Resolves an open behavioral anomaly. The resolution records the investigator’s determination — whether the anomaly was a false positive, was mitigated, represents an accepted risk, or resulted in the agent being revoked. Resolution events are immutable once recorded. If an anomaly’s resolution needs to be revisited, a new anomaly should be created referencing the original.Documentation Index
Fetch the complete documentation index at: https://docs.truthlocks.com/llms.txt
Use this file to discover all available pages before exploring further.
Resolution Types
| Resolution | Description | Effect |
|---|---|---|
false_positive | Anomaly was not a genuine threat | Auto-response reversed (agent restored) |
mitigated | Anomaly was genuine and has been addressed | Auto-response remains; agent may be restored manually |
accepted_risk | Anomaly is genuine but accepted per policy | Auto-response reversed; risk documented |
agent_revoked | Anomaly led to permanent agent revocation | Agent remains revoked |
Authentication
API key with
anomalies:resolve scope. Alternatively, pass a Bearer JWT token
in the Authorization header.Tenant identifier for multi-tenant isolation.
Path Parameters
Anomaly identifier (
maip-anom:ULID). Must be in open status.Request
Resolution determination. Must be one of:
false_positive, mitigated,
accepted_risk, agent_revoked.Investigator notes explaining the resolution decision. Stored in the audit
trail.
Response
Anomaly identifier.
The agent associated with the anomaly.
Type of anomaly.
Severity level.
Updated status:
resolved.Resolution determination.
Investigator notes.
ISO 8601 timestamp of resolution.
Operator or API key identifier that resolved the anomaly.
ISO 8601 timestamp of original anomaly creation.