> ## Documentation Index
> Fetch the complete documentation index at: https://gcore.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Manage insight status

export const MethodSection = ({children}) => children ?? null;

export const MethodSwitch = ({children}) => {
  const tabs = React.Children.toArray(children).map(c => {
    if (!c || !c.props) return null;
    if (c.props.id) return c;
    const inner = c.props.children;
    if (inner && inner.props && inner.props.id) return inner;
    return null;
  }).filter(Boolean);
  const firstId = tabs.length > 0 ? tabs[0].props.id : "";
  const [active, setActive] = React.useState(firstId);
  React.useEffect(() => {
    try {
      const saved = localStorage.getItem("gcore_docs_method");
      if (saved && tabs.find(t => t.props.id === saved)) {
        setActive(saved);
      }
    } catch (_) {}
  }, []);
  React.useEffect(() => {
    try {
      document.querySelectorAll("h2[id], h3[id]").forEach(heading => {
        const visible = heading.offsetParent !== null;
        document.querySelectorAll(`a[href="#${heading.id}"]`).forEach(link => {
          if (link.closest("h1,h2,h3,h4,h5,h6")) return;
          const li = link.closest("li");
          if (li) li.style.display = visible ? "" : "none";
        });
      });
    } catch (_) {}
    window.dispatchEvent(new Event("scroll"));
  }, [active]);
  const handleClick = id => {
    setActive(id);
    try {
      localStorage.setItem("gcore_docs_method", id);
    } catch (_) {}
  };
  return <div>
      <div className="not-prose flex gap-0 border-b border-zinc-200 dark:border-zinc-800 mb-8 mt-2" role="tablist">
        {tabs.map(tab => {
    const isActive = active === tab.props.id;
    return <button key={tab.props.id} role="tab" aria-selected={isActive} onClick={() => handleClick(tab.props.id)} className={["px-4 py-2 text-sm font-medium border-b-2 -mb-px transition-colors cursor-pointer", isActive ? "border-primary text-primary" : "border-transparent text-zinc-500 hover:text-zinc-800 dark:hover:text-zinc-200"].join(" ")}>
              {tab.props.label}
            </button>;
  })}
      </div>

      {tabs.map(tab => <div key={tab.props.id} style={{
    display: active === tab.props.id ? "" : "none"
  }}>
          {tab.props.children}
        </div>)}
    </div>;
};

<MethodSwitch>
  <MethodSection id="portal" label="Customer Portal">
    <p>When an insight is selected, its status can be changed using the **Mark as read**, **Silence**, and **Close** buttons.</p>

    <Frame>
      <img src="https://mintcdn.com/gcore/Mj45GxzndDrMNb3G/images/docs/waap/threat-intelligence/security-insights/manage-insights/security-insights-manage.png?fit=max&auto=format&n=Mj45GxzndDrMNb3G&q=85&s=84621afb725afd51fa138fb2f80d44b5" alt="Manage security insights" width="1398" height="608" data-path="images/docs/waap/threat-intelligence/security-insights/manage-insights/security-insights-manage.png" />
    </Frame>

    ## Mark insights as read

    <p>Insights are not automatically marked as read when viewed. To mark an insight as read, click **Mark as read**. To keep an insight as a reminder for later action or review, leave it unread.</p>

    ## Silence insights

    <p>An insight can be silenced if it has been viewed, but no action is taken, or it is not closed. Silencing an insight means pausing all notifications for a specific period (e.g., a week, month, custom period, or indefinitely).</p>

    <p>The available silence options depend on the [insight types](/waap/threat-intelligence/security-insights/view-insights#insight-types). You can silence insights at different levels:</p>

    * For a specific entity (for example, a particular IP address or policy).
    * For a specific entity and rule combination (for example, an IP address or policy with a specific rule).
    * For all insights of the same type.

    <Tip>
      **Tip**

      To stop silencing an insight, see the [Manage Silence Rules](/waap/threat-intelligence/security-insights/manage-silence-rules) guide.
    </Tip>

    ## Close insights

    <p>After reviewing an insight, it can be removed from the list by clicking the **Close** button.</p>

    <Info>
      **Info**

      Closed insights are automatically deleted after 30 days unless reopened.
    </Info>

    ## Reopen insights

    <p>To reopen a closed insight for further investigation, reassessment, or verification of mitigation effectiveness, in the **Status** dropdown, select **Closed**.</p>

    <Frame>
      <img src="https://mintcdn.com/gcore/Mj45GxzndDrMNb3G/images/docs/waap/threat-intelligence/security-insights/manage-insights/security-insights-status-closed.png?fit=max&auto=format&n=Mj45GxzndDrMNb3G&q=85&s=09ea24131f791e335e72d98a573bf400" alt="Filter the insights with the Status dropdown" width="1019" height="395" data-path="images/docs/waap/threat-intelligence/security-insights/manage-insights/security-insights-status-closed.png" />
    </Frame>

    <p>Select the insight to reopen, and click the **Reopen** button.</p>

    <Frame>
      <img src="https://mintcdn.com/gcore/Mj45GxzndDrMNb3G/images/docs/waap/threat-intelligence/security-insights/manage-insights/security-insights-reopen.png?fit=max&auto=format&n=Mj45GxzndDrMNb3G&q=85&s=86ae6c8a9c6b608c3ce29b85c75f31d8" alt="Select Reopen" width="1383" height="676" data-path="images/docs/waap/threat-intelligence/security-insights/manage-insights/security-insights-reopen.png" />
    </Frame>

    <p>The insight will reappear in the list on the **Security Insights** view.</p>
  </MethodSection>

  <MethodSection id="api" label="REST API">
    <p>The [Security Insights](/api-reference/waap#security-insights) endpoints cover updating insight status and creating silence rules to suppress notifications. Response examples include only the fields used in each step.</p>

    <p>Set the following environment variables before running any examples:</p>

    ```bash theme={null}
    export GCORE_API_KEY="your_api_key"
    export WAAP_DOMAIN_ID=your_domain_id
    ```

    <p>To retrieve available insight IDs, use <code>GET /waap/v1/domains/{domain_id}/insights</code>.</p>

    ## Update insight status

    <p>Changes the status of an insight. Use `ACKED` to mark as read, `CLOSED` to close it, and `OPEN` to reopen a closed insight. The call returns the updated insight object.</p>

    <Tabs>
      <Tab title="Python SDK">
        ```python theme={null}
        import os
        import gcore

        client = gcore.Gcore(api_key=os.environ["GCORE_API_KEY"])
        domain_id = int(os.environ["WAAP_DOMAIN_ID"])

        insight_id = "a1b2c3d4-0000-0000-0000-111122223333"

        # Mark as read
        insight = client.waap.domains.insights.replace(
            insight_id,
            domain_id=domain_id,
            status="ACKED",
        )
        print(f"Status: {insight.status}")

        # Close
        client.waap.domains.insights.replace(insight_id, domain_id=domain_id, status="CLOSED")

        # Reopen
        client.waap.domains.insights.replace(insight_id, domain_id=domain_id, status="OPEN")
        ```
      </Tab>

      <Tab title="Go SDK">
        ```go theme={null}
        package main

        import (
            "context"
            "fmt"
            "os"
            "strconv"

            "github.com/G-Core/gcore-go"
            "github.com/G-Core/gcore-go/option"
            "github.com/G-Core/gcore-go/waap"
        )

        func main() {
            domainID, _ := strconv.ParseInt(os.Getenv("WAAP_DOMAIN_ID"), 10, 64)
            client := gcore.NewClient(option.WithAPIKey(os.Getenv("GCORE_API_KEY")))

            insightID := "a1b2c3d4-0000-0000-0000-111122223333"

            // Mark as read
            insight, err := client.Waap.Domains.Insights.Replace(
                context.Background(),
                insightID,
                waap.DomainInsightReplaceParams{
                    DomainID: domainID,
                    Status:   waap.DomainInsightReplaceParamsStatusAcked,
                },
            )
            if err != nil {
                panic(err)
            }
            fmt.Printf("Status: %s\n", insight.Status)

            // Close
            client.Waap.Domains.Insights.Replace(context.Background(), insightID,
                waap.DomainInsightReplaceParams{DomainID: domainID, Status: waap.DomainInsightReplaceParamsStatusClosed})

            // Reopen
            client.Waap.Domains.Insights.Replace(context.Background(), insightID,
                waap.DomainInsightReplaceParams{DomainID: domainID, Status: waap.DomainInsightReplaceParamsStatusOpen})
        }
        ```
      </Tab>

      <Tab title="curl">
        ```bash theme={null}
        INSIGHT_ID="a1b2c3d4-0000-0000-0000-111122223333"

        # Mark as read
        curl -X PUT "https://api.gcore.com/waap/v1/domains/${WAAP_DOMAIN_ID}/insights/${INSIGHT_ID}" \
             -H "Authorization: APIKey ${GCORE_API_KEY}" \
             -H "Content-Type: application/json" \
             -d '{"status": "ACKED"}'
        ```

        Response (`200 OK`):

        ```json theme={null}
        {
          "id": "a1b2c3d4-0000-0000-0000-111122223333",
          "insight_type": "allowed-high-risk-ip",
          "status": "ACKED",
          "labels": {"ip": "198.51.100.42", "rule_id": "12345", "rule_name": "block-internal"}
          // ...
        }
        ```

        <p>Replace `ACKED` with `CLOSED` to close the insight, or `OPEN` to reopen a closed one.</p>
      </Tab>
    </Tabs>

    ## Silence an insight

    <p>Creates a silence rule that suppresses notifications for a specific insight type. Use `labels` to target a specific entity — an IP address for `allowed-high-risk-ip`, or a policy ID for `attack-on-disabled-policy`. An empty `labels` object silences all insights of that type.</p>

    <p>Set `expire_at` to an ISO 8601 timestamp for a time-limited silence, or `null` for indefinite. To manage existing silences, see [Manage silence rules](/waap/threat-intelligence/security-insights/manage-silence-rules).</p>

    <Tabs>
      <Tab title="Python SDK">
        ```python theme={null}
        import os
        import gcore

        client = gcore.Gcore(api_key=os.environ["GCORE_API_KEY"])
        domain_id = int(os.environ["WAAP_DOMAIN_ID"])

        # Silence alerts for a specific high-risk IP for 30 days
        silence = client.waap.domains.insight_silences.create(
            domain_id,
            insight_type="allowed-high-risk-ip",
            author="security-team",
            comment="Trusted internal scanner — suppress for 30 days",
            labels={"ip": "198.51.100.42"},
            expire_at="2026-07-25T00:00:00Z",
        )
        print(f"Created: {silence.id}  expires: {silence.expire_at}")
        ```
      </Tab>

      <Tab title="Go SDK">
        ```go theme={null}
        package main

        import (
            "context"
            "fmt"
            "os"
            "strconv"
            "time"

            "github.com/G-Core/gcore-go"
            "github.com/G-Core/gcore-go/option"
            "github.com/G-Core/gcore-go/waap"
        )

        func main() {
            domainID, _ := strconv.ParseInt(os.Getenv("WAAP_DOMAIN_ID"), 10, 64)
            client := gcore.NewClient(option.WithAPIKey(os.Getenv("GCORE_API_KEY")))

            expiry := time.Now().AddDate(0, 0, 30)

            // Silence alerts for a specific high-risk IP for 30 days
            silence, err := client.Waap.Domains.InsightSilences.New(
                context.Background(),
                domainID,
                waap.DomainInsightSilenceNewParams{
                    InsightType: "allowed-high-risk-ip",
                    Author:      "security-team",
                    Comment:     "Trusted internal scanner — suppress for 30 days",
                    Labels:      map[string]string{"ip": "198.51.100.42"},
                    ExpireAt:    gcore.Time(expiry),
                },
            )
            if err != nil {
                panic(err)
            }
            fmt.Printf("Created: %s  expires: %s\n", silence.ID, silence.ExpireAt)
        }
        ```
      </Tab>

      <Tab title="curl">
        ```bash theme={null}
        curl -X POST "https://api.gcore.com/waap/v1/domains/${WAAP_DOMAIN_ID}/insight-silences" \
             -H "Authorization: APIKey ${GCORE_API_KEY}" \
             -H "Content-Type: application/json" \
             -d '{
               "insight_type": "allowed-high-risk-ip",
               "author": "security-team",
               "comment": "Trusted internal scanner — suppress for 30 days",
               "labels": {"ip": "198.51.100.42"},
               "expire_at": "2026-07-25T00:00:00Z"
             }'
        ```

        Response (`201 Created`):

        ```json theme={null}
        {
          "id": "fb319cd9-2291-47db-8695-c6637811a059",
          "insight_type": "allowed-high-risk-ip",
          "labels": {"ip": "198.51.100.42"},
          "expire_at": "2026-07-25T00:00:00Z"
          // ...
        }
        ```
      </Tab>
    </Tabs>
  </MethodSection>
</MethodSwitch>
