.
Optional tags to apply to the alert and its associated activity. Each tag must exist and be accessible to your account (a FrankieOne
SYSTEM tag or a CUSTOMER tag your account owns). Duplicate IDs are removed automatically. A request must not mix FALSE_POSITIVE- or IN_REVIEW-category tags with tags of any other category — the intent cannot be reconciled and the request is rejected with 400See Tags and Reasons reference for the full list of available tags.An optional comment recorded in the audit log alongside the status change. Because comments are tied to the manual status action, they form part of the compliance audit trail.
via Portal
See Features for more detailsRe-evaluate the results
Once all alerts have been resolved, you must re-run the workflow for the entity.- To update the
status: The overallworkflowResult.statuswill only be changed by the system fromREVIEWtoPASSorCLEARafter the workflow is executed again and the steps included in the monitoring workflow confirms that no unresolved hits remain. - To clear
issues: The re-execution will cause the steps to re-evaluate the issues. If all PROs that previously caused anACTIVITYissue are now classified asFALSE_POSITIVE, the issue will be cleared from the workflow result.
via API
To trigger a re-evaluation via API, you will execute the workflow again. Refer to the Execute a workflow for the given service profile documentation.via Portal
The Portal will automatically re-run the workflow for you once all alerts associated with an activity have been resolved (i.e. no alerts with “Needs attention” and “In review” status remain).Detecting manual overrides
It’s crucial to know if a workflow’s result was changed by a person. When an operator manually changes the status (for example, fromFAIL to PASS), the following fields are populated:
statusOverrideRequestId: The unique ID of the override request.statusOverrideBy: The user who performed the override.statusOverrideAt: The timestamp of the override.
statusOverrideRequestId exists and is not empty.
(Optional) Retrieve all activities
Fetch historical information about the transactions to help get context of the user behavior and investigate.Get Activities request
Get Activities request
Related pages
- Classifying activities and alerts — set alert statuses and classify activities via API.
- Interpret activity results — read the workflow result and identify the alerts to resolve.