Skip to main content

Alert Review

This guide demonstrates how to triage and resolve AML alerts through the API. You will list open alerts by priority, inspect a specific alert, trigger AI-powered research, review the AI assessment, and resolve the alert.

Prerequisites

1

List open alerts by priority

Retrieve all open alerts sorted by priority score (highest first). This mirrors the analyst inbox view.
curl -X GET "https://api.zenoo.com/v1/alerts?status=Open&sort=-priority_score&limit=25" \
  -H "Authorization: Bearer your-api-key"
Response:
{
  "data": [
    {
      "token": "alt_001",
      "type": "Screening",
      "category": "Sanctions Hit",
      "title": "Sanctions Hit: Global Corp LLC",
      "status": "Open",
      "priority": "Critical",
      "priority_score": 95,
      "match_score": 88,
      "sla_status": "On Track",
      "sla_due_date": "2026-02-17T10:00:00Z",
      "case_token": "cas_abc123",
      "entity_name": "Global Corp LLC"
    },
    {
      "token": "alt_002",
      "type": "Screening",
      "category": "PEP Match",
      "title": "PEP Match: Maria Garcia",
      "status": "Open",
      "priority": "High",
      "priority_score": 78,
      "match_score": 72,
      "sla_status": "On Track",
      "sla_due_date": "2026-02-18T10:00:00Z",
      "case_token": "cas_def456",
      "entity_name": "Maria Garcia"
    }
  ],
  "meta": {
    "total": 2,
    "page": { "cursor": null, "has_more": false }
  }
}
Use the sort parameter with a - prefix for descending order. Common sort fields: priority_score, created_at, sla_due_date.

Filtering options

ParameterTypeDescription
statusstringFilter by status: Open, Acknowledged, Resolved, False Positive, Escalated
categorystringFilter by category: PEP Match, Sanctions Hit, Adverse Media, etc.
typestringFilter by type: Screening, Identity, Company, Document, Financial
prioritystringFilter by priority: Critical, High, Medium, Low
case_tokenstringFilter alerts belonging to a specific case
sortstringSort field with optional - prefix for descending
limitnumberResults per page (default 25, max 100)
cursorstringPagination cursor from previous response
2

Get alert details

Retrieve the full details of the highest-priority alert, including screening match data and AI fields.
curl -X GET "https://api.zenoo.com/v1/alerts/alt_001" \
  -H "Authorization: Bearer your-api-key"
Response:
{
  "token": "alt_001",
  "type": "Screening",
  "category": "Sanctions Hit",
  "title": "Sanctions Hit: Global Corp LLC",
  "description": "WorldCheck screening returned a potential sanctions match against OFAC SDN list for entity 'Global Corp LLC'.",
  "status": "Open",
  "priority": "Critical",
  "priority_score": 95,
  "match_score": 88,
  "risk_tier": "High",
  "sla_status": "On Track",
  "sla_due_date": "2026-02-17T10:00:00Z",
  "case_token": "cas_abc123",
  "entity_name": "Global Corp LLC",
  "source_data": {
    "provider": "WorldCheck",
    "list_name": "OFAC SDN",
    "matched_name": "Global Corporation LLC",
    "match_type": "Exact"
  },
  "ai_research": null,
  "created_at": "2026-02-16T09:00:00Z"
}
3

Trigger AI research

Request AI-powered analysis of the alert. The AI reviews the screening match against public sources to assess whether it is a true positive or false positive.
curl -X POST "https://api.zenoo.com/v1/alerts/alt_001/ai-research" \
  -H "Authorization: Bearer your-api-key"
Response:
{
  "status": "processing",
  "message": "AI research initiated. Results will be available shortly.",
  "estimated_seconds": 15
}
AI research runs asynchronously. Typical completion time is 10-30 seconds. You will receive a alert.ai_research_completed webhook event when results are ready, or you can poll the endpoint below.
4

Get AI research results

Retrieve the AI assessment once processing completes.
curl -X GET "https://api.zenoo.com/v1/alerts/alt_001/ai-research" \
  -H "Authorization: Bearer your-api-key"
Response:
{
  "status": "completed",
  "assessment": "The matched entity 'Global Corporation LLC' on the OFAC SDN list is a different legal entity registered in Iran. The subject entity 'Global Corp LLC' is incorporated in Delaware, USA with no apparent connection to the sanctioned entity beyond name similarity.",
  "confidence": 85,
  "false_positive_probability": 82,
  "recommended_action": "Approve",
  "sources": [
    { "title": "OFAC SDN List", "url": "https://sanctionssearch.ofac.treas.gov/" },
    { "title": "Delaware Division of Corporations", "url": "https://icis.corp.delaware.gov/" }
  ],
  "researched_at": "2026-02-16T09:01:15Z"
}
5

Resolve the alert

Based on the AI assessment and your review, resolve the alert with an action and notes.
curl -X POST "https://api.zenoo.com/v1/alerts/alt_001/resolve" \
  -H "Authorization: Bearer your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "action": "Approve",
    "notes": "False positive confirmed. Matched entity is Global Corporation LLC (Iran), unrelated to subject Global Corp LLC (Delaware, USA). AI confidence 85%. No sanctions exposure."
  }'
Response:
{
  "token": "alt_001",
  "status": "Resolved",
  "resolution_action": "Approve",
  "resolved_by": "analyst@example.com",
  "resolved_at": "2026-02-16T09:05:00Z"
}

Resolution actions

ActionWhen to use
ApproveAlert reviewed, no issues found or risk accepted
DeclineConfirmed compliance issue, reject the entity
EscalateUncertain or complex, route to senior reviewer
Request DocumentAdditional evidence needed from the client
Approve with ConditionsApproved with caveats (e.g., enhanced monitoring)
If a sanctions hit is confirmed as a true positive, use Decline and escalate the case immediately. Processing sanctioned entities may violate legal obligations.

Alert lifecycle

Alerts move through a defined set of statuses from creation to resolution:
StatusDescription
OpenAlert created, awaiting analyst review
AcknowledgedAnalyst has claimed and is reviewing the alert
ResolvedAlert reviewed and resolved with an action
False PositiveConfirmed as a false positive match
EscalatedEscalated to a senior reviewer or manager

Priority scoring

Every alert receives a composite priority score (0-290 points) calculated from five components. The priority score drives the default sort order in the analyst inbox: highest-score alerts appear first.
ComponentMax PointsCalculation
SLA urgency100Breached = 100, linear decay from due date
Risk tier100Critical = 100, High = 75, Medium = 50, Low = 25
Category weight60Sanctions = 60, PEP = 45, Adverse Media = 30
Match score10Screening confidence / 10
Case risk20Parent case risk score / 5

Priority labels

PriorityScore Range
Critical200+
High120-199
Medium60-119
Low0-59

Bulk operations

For high-volume alert processing, use the bulk endpoints. See Bulk Operations Guide for details. 
curl -X POST "https://api.zenoo.com/v1/alerts/bulk/resolve" \
  -H "Authorization: Bearer your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "alert_tokens": ["alt_003", "alt_004", "alt_005"],
    "action": "Approve",
    "notes": "Batch resolved: low-risk name mismatches confirmed as formatting differences."
  }'

Next steps